{"report_id":"53c0788f-51b2-4552-85ea-98bf100b8a97","version":0,"status":"done","tags":[],"date":"2026-07-02T13:28:04Z","url":{"schema":"http","addr":"bet9837.com/wp-admin/.wp-languages/.wjpl95qv_mlr.php?amp;t=20260425\u0026cdn_recaptcha_token=0cAFcWeA7w2xvD7kMu76paEB9kjhI0K-xM8-kiOPJhXa5B-SE0djxkIf-eqQEASWJd2JZ9i7-eWdsStnTftF0uZoO5hWMmavGIdgWPmTafxyJMcLhBbPQqQjJRCVU9ScyWU9FmvXRzk3ksL6SynBqXg2OcVrnfU2mNZDcTUZh-1Rrm9vNeOj21XjbhAZlRWYURaKCjnuY8XGoQbMqXlxwBzgLDDH","fqdn":"bet9837.com","domain":"bet9837.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":0,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"final":{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"title":"Bet365","dom":{"size":309355,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (4344)","md5":"992d45d15a5d2a7fec8a5ceb1524822b","sha1":"1e0daddf54db3d9885740be713b93e9850854b39","sha256":"bc09ca4344e4bc359cd0e0afc7016d3045252080ffebe87f4bbd29bfd17c0b6b","sha512":"1f71218aac8189dded620070a99d60a1f4cbd66e13621209bc17f0f0bf47d18d6b08ae057f4ae9d8902dc75c566e2ed936cee82f2c54f1ac6e293684fbb27ef3","ssdeep":"3072:I3+EIKwH92sSHrGlZCsr2y09CmPz5u29KFqPT5:I3+EJXd","tlshash":"6a64a67c300124af5177c6d4b0a1bf09b0a2f34bde1ae545f5fe12109bdbe31a9e6a61","dom_hash":"domhasha4e4cbe4fbde22ffb2fc50a382d94aa6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bet9837.com/wp-admin/.wp-languages/.wjpl95qv_mlr.php?amp;t=20260425\u0026cdn_recaptcha_token=0cAFcWeA7w2xvD7kMu76paEB9kjhI0K-xM8-kiOPJhXa5B-SE0djxkIf-eqQEASWJd2JZ9i7-eWdsStnTftF0uZoO5hWMmavGIdgWPmTafxyJMcLhBbPQqQjJRCVU9ScyWU9FmvXRzk3ksL6SynBqXg2OcVrnfU2mNZDcTUZh-1Rrm9vNeOj21XjbhAZlRWYURaKCjnuY8XGoQbMqXlxwBzgLDDH","fqdn":"bet9837.com","domain":"bet9837.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":0,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-06T13:28:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"bet9837.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"bet9837.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"s.q5qo.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-04-06","domain_rank":0,"first_seen":"2026-04-08T12:00:24.977625Z","last_seen":"2026-06-30T03:05:58.525232Z","alert_count":0,"request_count":22,"received_data":0,"sent_data":12936,"comment":"","tags":null,"fingerprints":null},{"fqdn":"bet9837.com","ip":{"addr":"47.91.109.114","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-02T13:28:09.473841Z","last_seen":"2026-07-02T13:28:09.473841Z","alert_count":2,"request_count":1,"received_data":215,"sent_data":776,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"domain_registered":"2026-03-14","domain_rank":0,"first_seen":"2026-06-03T02:49:56.909947Z","last_seen":"2026-06-24T13:33:51.203519Z","alert_count":492,"request_count":123,"received_data":6994681,"sent_data":69243,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tposs.qiddfc-dqiod52d.com","ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2022-11-24","domain_rank":0,"first_seen":"2022-11-25T06:07:22Z","last_seen":"2026-07-01T20:44:42.835513Z","alert_count":0,"request_count":39,"received_data":773229,"sent_data":23123,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BejMyTa9.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"895cf052a4d7d87a29a2c919f3cb4f9d","sha1":"61866d6ff358efd9b061bd24526b3b53bcc62dfd","sha256":"57f945d4ffb6fc107c18583326bd16de8ff5145499caa615fb44600fe23c54ea","sha512":"a326243fc7beef93e719d307a96246edf0cdeb895caca566f63b830e6f6c59f2efe55c3673720ff45a9362b4c1f20e27beecca81102b7bbe5914e879130b82f0","ssdeep":"384:Q14/30e4n4WQlTJV6qQT8lzaAwwVgXbRhwkDO:Q1fn4lV6BToaoaR6k6","tlshash":"f5627c1f710ba63ea67149af92720d0191218f9a8562c9f7e0ff4f181a16cca6b8d70d","size":15749,"data":"","first_seen":"2026-07-02T10:56:16.4374Z","last_seen":"2026-07-02T13:28:16.751023Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.jsHMj9PS.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"517267c12444047eb41a06b8873ff756","sha1":"27b9b07a372f85869840ae03bb09ba6393776435","sha256":"4dce1d95f857975e001da696bdc261fb9fe029e717e2eda885648a0109a2b6e8","sha512":"b1dff599ce3b10755fe0245538181b85d6122e7725b7168974b83204d5f57384c8e704cff87ba6fc87d273046fb40b4d13d1f3ea048b70cf263b11204dee954e","ssdeep":"6144:OFdwuwe8RN5x+OyJJUK3oa8jcOit/ECEN3UOvuFI:4zo5YVSK3oX41ECEN3UOvuu","tlshash":"52541ad839d2cb3acc00b8da73d051a22d8e0b7a77a900349971797f5b317c39de59a8","size":302159,"data":"","first_seen":"2026-06-24T13:33:43.042162Z","last_seen":"2026-07-04T10:40:29.175122Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.BvmoD7C8.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"42dcadd81f2946fa1f84f193965c1f9b","sha1":"24ae8e1c44108e847d7559008f7502f2b365a805","sha256":"dec337afa256c109a931ce63bb6a340f2536b971a44b964114b7769e5eb57786","sha512":"e1c693f8d2bc1de7f6a86c6d0c8a6b6986798cddd6694eaff7c849de9462fceb2e4276ffbd75f14865f5c7d4f4cdcb219e7e0b22beab6fcc0cad089bdd193a30","ssdeep":"","tlshash":"90f00e2a7f4cc0b4a6370dcc31738028065f07dab634eb9582d37fa92f89520a95e138","size":525,"data":"","first_seen":"2026-07-02T10:56:16.457184Z","last_seen":"2026-07-02T13:28:16.900886Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":true,"md5":"b87bd4a06087393960e2ce03e3396b62","sha1":"3f567ef4e310b7ff3c13e663558e6d5d2a51011d","sha256":"b967ccd7d71814002fe47d0a6d7798b977e8bb63ac554969de62c53ba21dc420","sha512":"1e4d618e56f93d76c9d6c51392fefd99c3646ba005c450137a3ebe2b5c1b0a6c9eb4d533fd56199388c49be09f026fd165f92b2f4565517e87e2fff85e41c69a","ssdeep":"","tlshash":"e341e5889e9020523ee3775d47be215434e390db480dd4507a4da342afa1a1fc36eeed","size":2125,"data":"","first_seen":"2026-06-24T13:33:43.120074Z","last_seen":"2026-07-04T10:40:29.411212Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/GameHeroSwiper.CIMwZgOs.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"889dfb65de86cb9ba3827de4383314b6","sha1":"056c7f6952a97aae5990f8416fdaf590e150ab50","sha256":"3b1337bacc63202616cf8d47744d6a1557b5e541f6fd06653687604bcd623133","sha512":"49d204ec109b4c891bb960da0609802762cabfef7fac409557c0306b15c287c37602a8c2372b98f8bbcba647d594af2ca531f00eb7dace13f70db3b501d3d506","ssdeep":"384:m1D+wM6QOyM+J3GCdZI9Ix17TIvYEy9LELpLLLK0d1sXXR5RzR:m1PM6dyMeGcZIyLIvYEy9LELpLLLK0dI","tlshash":"da42e85c746245bdfb3e898b1254781d71282b82eb65d4c5f2fc362617e2c79ca1a33c","size":13061,"data":"","first_seen":"2026-07-02T10:56:16.483207Z","last_seen":"2026-07-02T13:28:16.994255Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/useRewardModal.BWcnRKYb.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"70b88f06d9381547ec19f8a58dfb3e23","sha1":"f2cdf78317b4ca0922854e6f184c023e5e738198","sha256":"a432cbfa6b32605abae1b62ceddc68cbd88eda61fc58575ce7af47a701884737","sha512":"2220b145c446f89f6bb75b752abc6b399d160bf992b7bb4595a92e899396df0f8c29634228ee8b75f8456739598d9f7d943473441f71146b52d3f6d392f1a701","ssdeep":"","tlshash":"f6e0c067e0ca56f4282e299be13801b901d414cab6cbce84136c5ae61b2d2d2d027f03","size":364,"data":"","first_seen":"2026-07-02T10:56:16.505825Z","last_seen":"2026-07-02T13:28:16.882841Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/PersonLoginAbnormalModal.DXqeHgyl.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"70b0e368fa78d87bfc230ad336c79c90","sha1":"4267ea293b9972f7325683349db6537379995c27","sha256":"a888cf1560afb1e851fc0ec9612ec2100511b8ab8610915c400840ea7ff83119","sha512":"f762d57b9a2caead6b25e5d7be511f65c77d47f5a13c5bc1433b12a1aeff2b9fc95e2069669bb39724d28f04105ed1e7beb1e511c7fe8e3b4994feba93216d40","ssdeep":"192:8gFkminwhdsWzw4swSfqCDd1Wi2vUfk3ERuAAcNN+OprSqeMVe:7FkRnwhmcwlfF2vUfk3ERDNNjeM0","tlshash":"9a32291c313ae77e3f5b5420b1a82098900c7f9ac518dcd7e9be4c172adaef446c5789","size":11193,"data":"","first_seen":"2026-07-02T10:56:16.398173Z","last_seen":"2026-07-02T13:28:16.978237Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.lR6p3XQv.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"0c3a5cd74f5dea68e76cb62a2f2b74ce","sha1":"ae9b3465f6d307625273db2bf15c84f62b1e4bab","sha256":"ae2f73440f6f7d1ac5a8794a62a7de951762f49ef2f4e65524d865d29bc5cb5a","sha512":"5fd6a1b2759aef7459fcb98132eaaf9f3ce23ca419a1c0436b77a52bc2878062474f4300e71dee806ecd9ed9b70a9aa110df38768e5a2a08e5e619a20e01641a","ssdeep":"","tlshash":"fa518366b83d8db8f2731cdd70214518a2091e4ee1626dd5e83a17aa2c07fa1cbef518","size":3103,"data":"","first_seen":"2026-07-02T10:56:16.491791Z","last_seen":"2026-07-02T13:28:16.745652Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/BetCard.BHJ-GtVh.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"c394795a4558852fea32c2d9ce4840a1","sha1":"98a22a74133c843210ec2790faf151a750f54802","sha256":"0758c946a72925c802c28c86364224e8eef67fb7eb6cc156c13ec954d65ee460","sha512":"14cc6ed037d4fb20e82c22b344d6c96fe3627c4b9d5cf24df097455ea2ef385acee29e8c3ee6b2184fcba3866dabb5c076cff5d4f0fe0a699977a653432a6a0b","ssdeep":"384:06S3oUEDKKZzXpwBRP2Efp1N1hehdKqMVR5wPv9ACV8gnjNq2:06ShhK8vPJN1hidKqqbwb+gnJ","tlshash":"c892e74e341749b6d43b883711183508e0283fecdf259c82f2eb96356bca9556a98ffc","size":20455,"data":"","first_seen":"2026-07-02T10:56:16.444043Z","last_seen":"2026-07-02T13:28:16.687229Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/config.BpcUrZ_O.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"8ce1fadea8c88bd580d9afdd0bda37f5","sha1":"aefe3439b51d025b26f915d45eeec3433e2b3ae2","sha256":"3236f2722f428e539a1b95e01cb461b55df5800df94932c351fb42a9767e90f0","sha512":"ccd01d2eeca96368b05f541ee6b74defc95349c0d522790561c2d528b86e1514d87d6a81b9096c9a1f3276072c7da0252c909469b108c7ec5c9cf2ae4217fda8","ssdeep":"","tlshash":"dc31209e8b6338de09f20e5494db0f31d41c0309ed268825e3efe63ad502e816227e35","size":1808,"data":"","first_seen":"2026-05-30T07:41:04.696534Z","last_seen":"2026-07-04T10:40:29.374818Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.F92ZrHpm.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"bec2a869f925703345961fac2569c4ae","sha1":"4e7b2234e1e4135ae94514102e63cfbf8a8ce80f","sha256":"b0a1aa35c3642d6b8c721ed313bc445e4f5467a67ec5796abeb1fdd6fd2ef47f","sha512":"a845f6cbc5a370a75d94700b6349aed7180548263e9d79e156d698b0c9586a007bff4309331098c2f42b73e6ee33735699c61bc99bda85924c8f1535309cc2dd","ssdeep":"96:jELceuYf3J9ejIl1bMjHwaMqxrzLETwr+aRjQHt9lH+CwBY3YWDflectiP:47uY/J9blJQwCzLETwr+39lezB4YW5eH","tlshash":"6cc1ed025684fffb49f38fa87f8e0a34c4f1c6b5426185e5d7ad4c3855e609a237e542","size":5900,"data":"","first_seen":"2026-07-02T10:56:16.430261Z","last_seen":"2026-07-02T13:28:16.602804Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.C7xICWJ1.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ffcd80726e3256c79c5758ba963b7574","sha1":"2653ddf8635fd818985397cd09b08845de44bb26","sha256":"204d47e4f8864155beb75436b5fa93d510e4f8126e0933809d1ec1791cdb101b","sha512":"3a8a5096206b44387ab4fffb8a984a6c45feaef48f598891e9b4032aadf6b97ecede29cde3438b0e2e2e695c81391dd0726314dd0dbd942eccf0339e3c6ae407","ssdeep":"96:ijAOlIW3YrGdv1PISGEwZAhtm1xyY3A53Au3AV4fzr63ewJzburzENpsJUcph/Ae:mAOWSGEwZj13i3J3+SG3nRIUGh4p3w4c","tlshash":"e5c17559203bbb7ab6174874756859a3a3097faac105c44bf1bc1c232bce8b416cdb79","size":5818,"data":"","first_seen":"2026-07-02T10:56:16.477596Z","last_seen":"2026-07-02T13:28:16.57676Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.wohuF47t.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"595a2f06cf9790d3d3b562dd2492e04e","sha1":"2387c37aaebf2ef156580650aa05c350d45f1850","sha256":"e63585b9447e0098b2a2092f292e1bd4617c25c643f668bf2c5dabbbdd2b59da","sha512":"f19fe960d5429bb41f561fe424dc063a48d831e76ddef6d43cb5e8d1d64dfd226e578db2514428b10f2dff4f8b578ef46adb69a339a03a90a6a0e5dfa6878ee8","ssdeep":"","tlshash":"8061f7b3b84fec340da30c38a41558425c096fdfc174690d99b9b5791fad9a0d96c3b8","size":3360,"data":"","first_seen":"2026-07-02T10:56:16.399927Z","last_seen":"2026-07-02T13:28:16.592552Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/normalizeSportLiveMatchId.DIcg771M.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff48b997e9f633bc6a76dc8cd00787d2","sha1":"5b54fe9d781b395dfbe01a64600a02a4374cec8b","sha256":"00646510beb6654691afb8464a9ad71d9a33d41011fb6e9347194501d0bd3b11","sha512":"13618cc0d913c505bdbf53859238e23e9db560e54009c2084b180095759f4868cc1b1a09c190584f37891f2319f9aa7ca87967e56951cc0af1c9210eeab0f88c","ssdeep":"","tlshash":"cdb012cd710d601c97120228133a7c68c030ca0929358ae5d04242c3253b8a0029bfc4","size":95,"data":"","first_seen":"2026-06-24T13:33:43.093878Z","last_seen":"2026-07-04T10:40:29.11763Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.DuR6eNo5.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"8bca4b81a7f9fa8944cb87f185a1238f","sha1":"66b251ed835459f5c9129d0899ca3cbbb8485ee6","sha256":"c9f52fb227b28877b3b2465516ff6d8472b88309a88d70608fef8ce4f051615a","sha512":"c2d0c79cb1edc281c05ee4a7b6d474ffc4aed2f81cd737bc2d3dd7fc24e76c41bd619e43fdf856a6aece387232409e12a8d17676669ce0c4c09a842baecb2e14","ssdeep":"","tlshash":"db3196be741ed6f4f21b48a4e0d54413c61c77bd8239ed8ee67605392f81544424d73e","size":1715,"data":"","first_seen":"2026-07-02T10:56:16.379299Z","last_seen":"2026-07-02T13:28:16.870515Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/phoneStatus.DsDFSgt-.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"2997acb0f5b00fa084de4c86f5f1a50a","sha1":"e26cd0bc1c157bfdc967a139a61be2d9d5a3bfd3","sha256":"222abccb18585aba8f7364366337fb1715481cb11d99ae7f599f798a482c8c60","sha512":"371f7197e6179185248aa14ee3179df77f06c86ec4294717f0af612919f9515173fe6c48fd82c2aa5f328e43a3becdaad2e4a0e07cb5edc470255e9eb4d89eeb","ssdeep":"","tlshash":"c6d022eedddab0f0c20050926020813db0060ab5b83cc2cab0fc0c319e1b084f3baf15","size":210,"data":"","first_seen":"2026-05-30T07:41:04.65147Z","last_seen":"2026-07-04T10:40:29.232501Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/FormItem.BMLzGa-L.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"dde9b66d24fdb724c1847376ab49b5d1","sha1":"4c3b3eb1a32780a661be40c2450548d0eeaafb77","sha256":"e853a17eb58a1e4ea30834c1dbc581912299c21daaa32f2452c0a7f0557d29ff","sha512":"38f8f6f251e95dbbe99c6cef547160070a826af29ae2243b9656b2179f3257090588ad7ce6352b32634ede29a582321b0c627e2125c230a70d58419d061085fc","ssdeep":"768:N/wxlD1aJPfS4fS6jjl5HkWQTejie+meYeJe+Ve+3e+Ce+LeN2e+ye+kej3eA5ev:a1Kdt2QlU9mijZ2ZyrjdgeLbq","tlshash":"b7e2eac872d8b05c8ba354f1905b9417b22bb840982ed4c1f76e98f26af4a5d1763b3d","size":33733,"data":"","first_seen":"2026-07-02T10:56:16.422781Z","last_seen":"2026-07-02T13:28:16.760819Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/success.B7fR5wmE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"861edf6ccee12de018680dc5b5ff70c6","sha1":"7775194f46f290b518202bd71a4b63498069763d","sha256":"bd59e568ff6effdaa322fcb9a75fb145d6366fd9ed36403ea87fe64b1ca46d58","sha512":"c527618385c565d1be5f860c12ed44aad86d37e01dfb963c6746bdfe2f5540afefc1bb36b46b35d2447eb5bf61f4451cd5f11208821a00ebb67c78e51f165efd","ssdeep":"","tlshash":"1741947c851b6e78983c4d5b0b283d21d826a2bdcfcdbc475d865200ab345075ca5ced","size":2422,"data":"","first_seen":"2026-05-30T07:41:04.658352Z","last_seen":"2026-07-04T10:40:29.388443Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.Crplw9yh.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"9d0f6e6a5d97958bc9c5dc281a6eb544","sha1":"da030e26f1de31d481c9ca26bcf67ae0d3c36cc3","sha256":"9999c12ddb7d3a649c390d4a950c65b4abec6778dec8600196bf76b3d217d4cc","sha512":"13bb3411d0a93a8ae4daf801d19aa63b06c2b49c7d7e212a8e54ec4c6493128b8a8232f8dc920b7d94feeeb8dba1b1d3da00e4031243343ba0221720491fdecb","ssdeep":"","tlshash":"8c21538eb1c2a1710b3f8598e8918631f3327329d7a5cda0ca9e8e1942d1146e16fb59","size":1327,"data":"","first_seen":"2026-07-02T10:56:16.485515Z","last_seen":"2026-07-02T13:28:16.720347Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/InputOtp.DzE8sEAk.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff16686b8a2979374dd7c685a9c3e0a0","sha1":"fc44d592ffb302c087194c1128f9f2ff1d689234","sha256":"b510b6fb60883abb5368f7e5d09086bd56214e3ce6118aa87a1fb2a4f2699ddb","sha512":"8c48f141a1e028fcfd7fefe02b67d21f5be990665697f0c153f5ca7401d7b8d0db61532286c333f9767677758da25e15c3bdd36b526c5f0f79aa36ae5f999ed9","ssdeep":"96:+Ns2Ib5bPHMw5wIHXzspv6aJSuFbT/Q+qMhvd7GERnNQLE0yFzsV9HGfC8:L2Ib5bPHMw5wczspvV1fQ+qM5pRNQLLq","tlshash":"7bb10a993193a1b1b6e34ee1846d8021e3163e08647df0d0d573dc951aa0b8962fff7e","size":5114,"data":"","first_seen":"2026-07-02T10:56:16.435632Z","last_seen":"2026-07-02T13:28:16.97145Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/ChevronRight.0lRZFIw-.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e8d3836578972c7dec02640343b011d","sha1":"314156cdbfceb4ca2c97a49f9cd365047e8a9ae2","sha256":"e85e9d5ca042fb0e99235b17d6b39ce78e4dae17f7cfbda7c811f23a41db8361","sha512":"098af945b6c1ce5f256272cbc5636a967a3353012db68e35b8021593e4bb7e04b3df2aca5a92a9584140af28c2cd262a7cbc6b75aa828469ad44110cea4b7e9e","ssdeep":"","tlshash":"f7f08bdf92c28871c911aa21d1a19041cf5914fde641cfccd2300724a923cc52d0fdf1","size":543,"data":"","first_seen":"2026-07-02T10:56:16.393118Z","last_seen":"2026-07-02T13:28:16.65816Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"16979ff33f6eb87c26b7bf9ef17ca4e4","sha1":"ec884a9a2434310072da6167e0731bd5395be911","sha256":"fae578e328527846edf45e3047ce0a540cefbb28d551d5d6f3cd4e5421b5e84f","sha512":"9479f8962cb49f8a07458235bfc5e32d4ff059f56b77ba86904cf45e656b6c2b97313fe21857a517300f374981da8f647ba5d27f0fc09bd36092909f4c174ceb","ssdeep":"24576:qKCRtvDUqK1K/+Xc8xH8Vpe6hNuza16FaUcEtW8Tj4xQjryas3b:qKCRt4H1K/+Xc8xH8Vpe6hNuza16FaUy","tlshash":"74658dfc714674a907b7d4e9002b1806fd293b53b80dc0d4f1ae99a63db1a19d6b6f38","size":1475809,"data":"","first_seen":"2026-07-02T10:56:16.509949Z","last_seen":"2026-07-02T13:28:17.03648Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/homeLeagueOddsColumns.DZ31HHjE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"78f6f3fad7d6486156daa1c9e19cf2bf","sha1":"d2a25cd2966800c2e10d9dfb23b7572917b04261","sha256":"81a4813e331efd4d9accd3353cb00e2f41e3150fd856dbddf92f2126eb30349b","sha512":"3b157fdea684396e50f4656e40f2bd551c50910c09b16fffb333604555c945a7a5fec7f7bbb8d4028b07714390cce96a86b8744fd3b6dc887ffb40141c5c1541","ssdeep":"384:2F4RQTWhP9ftAYRK/P5jp5yYjnI4HUZJvZOaAzBhfDfxelmsrI3:2FrqdVtAYK7MJvZOaAzBlDL3","tlshash":"72e2e858a02759bdb4f3908464644092f44c7fe7d104e487f4fe5e2627cac696bf87b8","size":31200,"data":"","first_seen":"2026-07-02T10:56:16.40263Z","last_seen":"2026-07-02T13:28:16.642786Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.vue_vue_type_script_setup_true_lang.B6dbxlq0.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"f180702adb8f34364a41b5f8a72a2fd0","sha1":"144f2b9d68b73aa855ab777afe1d31ab1cdf737e","sha256":"4000b63a2c8153d74b47706c92222221ec2a5df785c2cea54a9b7ace48b99612","sha512":"849ad5cc9b6883d85146b4356e4ca201c62bd32284c0dea34fd368cb17d0d751acf92770f49c7910b195cfd40ad6c034b75106b3eeb73a47ab9d0748091a5946","ssdeep":"","tlshash":"6121668b3c6800bdd3b30c44e26199ed2125135ce276e8e2347b542e23a7cc077da1a7","size":1186,"data":"","first_seen":"2026-07-02T10:56:16.433646Z","last_seen":"2026-07-02T13:28:16.907113Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/RadioGroup.B82Mo0VI.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"538961b3ad8c5868f05d050d57e9b504","sha1":"e5895006eca34c7e3f5a1cdf38e29cb2c2b3f623","sha256":"307d6ba7c27e848f6a8a69a658944d5ce01c0f7d3a5e9cc93e7cee9a52c0cd1c","sha512":"5445300ef013fa6e42f56a3ce758a5b6e0639d1c06960e8f1f295bceb1721e5196790f96fd06319b423574a425a0fc74c3243ee45ff8e82cc743853a5db2c01c","ssdeep":"192:SD78MyN7VgL4vpCynbZ8ND6DQnbAlpXJefMef1e:SfW0RNDFnbAFefMUe","tlshash":"d432c6fdbe09a1783eb3c695938b424a33047992e712d4e0f4a3b05012eafb9955bf15","size":11801,"data":"","first_seen":"2026-07-02T10:56:16.418014Z","last_seen":"2026-07-02T13:28:16.753039Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.CBQFteMD.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a59902a0285d043c55167f4a642602a2","sha1":"574acf182fe847d91d02ee3dfbb1ef02ba2f26fb","sha256":"b73c482cefebec71c3f8a6a3ee7239a5624aeb468c5b60067c313c486fb64a62","sha512":"caf812ed14ea0d6fc353e0e9638c5e9559a4d1be3d4a0c16872467bda3fb7cfdf80b20472857bb42424c354667a5f87fbad32501f80056662702c6c8b4a7e6f0","ssdeep":"384:i3wV7VOG3VHjGPbQFfoZAD7FP81Rvs0LjxCDNLp/mDubbOPzHgzjOrJbsI:gwV7VzVDGYoO7G1i0XxCDNLp/kub6Pz/","tlshash":"dca23b0db1121c7ae7f72af0b02c406076742ba6e006d989f4fe8fb53792ca19745f66","size":22247,"data":"","first_seen":"2026-07-02T10:56:16.506734Z","last_seen":"2026-07-02T13:28:17.006992Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/MatchOddsPanel._vrRQHid.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e80b75c8fa37006bf964fc7924391c6","sha1":"7c50513956160d53363117fce25f668aba56d8f6","sha256":"ac1533500dff6ec7946aba90c5110b4c450f3a697f1674655a9ad9a271a4c538","sha512":"d1a4e9093a38a8d2d50933274991a3fef8eeafe6ce6a2db8eeac597620e99d0aa555c8dca76a20511b306b4e8c2f92af10fb350d1bd087f64ac4e7860f8c6abb","ssdeep":"192:r3F3iBrmH8QMrZIghSu/iCX8s2coeSQ8zNW6XRpsDsFiwEFNgk:r3NiBrmHHMrZIYSu/iCX8s2coeSQ88Z/","tlshash":"3b42a7cd44c64119f7140a65e07a31a6ddb93c09740af642eefb5cfc2a11d828fb9f2a","size":12268,"data":"","first_seen":"2026-07-02T10:56:16.36776Z","last_seen":"2026-07-02T13:28:16.939748Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Drawer.bDRkB_fr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b724ed0d140a67abc80f81ce4673b35b","sha1":"4cb80ef4a24c1d518aa7b3153f6a3491d387862d","sha256":"3c3ba0fa5cd6ffa52efe112b0188fd99db575f5e1cc275f14882d1a3e2e6cfe2","sha512":"78caaf1fc1952141c4bd8dee0fa5098144d440dd33f93e451afbce0a69d38d90625478c3fb6788fc358cd05201156f18323a998e165978a310ba084958b17a29","ssdeep":"192:zebctwvZXOqgG0PYmci+arsRvXLo4x2A+mNLaVa3p2mEDjwlh3vp8GRFkCZDsbQu:CRvBBdSWi+3ZXkQnlhB8GBsbjx","tlshash":"2462d664be19b07425b7c2e9c0de5b68117c97c2e72ac9e8f17134ab11c22bc5217fe6","size":15092,"data":"","first_seen":"2026-07-02T10:56:16.426326Z","last_seen":"2026-07-02T13:28:16.640655Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/video.Bv5D9_Td.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"718063586df6dc66587fbd457ec5f4fc","sha1":"388405a35f553a05a7e8682e767b288db16c0daa","sha256":"c69902672eb03df339be1ddacada47060eb42bca1ccf5f5efdb38fba69a9aaa2","sha512":"260bd3f8c16fdb74e8548a50abb047a9dc2e77e528173048b63b42687413e0a27a9d4f15be052755de672c2238ce48b6304a6c2207e3f8a12168775cc75975d8","ssdeep":"","tlshash":"689002295c01836024954069af9289699411851a32750694d0160941a319456566c565","size":57,"data":"","first_seen":"2026-05-30T07:41:04.641841Z","last_seen":"2026-07-04T10:40:29.390514Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/siteRewardModal.xFNIXZ9j.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2c68643caefc7cc85d869ec6effe659","sha1":"9c5873c5bc1d270fca3cb4c9fb8180f554313049","sha256":"cfe97d949f929e7fb15d510ebe138897344624f202f125f1fae37199dc71b9bf","sha512":"97b2826cd1e34facd81bb5ba4602a8abf3e31b7d7be69bfb03080395de1463340f34f61675e58ddae991a411d960ef880e67c24817fd15be9ed184edfd285b8b","ssdeep":"","tlshash":"33017607e80934b914b766b2745579020398b93a958a022c39b538df26dc885f3f9f30","size":698,"data":"","first_seen":"2026-07-02T10:56:16.471897Z","last_seen":"2026-07-02T13:28:17.002674Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BywoWUit.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4ecb99910b38558dde60b413afda94e","sha1":"7773f2110769df19fca03211b2dec2cfa5e69f0a","sha256":"befb163184a9512a1749cb9e487316fa4b3166e32cfc9f79bee7f949b64388b5","sha512":"e62bd59de4df414282be08a07006ef0f6a3c0b1ea7dcdf2911db73362ff52199367517531cb60e34aa9a3829d1a826690c60e9bce6057c274f89a70a8b2d5010","ssdeep":"","tlshash":"b44152497039a4bd47762a5ac534026637261b0b312b88f0f2680d1e3375ec6178fbe7","size":2066,"data":"","first_seen":"2026-07-02T10:56:16.390097Z","last_seen":"2026-07-02T13:28:16.866745Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BwgWFPmY.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"9953356f401e10134c7f83b92d1ba79c","sha1":"c099df1a5c59b8df703a2b2346f5288b7a5b7090","sha256":"ef7e192ba3ac3e831eb0ef5d76a44cc9ce7cac35d9fdc5ee7183cc9301d6c9c9","sha512":"f5110a505aadd8d73fde5c8935dcc4deea3a5df3d440542334b940bac29ab12e08e21faaefb24459b634c5f14ce702cdbb8537daf35445b3e40a356de65a524e","ssdeep":"","tlshash":"7e210f1cec0ed56649e34624a9084e011409cf3fe63929d059ed763d1bee2b866ce36a","size":1391,"data":"","first_seen":"2026-07-02T10:56:16.376888Z","last_seen":"2026-07-02T13:28:16.585855Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.o1qzxYzJ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a57e6299771660870c03b7c2c9dad1fb","sha1":"13d0dcd24cabbab93a48605b892da2078ef670af","sha256":"e231447695397508848696ce3751b073678b3d35b7bdcb415da29e97cf11d763","sha512":"8e8ee44142958b4eedef6f13f66ca573d081ecaa707f8f492873284e22122f85ffb01c6ef2ecfae76e07139d642fab5a6a37e6a24b9a1be00f65779a3abfd9b3","ssdeep":"","tlshash":"ee51a7012c02c6fe6deb8100912e628ac1493f38d52ec556a2fd48067bc78f6b79e764","size":2763,"data":"","first_seen":"2026-07-02T10:56:16.412707Z","last_seen":"2026-07-02T13:28:16.902902Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/RoulettePanel.CW7xiG3y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"462c3cdb39c9d4d2ce6f0c9f95402f93","sha1":"e58b9e2faa685aabbc9fbd0a8440685f2feede80","sha256":"126b55bfa235c62993b6211c913316878d046bbb54fd70faca462e25fa12df08","sha512":"5908641014adc4ac955f83c937ce879663e29444fd089fe67dc35c77ebefae6ed2c3b31b27b6f22c16d362c03012a93cfc88ee140384eaf30fe1667263770a37","ssdeep":"192:yMdFrVAkPRTVQFUR4NXsby7yB3bex4QTaC2r/6AR9V4Bs:yOFrukPvQK4yTpe2QWCY/6ARLCs","tlshash":"25e18ec9f545883708a726cb65e5504cdd0ef65f827e5ed0f1158ab02bb2c39fb1220e","size":6858,"data":"","first_seen":"2026-07-02T10:56:16.417121Z","last_seen":"2026-07-02T13:28:16.718632Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/OddChangeIcon.BokpnN_E.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"051d5190bd8d1f25c7da0591b08a311e","sha1":"74c8e417cb168d2b8ebec3e8112752f30e794513","sha256":"a5b7564a7a83a42bc68604ec95d03462fa0b80db5ac4b9beb5e31ce21fa5c091","sha512":"a99bc4861ca9df18bc057e961b9cc8565624b97514cfc08a2483564160b0a9363db4b7f1d646db5b72349e580010cd806fb1b371fd507ec52afdaefba26503b9","ssdeep":"","tlshash":"2d21f49e5c4a8529dd69852b27225d56d42196a1cfcc28cf97c16631e3e006a3ac817d","size":1249,"data":"","first_seen":"2026-07-02T10:56:16.387312Z","last_seen":"2026-07-02T13:28:16.809494Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/league6-active.CweVPZl0.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"c03a350aea54decb52d5fb0d7297c05b","sha1":"53414e49c32e5c981295ba23631508a53e69a493","sha256":"ef818b9a0b6d8d5e8f9ccf1e7f982d59f7b2e55c7b60e2042bb9baa1b21a1de1","sha512":"3b7490181964ae4af2ecbc9322d49e5a2d02a6efe3cf79a49799ab0727c4cb8767f67e7d83bd84f8d3c789d45473452289e2d74b16517b2d6666bb285af1a0a7","ssdeep":"384:prhaZ+JwIhoZSPFZBxSeqsYf39WyvYb4l4D+rLJbocR0EtxHFl:pcwJwI+SP+epYf39psOecyEt9Fl","tlshash":"30b27d6935c71d3ed39318a470a900907cb83eafd0189841eafc7a617adac50ddbb2dd","size":25085,"data":"","first_seen":"2026-07-02T10:56:16.465857Z","last_seen":"2026-07-02T13:28:17.000374Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/BonusSign.Cail4ooI.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"91c807440fc36b05c3c46be9f0a45d8f","sha1":"b66f2eba6bbd2e2dda149e6618c1db27be40edd3","sha256":"5a7369a11522a6c065a3e554a9513158fb90352c4d072e30544280a9c68cfb7d","sha512":"318c8434baa79575462dca58f47115dd8cabecf6e22f8d98352995cba50b89da658b797e8876fc1417e9b2f4c6e3869cf2eb30cf7cc336278d45e4b9c0d68cf5","ssdeep":"96:lXIiwAOUZ62KHkSzl8AiK/P40siCj9Hy+8i9a/aEBoNaD+2cGnq:RIiwAkz8AV40Sxqyt8Cvn","tlshash":"b681864bb07666b4baf75c84609180a35209bffec0b5841a75ff08363787c65578a73b","size":4167,"data":"","first_seen":"2026-07-02T10:56:16.391066Z","last_seen":"2026-07-02T13:28:16.868926Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/usePagination.DqzuaO-X.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"657dda60881dc1b2eec0637b5c6fa760","sha1":"48eb018d66f5243417504da6c476184306037c46","sha256":"548fdd0bb1bec74eb3743f6811f07b4c415cc45c044f5cc9904ec782ba532cd7","sha512":"dc6594067079f827b2caedc623aeed01e8ed381453c7aba10d199eeef4018f8ae4408461b7582a94fa5d5ffb33ca4590581e323c855bc0de3482782a0111b256","ssdeep":"","tlshash":"8d11c286f26b31b45379c8b59099144c4d046b95756598c87dc9575963b7ccc3345831","size":1026,"data":"","first_seen":"2026-07-02T10:56:16.474629Z","last_seen":"2026-07-02T13:28:17.022131Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.DQZHIj9i.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"9d29ea288b8a64bd118c194ca86a4bf0","sha1":"bd3c1dc5c9203935b64f0dbb0adbe9f8be876c0a","sha256":"190e6a593cd02d02e2193a546f954eefea274a278325bc178d740607b41268cd","sha512":"1aa8f4c2a6411877400c4c986b98debfaecf340b5354352c7f93c965bb7bc845f96963160804c5834afb2a9874b993ed492b77440f71155de44c9105717787e7","ssdeep":"","tlshash":"5831429ab40d80f22fe394b87021321a538d9fdd9556c1e201fd6a5d1f0fced4a4ea35","size":1533,"data":"","first_seen":"2026-07-02T10:56:16.469098Z","last_seen":"2026-07-02T13:28:16.691104Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/OrderLimitTimeFreeModal1.tNfsuAst.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"58f7eb52a9ef04e86b30b1892d2b766d","sha1":"5e9ad8077adf2b47a6ded446b1953ac5b0fd5846","sha256":"8f7ef1db8acfccd083bbc1b7c6c1e83e04ef43778574722724d7a10d4e536df6","sha512":"1a257f53b9d774ba6ffc424c847d203050da8ddc64f18ac7d1b89589fbd73efc0787c81ad69bc316e31ed6bf4eadd1926159fe328323bc0a3275d11b155e9a3a","ssdeep":"384:2YI8vsCmCNuyl2NAz2lECYGWvSmZnyVK01hT:2YI8v9TZ2NAz2lECYvvYK0/T","tlshash":"29520aaca8354535fa738459f2ef0a42661c3f53d1184c96f8fe59a03f8ad5233ac17a","size":14377,"data":"","first_seen":"2026-07-02T10:56:16.406415Z","last_seen":"2026-07-02T13:28:16.840394Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/RoulettePanelModel.BEn0NR1n.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1eb26eb627d43f5524d11da41b104a42","sha1":"76137db87d9e10165937eda9ffb437c7cc2a9c6f","sha256":"7f85ff8235b62e5921ed6e0a34c7506940dd1ad0f6c54d44ac06439492e4f9bf","sha512":"2502da9b29380c55d637838d91e44a63535672b91c086594a1966f2b64eef68c0815a7443ff57d0d24e47c9d8675810a4b88be2f50d9a2cce27b7f534988d8f4","ssdeep":"","tlshash":"c541b6d9b05a8afe17b74e9ce41948d1e41c396a4361fc8865dd44132ff6de840bf319","size":2240,"data":"","first_seen":"2026-07-02T10:56:16.403444Z","last_seen":"2026-07-02T13:28:16.884822Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/useCommon.OIkAmoc3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"53f53ea74260795752a29eddd9a449bc","sha1":"8ac5e31c4bae0c1582f87149151757b2b2d13697","sha256":"5c1de52323ac38ddb8fab9dc34e4b6335e8c389e911937e9948269108b0b5b5e","sha512":"a5449abbdc06a25c73db44463c09a3746be3dfd532a264f8ef4705edae7ba01cd8ffa06532a1a192691f37c5a65669c6fcb345e3f5b10894cbd901247510bd6c","ssdeep":"","tlshash":"101150ae2f681cbd912858f87a5b08124216d6892e1ccac1b05f4d29b59de80ef72fc5","size":971,"data":"","first_seen":"2026-07-02T10:56:16.429026Z","last_seen":"2026-07-02T13:28:17.015593Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/chatShare.CI7ZQNfd.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c484fa33aae9aa4caa73758c9fc5d4b","sha1":"b107f8624668440b31cc867a1630184d40145f63","sha256":"3a0da513cfde0cf206dafaa07d44b468fb74ee08c82dbab0da48872611e031c3","sha512":"db3dafe9a977c62df92588e4ebba1d81943d9282d582cbfe45586c29187a8e53ec45e707b5830bccde22758e65b180185491a9ecb45f7f109e2ead7dc77ea742","ssdeep":"","tlshash":"a711ddd6b1c639a28761145e90704666f2245d1539ad83f0f23e95733d2b81382fbe5d","size":1093,"data":"","first_seen":"2026-05-30T07:41:04.668588Z","last_seen":"2026-07-04T10:40:29.192625Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Tooltip.ByEi9YTe.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c2c0847a6d634c1cc82c3c5ae6b51a4","sha1":"e09dfa30b2fa5490ccbd628d3a7af666fa33e2ed","sha256":"1fbc9862f71425138b62fad8128ac1311ed247a7e5ded0fe32cf7a4cc41ff4c5","sha512":"d3aa99b7dae3e2b7254673251cb41485fd4ede406dfbf4647b781b9f8bfd3cdff148c67c63bd3f76407cae17d5fcc6ed093c77fd60987a3f6594f10dc69ae98d","ssdeep":"","tlshash":"4e11bd1de88184b4067a30cde43a0a10fb172749f85af182fe37999a6145f82cbb5e65","size":969,"data":"","first_seen":"2026-07-02T10:56:16.401789Z","last_seen":"2026-07-02T13:28:16.721983Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.QGme8C6I.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"7e23409fa8b045a72ebda7eae32c3342","sha1":"83bb5b70272de7706a0c6fb3dd3b594b0fc94bf8","sha256":"b763f889deacb6c42e43628400d75b778edc7c276f5b7996923cd02267371cb7","sha512":"8970070bf9a83ed9796d6e95bf2fc791c15838310519ed028133c64b33826690ef271f4ab5e0aa084ab9e0a12c1cea0aeee0f7b54543241846099fb8d58a9591","ssdeep":"","tlshash":"3641c7e3ec6d887d58738454b0c20c61a90e3f87d02c5e579079edb567e2c307a0e4a0","size":2424,"data":"","first_seen":"2026-07-02T10:56:16.395472Z","last_seen":"2026-07-02T13:28:16.77803Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/search-icon.DIGhTt3w.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6562ae070b30df17151b7741e9b647aa","sha1":"fd2777a192db31cd89a8c797a7e89e9996988d26","sha256":"4662c08aed38a315db3a21e5f50f1ec96c0e005dbffd8075ec2f409deaf37f4e","sha512":"000603cb8e2dcdc027387ffdb3efe5437a3b7521671283a56e2a900da9518e784d3c6d3c88a917409630e3a40954c397c2da5ce83b0552b419881e75d17be189","ssdeep":"","tlshash":"0a01f5be420162cdd035cd2b2d267c41d0b624fb0d7542faead27254ee631d215f9e1c","size":809,"data":"","first_seen":"2026-05-30T07:41:04.713371Z","last_seen":"2026-07-04T10:40:29.22494Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/details-arrow.DtgI1CkQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"163a02ffd7cbf774ac47485f87d11631","sha1":"30467f6feacf6eb74e7a3628dcadccb3866dad2c","sha256":"2d502486f9a515ae20f2ae52153a0dc251b243eb4fb0bbbaf62f6bcb29395b00","sha512":"5faf7f5620bad75057bfdc339e7b40e5ef53b62b10cc0c0fc1cb22fd3e79a794e37b7704f3e8987c06e0a1a757eba76a861852382aa914afdfc2b14886828af1","ssdeep":"","tlshash":"f0514d7797644cedbe9044b554063719ac7a730dac2077f49d0d4318bad3b642a7991c","size":2977,"data":"","first_seen":"2026-05-30T07:41:04.633269Z","last_seen":"2026-07-04T10:40:29.177796Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Dropdown.DOF8tuD4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3c570048fbc3562307589ebeec6c177","sha1":"7099ef9af0dad824edb2597d51f354942142c93e","sha256":"205857e2b5f4ceadb4a714ae0efc778e4fa46acf9931ea3e4b47f0425ced71a9","sha512":"fd23c2b3d859fb282150fb5239711cc64db625f06f2d3ef8bc0eae6f7877e81ef2e29bd7d9c484cf30bcc5e59c0180ee4b0b11d8c820eb57813070930d598e1b","ssdeep":"384:pvav73ZShV7dlXoxDsw547MIfXeiNpSBpyex2yj:NU7JShVzoxMXPNpSBpyex2yj","tlshash":"2782e894f44ce5609ae385d8d29a8109a2172f83ee16d2f2f0761cd513d5374e29ff2d","size":18933,"data":"","first_seen":"2026-07-02T10:56:16.419094Z","last_seen":"2026-07-02T13:28:16.953785Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/use-notification.Cd0mneOV.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"cebab973a8b0a6b9b3c2f23083c6c155","sha1":"1456e6d7bd553ae31abcce4b7be34dd1b32fbdaa","sha256":"762839cee8e6ac56bfb456dd81db518c42b6215c9bb1b29153985f49e6c31b80","sha512":"76eba053b05013ed94519660759297b8616cd6c33eabd09abeb100644e036962be9cf8371ce1ca1dbae7d1497fbdedb1119e2b8a31a516059ba6ef2e3e9fa908","ssdeep":"","tlshash":"edc0229f304162b01bc305b37026088e41a34a093b480af0028f84747b122f0830bc8a","size":189,"data":"","first_seen":"2026-07-02T10:56:16.44262Z","last_seen":"2026-07-02T13:28:16.917634Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/time.BLlU9AyU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7dfb3ae82edd47643d12a794a2a5244","sha1":"85a98e58d41163f47f5615f54a7682e0ae0c90f8","sha256":"2dacc69528de17d247c586b371e3906cca9b5157bc3cf0e1b51ac9b7aad81e6c","sha512":"cf500e9b9c91b6bf81ef57a470882489855f4ca8b5190e40e57d1aab7684bea750e51cf3ab98a7dd4e002d583efc773b0c9f6b44e4b83cd05325323fbccc3ecf","ssdeep":"","tlshash":"a91125c12469a026f52701ecd0f883a22525da30fd266955ff3f4a26357b4c7481ff94","size":1005,"data":"","first_seen":"2026-07-02T10:56:16.470383Z","last_seen":"2026-07-02T13:28:16.834732Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/LimitTimeInfoBar.BGcCQktQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a72e92f8939f5b0d6698aaec20c06ce","sha1":"37aceee9cd0af9ed45a569198745ed4be617ada1","sha256":"0effd87a871f2a16bca45b46ac78cf9f7ac8ed1de16e6eaa259d2a406350d0de","sha512":"20ce5699b8f3e5cf4f3305210f314d85bcc19491c06a0b03c084b5a0889e05aa5fef60ae5b831036b1546022c5dd7cefb46e2f5aa3cb8d569d774bfa57c4cce0","ssdeep":"192:6US/QYauljiffbSQx96v00tjusAw6wXbdfo/uX8Ci1El4:6USGSQxkv00tdpoGsCij","tlshash":"afd1eabc71315838f73b889851610166900d731baa29edd2e0ff1a399edcdc51ab91df","size":6633,"data":"","first_seen":"2026-07-02T10:56:16.38917Z","last_seen":"2026-07-02T13:28:16.983026Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/siteSportBet.B9U15cTW.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"51ad48b1b5889b5085a28c7411b4fd80","sha1":"f7928125431e130a5438f72a3914b402a6b7b744","sha256":"ecbbdfa0190ed44ef26a9a048decfcf44dee2a2964508a789db04313fd7636f8","sha512":"02a2b1da07f4599f731f5a7d13089fadee232fb6e29ae2682717565a6203534e403c94ae3051d7e16bc3a427f9c5e34863842ec5e522ff8991391f11025cbd85","ssdeep":"192:ptl1o3eBbuc5c0E3q8zADNRPrctVD0fultlqcRS4HTiW6c1gxD0ywlqKl82cxllz:ptl1o3eBbuc5c0E3q8ze/DcTD0fultle","tlshash":"22f19367b29f520157c0207c90fa07a37724647e24a388ecbf6deec96625a5473b573c","size":8151,"data":"","first_seen":"2026-07-02T10:56:16.449841Z","last_seen":"2026-07-02T13:28:16.815227Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/GoldCoinSign.DNnReX8s.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"68a2a8c97ce759604d842bd6afe6abae","sha1":"255f652f08a15a4b85aceb0ae80af6ccf3d55700","sha256":"cbd76a6e8ab905abda346d842b838cce49a3ece25b8efdb32a73c1abdfafb841","sha512":"c8821f1e99620d1b26fcb22725876d895c266b8822bf3b32bd0166bd33fe6fad23cacc85e895a565672fbd27e743df26880d9e47f03d24f3a2a21f3a0e05529e","ssdeep":"","tlshash":"2281955b7076a5b87aa75c44609480a3a20cbfeec0a4c45964ff483b3b87ce5974d73b","size":4067,"data":"","first_seen":"2026-07-02T10:56:16.392236Z","last_seen":"2026-07-02T13:28:16.803862Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.-ONo_44g.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"d63c16d9626b07181e2c00851f96f850","sha1":"3095643d2a763ddd5609b499566cff5b183e79f8","sha256":"885c20e4763f2e117f7d3c81bcf05891a7a103e601e1f7e1d1a417377984d113","sha512":"ba5e26aba0d05a7f4ddd8244b824ff30038bacd3e7cc2dc25440448626c338498986489f506039e08b1ff1c29e6caac0469ed95be8364c001540c09108e7239e","ssdeep":"192:6Ttwb7fcGPMgdyk3J+hsqapJ4xMsRd2wai0h7H9SR29oY9blsdC8jBAfDquEvdnA:ddyk3jEpRd2wai0h7H9C29oYtGdCYB8f","tlshash":"8d42193c744a96ffb973c46855a48402706a7b3ddc4898e6e0af1a1299cbf3045e47fc","size":12183,"data":"","first_seen":"2026-07-02T10:56:16.441668Z","last_seen":"2026-07-02T13:28:16.730238Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/use-keyboard.B7z3Zalq.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea397845558570f06dc321f62f44b9cf","sha1":"1c7f0f89cbdf602b407abea30fde12021185b346","sha256":"752effbc336dc3d8660b0201691f2df155345c1495043eb35e4cf14f18424623","sha512":"c8bc4618f9a3221297a26c6ced4a2a62a83d9d61eb11651347f228042c85e33f995eb27f11f25e4223cc52188a47bd00b992cb0ca28a7aaff463b394cd65a158","ssdeep":"","tlshash":"432154a0201d64fd9aa9ded82a3fec0034927970b009b861107ddf3f9ff9a429543192","size":1198,"data":"","first_seen":"2026-07-02T10:56:16.476716Z","last_seen":"2026-07-02T13:28:16.941758Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/MatchTimer.BkhpvURz.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d8175107789c3350f8f0ab255ed2123","sha1":"5498bc2cee3f2010f54df1ee2b6003659b3f3ed7","sha256":"1a6fbc59422bc766a5e059fe332a1485cf6d755746cb5f18535356a07c8d5017","sha512":"5731f4d3fa9232f166a192533bbae0ed92c923cebae6a0c016d033828250e7344f2fe53a1c816a61c81f51f81d2dfabb3f7149a5790c13f240d8f012aaf61786","ssdeep":"","tlshash":"6e41a745bb0f58e053f0098015404910ad5a8b2d3133adc5ebac4fed932ae58afcd56d","size":2080,"data":"","first_seen":"2026-07-02T10:56:16.408126Z","last_seen":"2026-07-02T13:28:16.636563Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BChfUJip.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"d952e00aeca39e7b7884455c925f542a","sha1":"8e04b79c0d59be659fe3707cd31608ac96d80d80","sha256":"d1711990c6774d6d54ccb62519d06a6d4aefc09c321ac62142ec0a401c97b38e","sha512":"e7927cd3fdaf3a159b9e767a599498943264c5404df2cd7a9b339ccc9aa15ba9f7955b93624bdb1bf7a249dacc1deb0358b97bc74ae602e048954a127a05b68c","ssdeep":"768:ToQoVJBBn/LhRVlUBH9M0aKKmKF3hRtFanj6F6bf+Qht0q/Wcff46aU:T0VpVOBpeh8j6F6qQws46p","tlshash":"1ff2385cb0256a7de3b79485703a204492292f9cd820c8d3f5bf8c7127c9e6827de7b9","size":34307,"data":"","first_seen":"2026-07-02T10:56:16.478504Z","last_seen":"2026-07-02T13:28:16.766172Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.vue_vue_type_style_index_0_lang.Cibi7dh5.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"80d1218efd0efbcf5dea4367e60bca0a","sha1":"8a4c873f89b5c5f0aacbb7c7c32148d5e752ddb1","sha256":"bdaef750a0f9b3f731af78d45babd00ed227385dbb46c586d2994d647f8d0919","sha512":"23bd2205c8dbd4a7381706e3e05d7391e7cba22ae4e667e0c0f005858a25d53fd2c8c1d29d09db860b7698de74edf58c487c546c266fde4cb1494b5b5b1bc68f","ssdeep":"768:A/P3757ET6nycEPF7WOqFsV1WtNhD0tW9kMBiz92Q0jJCLEUEJBaZUkN5V68UWEN:AntwskhnWdYBAQvL5Vs7ZuYV","tlshash":"dc730a98f60ab07152f7c9e9d0af864963163782a704d1f0f0b69c610692779f0abf7d","size":75505,"data":"","first_seen":"2026-07-02T10:56:16.386266Z","last_seen":"2026-07-02T13:28:16.772902Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Skeleton.1zrvalXo.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"fdd36081b374ae74cedd91d0234b7174","sha1":"73bca12f38d39d5dd22cc84f130928f28eb03ece","sha256":"0f2de6e24d4d19c190afbae5fbba1b86e7761dac13db6bddb0622170257d44d9","sha512":"35625c791da328381707b7b5d03a4b6bc01982120ecf83cffb7262e58a7fbbd39ea7970247c7e2cc17331f8529364f220741fb2196034abf4e490e72bb0893b0","ssdeep":"","tlshash":"3a51a79cf2dda8f769e3c8ff626a4754101835856770e2a0b2b638a136012779721f12","size":2463,"data":"","first_seen":"2026-07-02T10:56:16.448899Z","last_seen":"2026-07-02T13:28:16.965053Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.C-PjGhQL.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"66d97926b1a8a7f1edd66c27b4001d9d","sha1":"4d9d4357c74468d8bb9dbb7bf773097e1322cbae","sha256":"98f9497b4587ff0e624ea8d377aca441e355e1c671962eda6f0007e99f15b00a","sha512":"6fbcc263c8a7187736d88c561f1e55f051b7c3734289465ed6e12a69b09f8387ae0b40447387aecac1a38e9800ee8453196bf55ea6c8ae37b878ed2d211bb43f","ssdeep":"","tlshash":"b8219606f25a61b24c2980f89058ad6763726414f26598b5d96d4d1ec245043f46fb71","size":1137,"data":"","first_seen":"2026-07-02T10:56:16.488517Z","last_seen":"2026-07-02T13:28:16.838057Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.Bwa4_3Tu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b7ddf40d12eae1146fbe9e3a9bb2e14a","sha1":"f9e5d7dd6267b8c21bcaea74b056523e0fc52786","sha256":"d5fc5608dd6388a80e002ee413cd7a63a511da14a5db33d35c8e3be6bafa7af4","sha512":"0a20ca884c1ecde8bedb0d9a9f5fc69df6e39563f183c4d24e657d3f214d53d7d67a1f23aa55c999ddb5349d911a511aa34f2287c232a95ab4f46ade82169b33","ssdeep":"","tlshash":"eb31c63eb47a8bbc725b0834415108ca362d3f9ee275e094c0f849161ed6de0c36b028","size":1764,"data":"","first_seen":"2026-07-02T10:56:16.405448Z","last_seen":"2026-07-02T13:28:16.969156Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.DQuttiJ7.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c1b07371faea72b53a30ddbd3c95391","sha1":"7ebcd004ba99fff8bc8dc357c318205e6b0d2ded","sha256":"a6356923d88f2b2bb53126f918ef3c0382399002242e4144c7d540b3305762dc","sha512":"65cce55d2d1d3d01b9f5e398664ba3f7899a14458b05beb8674172596ef19978d082c96081d250141a8845da06e49e78acdff1b821343e5a7a7e2010153d05f4","ssdeep":"96:khxkhM3vivdhRFp/SIBI0AiTYNobk/Pdj12OpoqETxqH1by1nj5aXj+60gFdr:2kefk9pt3hQtjwO23khEGK60ur","tlshash":"b1b12a5870162738ad77c54c2180995a9d2b7f41aa10e8a071fd1a272ed1ce1df6f3ec","size":5496,"data":"","first_seen":"2026-07-02T10:56:16.409447Z","last_seen":"2026-07-02T13:28:16.774767Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BTbhL9pU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba7b45c505fa954e014b18b60c0062f7","sha1":"3fc8cdf5c6c66520da576bac2f43a4ceeacaca85","sha256":"9a3651b7bbaeddef2ed50c308f1b24d760bebbcceb8198ad9e1e0f64ff91657a","sha512":"7a1638360a8137db401845d3ecd865dd763f2f2da17254f52420360e3dbfc4ea5db2595440b52510253450f9831e9778d5835538109aa64ce4b1964576a79897","ssdeep":"384:nYd4MMg0ZuJeBK/ibanSC3gEDbm7UjFjYxPeVYeaFXlFefPcoSv0Lby7zyao:nYd4MMgHeBK/ib3C3gEDK7Aj4PeVYea6","tlshash":"61b21a47b13a1e7eb3630da0f0690597560c7fdbd410da80a5ff1d701bdac80566da7a","size":24192,"data":"","first_seen":"2026-07-02T10:56:16.473652Z","last_seen":"2026-07-02T13:28:16.933821Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.KcHXIBN5.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"726c773216ecd1e6dc5af1df8e23bc25","sha1":"6eff5e502d3253ecf7f4f747863e0ebbbfdd3e9c","sha256":"04c657b949627ac2a754d34fccd53ef004d9d2811762f178ef7ce85d70d17e65","sha512":"3dbf0bb96f626579ddf0b1f527dd48361898b3c707c128670141d0e37833bb068378d816da2be5f22f41d894d48eecf5ba66e15709a1847de1d27c8d574da6d2","ssdeep":"","tlshash":"f531790a1929977f77178814f4813192604c7f56d023cc76d1b11a326bdb4f4875a727","size":1803,"data":"","first_seen":"2026-07-02T10:56:16.407315Z","last_seen":"2026-07-02T13:28:16.755185Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Checkbox.DMeKBWjS.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f3ad928f485264bd96b0f2c8e65029d","sha1":"c962c0b8a57974aac94851dc5793d655e08438b6","sha256":"661d1e9e5ced7d08c4405d823c71d71f7213e39a12dfc0076ea7c33d2d0398bd","sha512":"ce49c510907692d01a28311b2e0128dd0dd5de37fe97277841bec94932a54a8a28716c4e71b087d099db9b1aa0af8fb453fb7f977594e25835fab6a224afe8f4","ssdeep":"192:M8SMVxdb68jFL3pqy9abRUg8ujjkupMnqcpvib4qNoWT1RvSnop1ijV:17x68jF7pqy9abRUg8kVzNDTaop1ijV","tlshash":"8622953afd4a94b225b3c5a59197080e61226642df15def1f0f28c011ae9afce54fb7c","size":10442,"data":"","first_seen":"2026-07-02T10:56:16.399056Z","last_seen":"2026-07-02T13:28:16.614364Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj21 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[promoId:map[configurable:true enumerable:true value:36 writable:true]] ownPropertiesLength:1] sealed:false type:object]/site/f/siteConfig/query","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj24 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[isSportHomePC:map[configurable:true enumerable:true value:true writable:true]] ownPropertiesLength:1] sealed:false type:object]/game-center/f/menu/getHomeMenu","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj25 class:Object extensible:true frozen:false isError:false ownPropertyLength:1 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true]] ownPropertiesLength:1] sealed:false type:object]/game-center/f/sport/querySportType","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj95 class:Object extensible:true frozen:false isError:false ownPropertyLength:14 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher17.process7//obj96 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:14] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj204 class:Object extensible:true frozen:false isError:false ownPropertyLength:15 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher17.process7//obj205 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:15] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj262 class:Object extensible:true frozen:false isError:false ownPropertyLength:15 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher17.process7//obj263 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:15] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj264 class:Object extensible:true frozen:false isError:false ownPropertyLength:15 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher17.process7//obj265 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:15] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089},{"level":"log","text":"----原始参数----map[actor:server1.conn0.watcher17.process7//obj266 class:Object extensible:true frozen:false isError:false ownPropertyLength:15 preview:map[kind:Object ownProperties:map[channelCode:map[configurable:true enumerable:true value:fb writable:true] endTime:map[configurable:true enumerable:true value: writable:true] gameType:map[configurable:true enumerable:true value:S-GAME writable:true] lgIds:map[configurable:true enumerable:true value:map[actor:server1.conn0.watcher17.process7//obj267 class:Array extensible:true frozen:false isError:false ownPropertyLength:2 preview:map[kind:ArrayLike length:1] sealed:false type:object] writable:true] lgName:map[configurable:true enumerable:true value: writable:true] oddsType:map[configurable:true enumerable:true value:1 writable:true] pageNumber:map[configurable:true enumerable:true value:1 writable:true] pageSize:map[configurable:true enumerable:true value:30 writable:true] sortType:map[configurable:true enumerable:true value:1 writable:true] startTime:map[configurable:true enumerable:true value: writable:true]] ownPropertiesLength:15] sealed:false type:object]/game-center/f/sport/queryMatchPage","filename":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","line_number":2460,"column_number":4089}]},"http":[{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.C7xICWJ1.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.831Z","timestamp":1782998859831,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.C7xICWJ1.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-16ba\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5818,"size_decoded":2578,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (5696)","md5":"ffcd80726e3256c79c5758ba963b7574","sha1":"2653ddf8635fd818985397cd09b08845de44bb26","sha256":"204d47e4f8864155beb75436b5fa93d510e4f8126e0933809d1ec1791cdb101b","sha512":"3a8a5096206b44387ab4fffb8a984a6c45feaef48f598891e9b4032aadf6b97ecede29cde3438b0e2e2e695c81391dd0726314dd0dbd942eccf0339e3c6ae407","ssdeep":"96:ijAOlIW3YrGdv1PISGEwZAhtm1xyY3A53Au3AV4fzr63ewJzburzENpsJUcph/Ae:mAOWSGEwZj13i3J3+SG3nRIUGh4p3w4c","tlshash":"e5c17559203bbb7ab6174874756859a3a3097faac105c44bf1bc1c232bce8b416cdb79","first_seen":"2026-07-02T10:56:16.477596Z","last_seen":"2026-07-02T13:28:16.57676Z","times_seen":4,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/LOL.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.043Z","timestamp":1782998860043,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/LOL.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5858\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: VZtnY2IYomcPtWlnq9VZPo2e4xbtbzTq\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 11:37:40 GMT\r\netag: \"6e8237396bc77075edcd1c1e02e13dbf\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: U1Q6pHTT7EQIia7Xfl_YO8ZL-CV0VsPDIm1mEU338HiKOURIAXxC7A==\r\nage: 6600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5858,"size_decoded":6425,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"6e8237396bc77075edcd1c1e02e13dbf","sha1":"1849454d1a8ed73bb7d0ea1b40271e569eaf4d33","sha256":"6d39ae8acfd74a09d21fd4323fcb554520e49f47b7fdfb9a29fa14ba719797c0","sha512":"726bf685fc8247df2cd2cd4c7c54a14698d50fcd0ca2315c0f1ea5f207e40624f8e9689bf28fd56ac24aa782f3ed8c3cb036652006b52f73ccb6a66853281aa3","ssdeep":"96:87SlvVJjuSBLdO+xtYZZ0EgOgkpt2Da08PJ6GLTai5SxYJGIKU0rHVO+4E3QX48W:WS5VJjDkZ0T1OTPkgTaisYJbKxH748QG","tlshash":"3dc19fbf0306072daad7847120d8ff9761538768842056631fcec662326cde35687af7","first_seen":"2026-05-30T07:41:04.73559Z","last_seen":"2026-07-04T10:40:29.193396Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/bb9f3420be565cfcb18ed280477a7a43.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.758Z","timestamp":1782998860758,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/bb9f3420be565cfcb18ed280477a7a43.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/world-cup.BvFKdTAM.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.488Z","timestamp":1782998859488,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/world-cup.BvFKdTAM.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 33236\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-81d4\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33236,"size_decoded":33629,"mime_type":"image/png","magic":"PNG image data, 504 x 100, 8-bit/color RGBA, non-interlaced","md5":"df8cb4ae580b950c20491bd5d6b2b7a5","sha1":"58c034f11efe9a79e8596d62abea1bd9652b9505","sha256":"6c4d2b44119d87e406b23551c3302accfdaadd72a74ac3f38dc96885451f10ba","sha512":"06bf4f49b9ed161b4daece922bcf678f41bd1331c0e6019a29a12c0a4b8ad4d0e0b9a696f16b2839626a169967353af7e7b9b679e1ba47edda01378cabcd005d","ssdeep":"768:t9hgmblWJCwFxKmxHzZF4iOptwoiIiFKKp+q2iAV9smu:lgGlWCExFZSiO3woiIiF3dyVu","tlshash":"6be2f1d380ce5ea714b78754939801175a83432c9c628bf8cafc9ffbc4d557898bc969","first_seen":"2026-05-30T07:41:04.725841Z","last_seen":"2026-07-04T10:40:29.350825Z","times_seen":24,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/master/f/dict/getDict","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.530Z","timestamp":1782998859530,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/master/f/dict/getDict HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 8155\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38395,"size_decoded":8591,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (33667), with no line terminators","md5":"f123ef4a9929d2aad8e1ec7c063b0753","sha1":"c8982237d9e10d7c0498e92152a8685a99ee9525","sha256":"608d89e4b9e9e46ba8aab4c902e99f02b01dfbef8e83c782ae511ae4d9a7e531","sha512":"1a41d06d30d79ab4526a26a01df279069de5588b1f11980bc21c41c0aea1ef2a4e3d96c66a3d0a1d258d6cec262afa66f3972fd72803ac1baada1a6009f048ba","ssdeep":"384:ThDGMflhIv6THpfxDvJwGMJ9NNkrdMxrcwkaLVSHc+A:JIsfhhwGFdM9cwlEc+A","tlshash":"e103879eb1cabcfe2493ad81ad8314ca7445208ef8fc9fc562d7dddd6d888460427da1","first_seen":"2026-06-24T13:33:43.036983Z","last_seen":"2026-07-04T10:40:29.143717Z","times_seen":16,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BwgWFPmY.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.864Z","timestamp":1782998859864,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BwgWFPmY.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-56f\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1391,"size_decoded":963,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1390)","md5":"9953356f401e10134c7f83b92d1ba79c","sha1":"c099df1a5c59b8df703a2b2346f5288b7a5b7090","sha256":"ef7e192ba3ac3e831eb0ef5d76a44cc9ce7cac35d9fdc5ee7183cc9301d6c9c9","sha512":"f5110a505aadd8d73fde5c8935dcc4deea3a5df3d440542334b940bac29ab12e08e21faaefb24459b634c5f14ce702cdbb8537daf35445b3e40a356de65a524e","ssdeep":"","tlshash":"7e210f1cec0ed56649e34624a9084e011409cf3fe63929d059ed763d1bee2b866ce36a","first_seen":"2026-07-02T10:56:16.376888Z","last_seen":"2026-07-02T13:28:16.585855Z","times_seen":4,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/activity/f/activity/queryList","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.974Z","timestamp":1782998860974,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/activity/f/activity/queryList HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2977,"size_decoded":1079,"mime_type":"application/json","magic":"JSON text data","md5":"a766dbddd220d31096785d16ad1a049c","sha1":"7b36d7362364f889c2be543bd567ee59f9a497be","sha256":"928199340d1ad8b42df599891c255b0289a8f98c961156d075b2b02b33bd3877","sha512":"340133c9ad3966e8330afeade169bcbe22466b50bc98aac07ff00f50717d4dcc0d30d0656858f7d9e5892e1a7f3bdcd1b4cdbcc3a0125b9502f6c6b4e9687bcb","ssdeep":"","tlshash":"3051ae671a4825a6fb442d67f5a7d3090cd4139ffa80d9dec38d09ef59dc0b2226521f","first_seen":"2026-07-01T20:44:48.159375Z","last_seen":"2026-07-04T10:40:29.356182Z","times_seen":10,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/menu/getHomeMenu","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:38.972Z","timestamp":1782998858972,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/menu/getHomeMenu HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 18792\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":291610,"size_decoded":19229,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (63672), with no line terminators","md5":"a10b4b4526f749e505646977d28a6c81","sha1":"0e6639c9180ff7e6681cd6a034bb87691d2ed119","sha256":"b749d0b2c0c5ace0b2249f3e230f117645e5ca4457e5660a44a5d19d090f1e03","sha512":"f6d017d4c3ba0c77380c765dfc5db7711e967ab359a9d6d16c165e45f36409e382cea0914f477796032071bf45c43595f63c95a1e7a70d37e05c7911f17d0bcd","ssdeep":"1536:ZcAL97zVNk+tlZvgUfZEXuayD8vm2iCuwLQ53h45lAEr8eNUr9sO:jN2iCpLQ53elAEr8eC/","tlshash":"ec548ed99718dc4c872b11f229db76c4f6ed620bcdc0ac65e18e9f6ac6e8737830154a","first_seen":"2026-07-02T10:56:16.499005Z","last_seen":"2026-07-02T13:28:16.590786Z","times_seen":4,"resource_available":false,"data":null}},"time_used":495,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":339,"receive":156,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.wohuF47t.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.836Z","timestamp":1782998859836,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.wohuF47t.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-d20\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3360,"size_decoded":2450,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3339)","md5":"595a2f06cf9790d3d3b562dd2492e04e","sha1":"2387c37aaebf2ef156580650aa05c350d45f1850","sha256":"e63585b9447e0098b2a2092f292e1bd4617c25c643f668bf2c5dabbbdd2b59da","sha512":"f19fe960d5429bb41f561fe424dc063a48d831e76ddef6d43cb5e8d1d64dfd226e578db2514428b10f2dff4f8b578ef46adb69a339a03a90a6a0e5dfa6878ee8","ssdeep":"","tlshash":"8061f7b3b84fec340da30c38a41558425c096fdfc174690d99b9b5791fad9a0d96c3b8","first_seen":"2026-07-02T10:56:16.399927Z","last_seen":"2026-07-02T13:28:16.592552Z","times_seen":4,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.CU2theOH.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.919Z","timestamp":1782998859919,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.CU2theOH.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-133e\"\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4926,"size_decoded":1694,"mime_type":"text/css","magic":"ASCII text, with very long lines (4925)","md5":"1bf1c152f3461398c76a787e824df75b","sha1":"1d00103a6bfc5e98839fa7df12f0275a802f9846","sha256":"19638ad40a7329a035eff657cf4a08322c6d02c39e96d89550f77b59fdc5a5e6","sha512":"2579feffd84bee15e7765c535334ac6c0aab066cba7c0ed27ece78cee73c4f41c98cb9662b7e57a46bc2918835d73d06a72cc894f68023212dcebc7ae5043438","ssdeep":"96:5WGXOyecfqNjvxqnb+pGO485ihnCpfC8H24sDvG9P:qrcf68nbI/75iFCp/24sDvG9P","tlshash":"01a163a77579b43e297b4e1d20c6523c3539bbc30f416661ececa79089c36e3ba11288","first_seen":"2026-05-30T07:41:04.728075Z","last_seen":"2026-07-04T10:40:29.363957Z","times_seen":23,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/eSports.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.998Z","timestamp":1782998859998,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/eSports.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 7705\r\nlast-modified: Fri, 31 Oct 2025 06:57:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 8f5Ga6_b9PewpHauIY_6Vcg88hbvFDhd\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:18:46 GMT\r\netag: \"13ef194d3222cc9862df8d675f00016f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Dp9aLli-bwrMXK18kkSU56v-2BCc6AUBMoiwMvR4e2J9OA4wtyLJHA==\r\nage: 534\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":7705,"size_decoded":8271,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"13ef194d3222cc9862df8d675f00016f","sha1":"acd26ea2aabd4efbffec6092c0fc0637398030cd","sha256":"a3e732892d0d64f36f2207e453deceeef54eca7d3d7cf557874256ec8c57ba2f","sha512":"1aeca20acaf899c94ff04f015dd5d05cc236cd9137f827406d73f5f84f2c71752c83d762f8921af1716f721e4c0981eecc83cb45a8f3cf86996c976176e83350","ssdeep":"192:WSiIde6Q1WbkrgAo6RQsH1KVvTkFLm47Cm4dDAwNiQKHCTY7nLwJ:5tde6gW+gAwsHArkFLP7wRAwNYHCTSLI","tlshash":"6af1afe45d69b73a3aa874a67640419a0f6cbc5c247c720fdf3c7ad1d9640a630ed9a0","first_seen":"2026-05-30T07:41:04.730309Z","last_seen":"2026-07-04T10:40:29.346387Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.g1SOqPSJ.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.879Z","timestamp":1782998859879,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.g1SOqPSJ.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 281\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-119\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":281,"size_decoded":670,"mime_type":"text/css","magic":"ASCII text","md5":"26462b1c1044ed2903c4918abc66310b","sha1":"e1090d80aeb6dec4c9bb8e63b6acaf84bb2ee283","sha256":"cbe1e441cc64ca9d843dd4bc0c68d36c084b20c6470b0f23970e7ab08af94622","sha512":"c34fc3eddd6cfcbbda174e1a94df3566b84f4e6974d3f28e96486598fbe24e6e51a5ebdbe231957fcec2a857ac6431225d131884afb71904d11b4f6c4ab27c45","ssdeep":"","tlshash":"25d0cd01f6561d2d1142c3486edcd0a444f892eb1d2588c973c025464b0659f31201c3","first_seen":"2026-05-30T07:41:04.804877Z","last_seen":"2026-07-04T10:40:29.245264Z","times_seen":23,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/helpIcon.DXtWc6_o.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:41.488Z","timestamp":1782998861488,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/helpIcon.DXtWc6_o.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 7012\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-1b64\"\r\nexpires: Thu, 02 Jul 2026 13:37:41 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7012,"size_decoded":7404,"mime_type":"image/png","magic":"PNG image data, 167 x 112, 8-bit colormap, non-interlaced","md5":"c784639df64797cf4c3c1757c34846dd","sha1":"89cb423197db444b0892e1072c4852221d971934","sha256":"265557bcbbde1555f6d1253bbfab5df958ea8d9920c071f74f1f4e49a38d1f25","sha512":"fe33c6c1931263ceb6602ceceb63a87c7b45067ef44b3573959424487bde84e3a6953b8199c19fc4ffd54be1c2c6c929cd7cdba468c087418f3884a0546eb9b2","ssdeep":"96:Ri9I663eoO2tk4BHWENfpf2A/7pN3W8Eu1Nrybrp+UvLuPCTJgSSJwQk1Ie/Gvo1:CI66uoJu4hXp1Nubd+UTu6TJRSJw0G","tlshash":"77e1af2d5386d41030261626cd2dd60d8a94e83bf2cbade280d2b33957c72ff5365d3a","first_seen":"2026-05-30T07:41:04.733772Z","last_seen":"2026-07-04T10:40:29.406729Z","times_seen":22,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/details-arrow.DtgI1CkQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.075Z","timestamp":1782998859075,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/details-arrow.DtgI1CkQ.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-ba1\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2977,"size_decoded":2648,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2976)","md5":"163a02ffd7cbf774ac47485f87d11631","sha1":"30467f6feacf6eb74e7a3628dcadccb3866dad2c","sha256":"2d502486f9a515ae20f2ae52153a0dc251b243eb4fb0bbbaf62f6bcb29395b00","sha512":"5faf7f5620bad75057bfdc339e7b40e5ef53b62b10cc0c0fc1cb22fd3e79a794e37b7704f3e8987c06e0a1a757eba76a861852382aa914afdfc2b14886828af1","ssdeep":"","tlshash":"f0514d7797644cedbe9044b554063719ac7a730dac2077f49d0d4318bad3b642a7991c","first_seen":"2026-05-30T07:41:04.633269Z","last_seen":"2026-07-04T10:40:29.177796Z","times_seen":24,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":336,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.F92ZrHpm.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.504Z","timestamp":1782998859504,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.F92ZrHpm.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-170c\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5900,"size_decoded":2490,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (3248)","md5":"bec2a869f925703345961fac2569c4ae","sha1":"4e7b2234e1e4135ae94514102e63cfbf8a8ce80f","sha256":"b0a1aa35c3642d6b8c721ed313bc445e4f5467a67ec5796abeb1fdd6fd2ef47f","sha512":"a845f6cbc5a370a75d94700b6349aed7180548263e9d79e156d698b0c9586a007bff4309331098c2f42b73e6ee33735699c61bc99bda85924c8f1535309cc2dd","ssdeep":"96:jELceuYf3J9ejIl1bMjHwaMqxrzLETwr+aRjQHt9lH+CwBY3YWDflectiP:47uY/J9blJQwCzLETwr+39lezB4YW5eH","tlshash":"6cc1ed025684fffb49f38fa87f8e0a34c4f1c6b5426185e5d7ad4c3855e609a237e542","first_seen":"2026-07-02T10:56:16.430261Z","last_seen":"2026-07-02T13:28:16.602804Z","times_seen":4,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Dota2.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.041Z","timestamp":1782998860041,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Dota2.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6515\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: J.ipVZeTFh.1LMmD2VxOiodofkScvpfI\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 11:37:40 GMT\r\netag: \"076e0bb3616d661a3c83756ee40af384\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: LGu-ZrfvjhOImmKa7UIRho-bVS1OWdFrY4ggy-6KNmTFJalIi-QOpA==\r\nage: 6600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6515,"size_decoded":7082,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"076e0bb3616d661a3c83756ee40af384","sha1":"251684a21faaf483efb756a60dd3f54890866b76","sha256":"5be0cb4b7855ff16a20af702c633610340a0c034e486027c0704d7ff8033d7fe","sha512":"0d1c8b2426d22c48db21465192275ddd8446e1544398176ddeadddacbffe43654267927eeaf8b7db71872a297099e6d418dc047f2ea8e70b5cb9b04f49ba6345","ssdeep":"96:87SMhS5F1a2LFF93fdWIsJOPRguQgZ4BT8+DdROrVrzvxMNhz30IyQXXyooRCVIq:WSySj1nBl9sJOPHQMUNaVgFtfXCDmuUz","tlshash":"9cd1ad247bd14e540c758ca6971338a22bb70e95477924ad6b0e8d2fec3c46b24dd58a","first_seen":"2026-05-30T07:41:04.847043Z","last_seen":"2026-07-04T10:40:29.14715Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Valorant.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.046Z","timestamp":1782998860046,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Valorant.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 3202\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: mYIMypaYlxvdQywrI.i.sjeZeeAfI4jm\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 11:37:40 GMT\r\netag: \"208f44b6f797772316ef998c2d12e02c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: OUsNb2j9IykCUm2zPZvhaKiqQB_gzkFK_YhjHgoDrJkPisvMWwYlsw==\r\nage: 6600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3202,"size_decoded":3769,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"208f44b6f797772316ef998c2d12e02c","sha1":"4fea9387ca5443cf79b7434aee0014331aaac623","sha256":"a9ddde829f3db072ca0f1aca927607cf833b1a320722e7400085d0548990613b","sha512":"1d3ce84c7f3c570f8443faf53268adae276668e4f85915e6ac1e41fab57086e0888e51b7699acce614f4cf4fc4133d0afeb67f50f02d34a21e80f02d331eb64d","ssdeep":"","tlshash":"ff613c99da836338fe09495102d64df46cbfe603892a86660c5cd5996bf94714bc33cc","first_seen":"2026-05-30T07:41:04.879744Z","last_seen":"2026-07-04T10:40:29.220279Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/favicon.ico","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.714Z","timestamp":1782998860714,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 159\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":159,"size_decoded":307,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"62612b5e7b2a012de34112a6f9544519","sha1":"a6c72e8ca88683471ad0ff7944211e2a5fb3c595","sha256":"d297e01557482dde6fe71c8e639e87e39edda7577c1c61092e0d6ee2e0250742","sha512":"124065ecc13009c42c005b0b2e9cc95586ee3e8f4acc82032e917932195adcc8fe7bd9ca7536d303491b4515dc83a64fa8e22ed5c990b0c787d6ba8bdc19297a","ssdeep":"","tlshash":"a2c02b6d29137c0c866330b636c37090c1878337f57e51118480845770cf1998ac33ab","first_seen":"2024-10-28T14:43:15.103244Z","last_seen":"2026-07-04T10:40:29.153497Z","times_seen":163,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/2a3f1119e4b9fedbd642d35380434afc.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.772Z","timestamp":1782998860772,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/2a3f1119e4b9fedbd642d35380434afc.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Checkbox.DMeKBWjS.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.079Z","timestamp":1782998859079,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Checkbox.DMeKBWjS.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-28ca\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10442,"size_decoded":3902,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (4729)","md5":"1f3ad928f485264bd96b0f2c8e65029d","sha1":"c962c0b8a57974aac94851dc5793d655e08438b6","sha256":"661d1e9e5ced7d08c4405d823c71d71f7213e39a12dfc0076ea7c33d2d0398bd","sha512":"ce49c510907692d01a28311b2e0128dd0dd5de37fe97277841bec94932a54a8a28716c4e71b087d099db9b1aa0af8fb453fb7f977594e25835fab6a224afe8f4","ssdeep":"192:M8SMVxdb68jFL3pqy9abRUg8ujjkupMnqcpvib4qNoWT1RvSnop1ijV:17x68jF7pqy9abRUg8kVzNDTaop1ijV","tlshash":"8622953afd4a94b225b3c5a59197080e61226642df15def1f0f28c011ae9afce54fb7c","first_seen":"2026-07-02T10:56:16.399056Z","last_seen":"2026-07-02T13:28:16.614364Z","times_seen":4,"resource_available":true,"data":null}},"time_used":330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":330,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/config.BpcUrZ_O.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.085Z","timestamp":1782998859085,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/config.BpcUrZ_O.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-710\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1808,"size_decoded":1243,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1807)","md5":"8ce1fadea8c88bd580d9afdd0bda37f5","sha1":"aefe3439b51d025b26f915d45eeec3433e2b3ae2","sha256":"3236f2722f428e539a1b95e01cb461b55df5800df94932c351fb42a9767e90f0","sha512":"ccd01d2eeca96368b05f541ee6b74defc95349c0d522790561c2d528b86e1514d87d6a81b9096c9a1f3276072c7da0252c909469b108c7ec5c9cf2ae4217fda8","ssdeep":"","tlshash":"dc31209e8b6338de09f20e5494db0f31d41c0309ed268825e3efe63ad502e816227e35","first_seen":"2026-05-30T07:41:04.696534Z","last_seen":"2026-07-04T10:40:29.374818Z","times_seen":24,"resource_available":true,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/OddChangeIcon.ByB84Dw5.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.105Z","timestamp":1782998859105,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/OddChangeIcon.ByB84Dw5.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 108\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-6c\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108,"size_decoded":496,"mime_type":"text/css","magic":"ASCII text","md5":"f42f73cd294d79a4c0eae64cb4640b76","sha1":"5001d70ac57e4062fd990fda72d585d65696fa6a","sha256":"50e27b1325c93748c3f85f41968d6e227188f18f0fe44bb0bbf58ccf8c34a6d0","sha512":"cc1696594dbc8b3fe1f3a855b7a519e178627ebf78aee6025af2d4046db149f0c1fd3e628cd912e3280f5e24e3798b9f276eab6615d888e916005c5f87114a71","ssdeep":"","tlshash":"e3b012405e19945831e34c01f0c20e7a2d24d7434934369092c01c6d85238af365c17a","first_seen":"2026-06-03T10:08:00.414588Z","last_seen":"2026-07-04T10:40:29.40369Z","times_seen":20,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/EFootball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.050Z","timestamp":1782998860050,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/EFootball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6506\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: FtnPRWP6wO7QzlCI1.EOw9EOABMGf1bV\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"114517b2b07f6f35696a0b5f43f6738e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: k2uygbvrW6ynO9j00Ajz2txJY1OEW0EYXMQUIaQ_Cm59XhlzhDVNqQ==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6506,"size_decoded":7073,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"114517b2b07f6f35696a0b5f43f6738e","sha1":"e7a052ec140aa1facdb265ddcf3d0b1963370608","sha256":"431a271bd772d9ae882e228ba26fd6ddf9fc1125beac3b379b4295c38e861b83","sha512":"c78bc414f9dbc10ea701c5da74a58daab16f1d370e5afb558c650d4bd909315708abd5a04f60ac8c5607e767451ca29d3e04720f9d4417e77b1c48b30690d1a8","ssdeep":"192:FSzqPhl0seo1ZDNWZz6E+BA6VcnC6CY9JwUdN7:kz4vfscp16CY/JJ","tlshash":"43d19f7e3813e80cdd78c14fc6df85ea939ace805453ca93a8a38c8de920e1156d52f5","first_seen":"2026-05-30T07:41:04.724559Z","last_seen":"2026-07-04T10:40:29.292679Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/KOG.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.054Z","timestamp":1782998860054,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/KOG.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6775\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: eN0UiF3mfitmmc.TmZQ61iR56yNKIAzQ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 11:37:40 GMT\r\netag: \"ef01571b3dc1dad6a7e1b59873ed5066\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Lsbyr9JzqhjNothaQXo2fgjhL9zpe0ZNNt40n75qPzg2sDWa_BSMLA==\r\nage: 6600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6775,"size_decoded":7342,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"ef01571b3dc1dad6a7e1b59873ed5066","sha1":"fcea204f380781fb7d4ab147e5dadddb8b17e4c4","sha256":"0c842bf04b667cb9f5aafd5e48a0b45baeacd3b3f87bea39bd42df8813d38c1e","sha512":"350c1123075bca3c19374106f0aa4667416ed2d64281128212a75b435d5e3c97f7a66f6abeb70f26ecde31a3c569235057336f08e0388f7aa766220d02f194ea","ssdeep":"192:WSu26Hs03MhG3CG85goWSWbmxUQoNEqX3Fzwsl26Q:5uTMkM5G85goZxUDFDYT","tlshash":"6de1af1ece2f16c7cd3e942442d17b73687b8aa539bcd8b87859479011e4865d680fc1","first_seen":"2026-06-24T13:33:43.043204Z","last_seen":"2026-07-04T10:40:29.37405Z","times_seen":16,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/league6-active.CAVaxu2M.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.083Z","timestamp":1782998859083,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/league6-active.CAVaxu2M.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-db9\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3513,"size_decoded":1264,"mime_type":"text/css","magic":"ASCII text, with very long lines (3512)","md5":"c5ca278ae81d856ecd99dcc10682110c","sha1":"af597d22431bd3eafbc1f534a5ed5e4ef556d7a8","sha256":"1c2bc5839ed0da9275d0a7c804544f4b7fc771807f9d454e5393edea581bf173","sha512":"78910a74b626018f8e8c22489893d8dbe1f6b75e05b577de933d819ad6db94ef596b87eb994bdcbdbe60bc385ab8bcb852e76f7978d3f17eacc62d4d288f0672","ssdeep":"","tlshash":"ba71be1234dc2a1eed23bc116890033530b9ee474572654acaea2b2688d734f5eff6dd","first_seen":"2026-06-03T02:50:07.936787Z","last_seen":"2026-07-04T10:40:29.272094Z","times_seen":22,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/MatchTimer.BkhpvURz.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.092Z","timestamp":1782998859092,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/MatchTimer.BkhpvURz.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-820\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2080,"size_decoded":1629,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2079)","md5":"0d8175107789c3350f8f0ab255ed2123","sha1":"5498bc2cee3f2010f54df1ee2b6003659b3f3ed7","sha256":"1a6fbc59422bc766a5e059fe332a1485cf6d755746cb5f18535356a07c8d5017","sha512":"5731f4d3fa9232f166a192533bbae0ed92c923cebae6a0c016d033828250e7344f2fe53a1c816a61c81f51f81d2dfabb3f7149a5790c13f240d8f012aaf61786","ssdeep":"","tlshash":"6e41a745bb0f58e053f0098015404910ad5a8b2d3133adc5ebac4fed932ae58afcd56d","first_seen":"2026-07-02T10:56:16.408126Z","last_seen":"2026-07-02T13:28:16.636563Z","times_seen":4,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/success.B7fR5wmE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.826Z","timestamp":1782998859826,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/success.B7fR5wmE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-976\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2422,"size_decoded":1852,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2421)","md5":"861edf6ccee12de018680dc5b5ff70c6","sha1":"7775194f46f290b518202bd71a4b63498069763d","sha256":"bd59e568ff6effdaa322fcb9a75fb145d6366fd9ed36403ea87fe64b1ca46d58","sha512":"c527618385c565d1be5f860c12ed44aad86d37e01dfb963c6746bdfe2f5540afefc1bb36b46b35d2447eb5bf61f4451cd5f11208821a00ebb67c78e51f165efd","ssdeep":"","tlshash":"1741947c851b6e78983c4d5b0b283d21d826a2bdcfcdbc475d865200ab345075ca5ced","first_seen":"2026-05-30T07:41:04.658352Z","last_seen":"2026-07-04T10:40:29.388443Z","times_seen":23,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Drawer.bDRkB_fr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.912Z","timestamp":1782998859912,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Drawer.bDRkB_fr.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-3af4\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15092,"size_decoded":4633,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (6795)","md5":"b724ed0d140a67abc80f81ce4673b35b","sha1":"4cb80ef4a24c1d518aa7b3153f6a3491d387862d","sha256":"3c3ba0fa5cd6ffa52efe112b0188fd99db575f5e1cc275f14882d1a3e2e6cfe2","sha512":"78caaf1fc1952141c4bd8dee0fa5098144d440dd33f93e451afbce0a69d38d90625478c3fb6788fc358cd05201156f18323a998e165978a310ba084958b17a29","ssdeep":"192:zebctwvZXOqgG0PYmci+arsRvXLo4x2A+mNLaVa3p2mEDjwlh3vp8GRFkCZDsbQu:CRvBBdSWi+3ZXkQnlhB8GBsbjx","tlshash":"2462d664be19b07425b7c2e9c0de5b68117c97c2e72ac9e8f17134ab11c22bc5217fe6","first_seen":"2026-07-02T10:56:16.426326Z","last_seen":"2026-07-02T13:28:16.640655Z","times_seen":4,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":362,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/homeLeagueOddsColumns.DZ31HHjE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.089Z","timestamp":1782998859089,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/homeLeagueOddsColumns.DZ31HHjE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-79e0\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31200,"size_decoded":9875,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (30969)","md5":"78f6f3fad7d6486156daa1c9e19cf2bf","sha1":"d2a25cd2966800c2e10d9dfb23b7572917b04261","sha256":"81a4813e331efd4d9accd3353cb00e2f41e3150fd856dbddf92f2126eb30349b","sha512":"3b157fdea684396e50f4656e40f2bd551c50910c09b16fffb333604555c945a7a5fec7f7bbb8d4028b07714390cce96a86b8744fd3b6dc887ffb40141c5c1541","ssdeep":"384:2F4RQTWhP9ftAYRK/P5jp5yYjnI4HUZJvZOaAzBhfDfxelmsrI3:2FrqdVtAYK7MJvZOaAzBlDL3","tlshash":"72e2e858a02759bdb4f3908464644092f44c7fe7d104e487f4fe5e2627cac696bf87b8","first_seen":"2026-07-02T10:56:16.40263Z","last_seen":"2026-07-02T13:28:16.642786Z","times_seen":4,"resource_available":true,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":319,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/home-heying.uXLwwvlL.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.489Z","timestamp":1782998859489,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/home-heying.uXLwwvlL.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 106807\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-1a137\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106807,"size_decoded":107202,"mime_type":"image/png","magic":"PNG image data, 504 x 100, 8-bit/color RGBA, non-interlaced","md5":"a80186020e5b3698cfa1828638fb9486","sha1":"446782430347089bb8be5d2d9a135c285a6cf815","sha256":"6841ffa156c514b8e3ca0bd956a25f405a72d1d7b06b029185ee399025cf26fa","sha512":"d59ffc62d97a34c11edf8e3a8fdd166df36de01f2a7ac9db091d2c2e921ef91da2afafcdeb9dd992c77827b173a5885fd3c121e85f8a425a53ccc41e6e5e17ff","ssdeep":"3072:ilO/5l26QWXShVSJxkuZFSeVF6wLEaKR5m7khmUA:ilgCdWXgQlVF6wQYjUA","tlshash":"daa312ea8f2e4e456b376c783dddc08be5169ab235adc654381006b8ef1f1a324d0a75","first_seen":"2026-07-01T20:44:48.028562Z","last_seen":"2026-07-04T10:40:29.148449Z","times_seen":11,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/CSGO.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.053Z","timestamp":1782998860053,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/CSGO.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5154\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: AfRvqOoMcCWdPUHlpoUWXLsYfuvh3BDw\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 11:37:40 GMT\r\netag: \"b79145fe806ba8087544c29afcdf489e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 16udcdlN8csBxAZ2XDH-j3ZEcnFvGfwkwI5xguCANRf6JYm6_Eof4A==\r\nage: 6600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5154,"size_decoded":5721,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"b79145fe806ba8087544c29afcdf489e","sha1":"33620b87347b2f9850c88764262d4f4d660f4c2f","sha256":"9f701d2ecbb3ab298934358ffe2b13e3a56e5020da1560cea905541635118bfe","sha512":"7be425fff1737148fd578d3ddbceb065bb36459b09cb37fec7b9001dd66b3fb54d473aa6dfbc67fb2155f1f74642b04196c453e34d2ae62eb1afe605ec58903f","ssdeep":"96:87SH7u/MMKZuT0HAVEV/V9SCtpV5VBotrv0VTsJmrbhMNMvk8LMORrnDPc:WSHqU8T81V1tkrsyJ4iN6k8Zrrc","tlshash":"25b18cf7a513682261a1978c2cac0693470bbdc13280345aa4703dac8f3e97495acaee","first_seen":"2026-05-30T07:41:04.814927Z","last_seen":"2026-07-04T10:40:29.242815Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/1de52e5d2bd6de3bdd7385a047f99890.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.746Z","timestamp":1782998860746,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/1de52e5d2bd6de3bdd7385a047f99890.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/3a2230ee525a8bf74489ffe3a2d5222b.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.769Z","timestamp":1782998860769,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/3a2230ee525a8bf74489ffe3a2d5222b.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/right-icon3.DhL8zjOQ.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.493Z","timestamp":1782998859493,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon3.DhL8zjOQ.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 47484\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-b97c\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47484,"size_decoded":47881,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a5155e65c57614de67b8ec15c42a232f","sha1":"890c06646b260d6c664bc12ca9f96babbcbf9aa6","sha256":"38bb58eaa5b7a889c516fcf383eaa5038bc6f733e43137533bdfdd57ca18cdde","sha512":"502c1414b09e0ec1624640c23bbaf681e158d0afa35760e35598263caf0a143c7effb8f667cd5620ab2d05f5e20ae0ec71d7aeef22fba102a86eb992173a1885","ssdeep":"768:EIbffQNc+n0C/ew94iyPwWGoL6wK0Zr0pSHSOmJt/7s+DBdNv/keov/B+VkkolNU:ZEB/ewi3VUFJJ7s+DBkZ+qdHa","tlshash":"a123c5f733a1a2f8e80bfba9dd2354607c563cbebb85c3d5c250ae94a655158cd88cd0","first_seen":"2026-05-30T07:41:04.77458Z","last_seen":"2026-07-04T10:40:29.287138Z","times_seen":24,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/right-icon4.D8AknhkA.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.495Z","timestamp":1782998859495,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon4.D8AknhkA.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 14868\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-3a14\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14868,"size_decoded":15265,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f0e4c2d8f99654c8ce0f63ef03ab3a3d","sha1":"7ae9a97e8db79b12c98e377c71282d9bd0d1010e","sha256":"e2560b7e58bbf4dbfa46229f838607559a7120404472f751100ef49d8640b5ad","sha512":"797d160d2a1c95255668e796eb136dd4e2f5215c41828872b2cc7586175b5ded1548ffa82186d86e7a5c4291653d297344e33c8197ec1595c221ebb660d92d86","ssdeep":"192:StGDPgWt+Eut7AWPhKdjK9Zr44s4Jg+YdmTOH9EOF5Ey9qdnb+spJod5+zdsA:xPAEut7B944vlXTOf5ESUod5+zd7","tlshash":"446287f2a2d4f2f0a805e3fcd43694f2797238f93f55a69483d1aa99b80616588ddcc1","first_seen":"2026-05-30T07:41:04.870485Z","last_seen":"2026-07-04T10:40:29.274838Z","times_seen":24,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/ChevronRight.0lRZFIw-.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.926Z","timestamp":1782998859926,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/ChevronRight.0lRZFIw-.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 543\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-21f\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":543,"size_decoded":849,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (542)","md5":"3e8d3836578972c7dec02640343b011d","sha1":"314156cdbfceb4ca2c97a49f9cd365047e8a9ae2","sha256":"e85e9d5ca042fb0e99235b17d6b39ce78e4dae17f7cfbda7c811f23a41db8361","sha512":"098af945b6c1ce5f256272cbc5636a967a3353012db68e35b8021593e4bb7e04b3df2aca5a92a9584140af28c2cd262a7cbc6b75aa828469ad44110cea4b7e9e","ssdeep":"","tlshash":"f7f08bdf92c28871c911aa21d1a19041cf5914fde641cfccd2300724a923cc52d0fdf1","first_seen":"2026-07-02T10:56:16.393118Z","last_seen":"2026-07-02T13:28:16.65816Z","times_seen":4,"resource_available":true,"data":null}},"time_used":491,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":491,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:47.145Z","timestamp":1782998867145,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:47 GMT\r\ncontent-type: application/json\r\ncontent-length: 50365\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":468870,"size_decoded":50802,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60302), with no line terminators","md5":"f739d1e3ca7a517f89035657309dc724","sha1":"3cf46f4b909579df7d50d49184c2b4add1908c55","sha256":"841f51ac71a31225c652a1848d33930407d0488f1256b72e050bc30b8a61791d","sha512":"ada892a31afb1bf7ab0ec493eb59c51be8ac4cd2d110b35a71f9d134e44978192dcd360131b3ef922b81fa77afb7ceaa2d41213420018c5ec14fc8dd3e0c9254","ssdeep":"12288:d2Tm5G3st8be4oxg8Oi0+QoiCqe4fCO1t+k3K0j+6buAQ:R","tlshash":"69a4248a692dc4fd9ac67d02e4cf3095e4e03a0be84d2d4008c67e6c9e5fb63b527567","first_seen":"2026-07-02T13:28:16.667166Z","last_seen":"2026-07-02T13:28:16.667166Z","times_seen":1,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":723,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/GameHeroSwiper.D9vkzGIQ.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.070Z","timestamp":1782998859070,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/GameHeroSwiper.D9vkzGIQ.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-d02\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3330,"size_decoded":1411,"mime_type":"text/css","magic":"ASCII text, with very long lines (3329)","md5":"9ed2d942055788f6a3685ba9d6bd56ad","sha1":"51798e9fc6f00bdb5799f990ea5f619427ed6f9d","sha256":"ddc0a339666eb208dc8b7fdb3545e12f6b34cef3db0170c42596869ee2868a89","sha512":"79dd6709e2e7739de6346c0f5c44fb67d788afeacaf92d4abd254417d4d17c46a3dec52745011aabc77a4a9fc5f648b1167a857d5aaa2374df81492ffbe4ad8a","ssdeep":"","tlshash":"13616525a89c002900f79f459cc42b1d8138da8393638cdd7719776acec3aee7abd795","first_seen":"2026-06-24T13:33:42.971553Z","last_seen":"2026-07-04T10:40:29.337864Z","times_seen":16,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/BetCard.BHJ-GtVh.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.904Z","timestamp":1782998859904,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/BetCard.BHJ-GtVh.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-4fe7\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20455,"size_decoded":7730,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (20280)","md5":"c394795a4558852fea32c2d9ce4840a1","sha1":"98a22a74133c843210ec2790faf151a750f54802","sha256":"0758c946a72925c802c28c86364224e8eef67fb7eb6cc156c13ec954d65ee460","sha512":"14cc6ed037d4fb20e82c22b344d6c96fe3627c4b9d5cf24df097455ea2ef385acee29e8c3ee6b2184fcba3866dabb5c076cff5d4f0fe0a699977a653432a6a0b","ssdeep":"384:06S3oUEDKKZzXpwBRP2Efp1N1hehdKqMVR5wPv9ACV8gnjNq2:06ShhK8vPJN1hidKqqbwb+gnJ","tlshash":"c892e74e341749b6d43b883711183508e0283fecdf259c82f2eb96356bca9556a98ffc","first_seen":"2026-07-02T10:56:16.444043Z","last_seen":"2026-07-02T13:28:16.687229Z","times_seen":4,"resource_available":true,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":372,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Basketball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.993Z","timestamp":1782998859993,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Basketball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5959\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 3OtOrIhZG4JfqO.RU.6In1I_8ugtlVjQ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"8d90e7664426abfeeba59784511b8902\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: gqtLA51462TcCoYq-mnoGNXAG6bPwI2l-wz7Db-wE-e-lbeX5j0WDA==\r\nage: 3931\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5959,"size_decoded":6526,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"8d90e7664426abfeeba59784511b8902","sha1":"b0b908e519c80310bf529b580cda88d30f963af5","sha256":"12550c42bde3f47cee280151ac6f6bda7047578a222cd6f945c6443a3f3c72df","sha512":"308d8f169ea4e86fe30feaf4827c7f77b1412720fb89bcd7970f73d5d0484bfbab344fc5273813025ab4f5f667de3f4fbb6f395491405bfb0c2d7cbf59b455aa","ssdeep":"96:87S0Y7dZMwBx6ArzUI83qXQ2jFunOx8PqJgJhkR6cZQGGArayG0TbGw/C/5Z9w:WS0OdewBFZ22xuhPHha7FGAAEb0RZ2","tlshash":"bdc19e6038a5a7513a45306a11961cd59265ccc89ca232cc3ff2fb5987dd6ac7085b38","first_seen":"2026-05-30T07:41:04.652837Z","last_seen":"2026-07-04T10:40:29.389063Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.DQZHIj9i.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.120Z","timestamp":1782998859120,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.DQZHIj9i.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-5fd\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1533,"size_decoded":1092,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1526)","md5":"9d29ea288b8a64bd118c194ca86a4bf0","sha1":"bd3c1dc5c9203935b64f0dbb0adbe9f8be876c0a","sha256":"190e6a593cd02d02e2193a546f954eefea274a278325bc178d740607b41268cd","sha512":"1aa8f4c2a6411877400c4c986b98debfaecf340b5354352c7f93c965bb7bc845f96963160804c5834afb2a9874b993ed492b77440f71155de44c9105717787e7","ssdeep":"","tlshash":"5831429ab40d80f22fe394b87021321a538d9fdd9556c1e201fd6a5d1f0fced4a4ea35","first_seen":"2026-07-02T10:56:16.469098Z","last_seen":"2026-07-02T13:28:16.691104Z","times_seen":4,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/gift-icon.6MG1Eo4n.webp","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.486Z","timestamp":1782998859486,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/gift-icon.6MG1Eo4n.webp HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 591918\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-9082e\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":591918,"size_decoded":592202,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"93fc8cc63072bb9915ad09147a9ce0b2","sha1":"b78bec0a02a2079525080354b277ca22203c7f70","sha256":"54aed5dbcef9a64bf62dbbc70dd0567dcd9e3d0cae46c5c115614414828337e4","sha512":"c1fed45bef63538aa58b544528f63f40942dfebe1587472852385bd1a7f7b4af2bec73d5f09b67ce5199a71c87212ccc63ddc96ec2de96ea30ed89ce262d2a2b","ssdeep":"12288:ursRSGJZ8SG35MUcEmCIZyBDscT2bQEmrltsDtjTY80:u+SGJOSG35Mhffg3T2bLSaD1t0","tlshash":"04c42340b8b39005f9ce1c7f42453866944f886ab3705bf3ae42e9af847b5e0727db16","first_seen":"2026-05-30T07:41:04.605201Z","last_seen":"2026-07-04T10:40:29.238551Z","times_seen":24,"resource_available":false,"data":null}},"time_used":908,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":322,"receive":586,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/service.lbnyBfqg.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.500Z","timestamp":1782998859500,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/service.lbnyBfqg.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 21411\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-53a3\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21411,"size_decoded":21804,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"94cb5dbf4d84248a3fa3599912746438","sha1":"1a862ac5d160eebf547d06f750ceb1b0576b9379","sha256":"3d7630917c9e3ae67ed533cd2a168e884829b74b7a79bd8e102f018774ccdcf1","sha512":"ecbb95e4072a68590c608749f862450ea6da5d85ac217f8b00d615a87968b9d85e6f241b356d62c3ca55d14df8be8a05e5c511f79fb9b6187dc0d46b49061ffe","ssdeep":"384:LqGKNNeW6zoRGcJvpfP3mnj9C4xC9WPaEgkXYk6nqKCDTVmsiX65M:LpK3koRGGp2dx+WPaEgySiDAbX2M","tlshash":"9ca2e1185f86cf36c3fee8554d3823b29481750abe7226d5ac2c12fe2113b2d1eca166","first_seen":"2026-05-30T07:41:04.606342Z","last_seen":"2026-07-02T13:28:16.697671Z","times_seen":18,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.b08rW7Wf.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.858Z","timestamp":1782998859858,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.b08rW7Wf.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-436\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1078,"size_decoded":847,"mime_type":"text/css","magic":"ASCII text, with very long lines (1077)","md5":"e48e9b0547b63fd0e86e5f38887dd3fd","sha1":"02be536d1394ff897eda39673bbfca399ebc2ede","sha256":"9a23c0db384679c6c4d5c0d5781feb0cffaf22e544fa6477636da99d880c4f80","sha512":"f082a30583538480f8997069b4d3814871bc70c33e91ab6f96ce749f47dfd8fdc481a52ccd396a0afbc2aeaea5dcc8952934b170d8d04fc11b7d273214e093d5","ssdeep":"","tlshash":"ee11ef4df04eb41bdc6fa3848284db1cd907374b7b150ffa1e5267910a42ea2346173d","first_seen":"2026-06-24T13:33:42.988274Z","last_seen":"2026-07-04T10:40:29.176536Z","times_seen":15,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/master/f/fundsTypeConfig/queryAll","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.106Z","timestamp":1782998860106,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /api/master/f/fundsTypeConfig/queryAll HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 2942\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28985,"size_decoded":3261,"mime_type":"application/json","magic":"JSON text data","md5":"876fe5c06994ee0a01402e0c4ed070f0","sha1":"034d3d28a9aa1ca325d2615bb5c9bd9f85b3d311","sha256":"58a1efb1cd5ee9c824f5a95877cc9f8791609d8fc75dae96740a4e1046cd9050","sha512":"4ba91e28396d41e9eef32b362c76443ab4a8c2b991f946ff790fab3ade1a7e92bd21125830c1e8ca24a9f11cb880348c215a6849a4bdf78f07353e00fcca8c3d","ssdeep":"192:nTHpTxpTQpTM+ZpTypTspTFpTIpTepTSpTJpT4pTppTN3y2g2G2U2m2c2+2RGpTt:h+B3RxtEmbzpmV99","tlshash":"d0d2a52c379fccec8741737a0caa248d26e6765dc5849758d6d9fc78c51a2ca303e3a6","first_seen":"2026-07-01T20:44:48.128763Z","last_seen":"2026-07-04T10:40:29.298025Z","times_seen":10,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/918a3cacd42180fb72439a7042c369db.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.778Z","timestamp":1782998860778,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/918a3cacd42180fb72439a7042c369db.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/3d8da6464ddfa921e58625b0494bbd3e.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.786Z","timestamp":1782998860786,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/3d8da6464ddfa921e58625b0494bbd3e.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Soccer.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.991Z","timestamp":1782998859991,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Soccer.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4100\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: PqH5yWXMeA4HfWz6wLoV9XESkPZgEbbh\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"43cf50d1377a80bc4cbe1a0afe1ccd0c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 3WvqLs2zqYOJNiMybGvjqUI_BVekEPcH9t2r_1J9mHjlNcbdVtF7hA==\r\nage: 3931\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4100,"size_decoded":4667,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"43cf50d1377a80bc4cbe1a0afe1ccd0c","sha1":"e282335b14bedd98fee46a5cf7a54954680862ee","sha256":"08aa300178376a09a8db67b3bf026e2b10522dd29bcb2fe26097f4e80c49710a","sha512":"3b9f75e6d41e93f9f72fef68cd0bbc4901013073e403f328924a43fd8568ab8137a4a2c1634ac71e90f92ea4135b4a184e79e4c277b9ee32821e003dfe69b281","ssdeep":"96:87SqPRdl/cnwP6YAGRbXaxf/uDDN3M0uf8QHIEL:WSqPN/yY/hM/uDDN3M0uf8QHIEL","tlshash":"6b816d4ee6957293a0d8553441fdd0af7894a3aafe12c80d32e01cfb701c03ca60bb64","first_seen":"2026-05-30T07:41:04.602004Z","last_seen":"2026-07-04T10:40:29.249312Z","times_seen":24,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/1a66a976dcb87ccc0a36974e624f942f.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.780Z","timestamp":1782998860780,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/1a66a976dcb87ccc0a36974e624f942f.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BUyKLksR.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:37.535Z","timestamp":1782998857535,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BUyKLksR.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:37 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-1684e1\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1475809,"size_decoded":459107,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (18409)","md5":"a08955dee00d8f4325a522566b3c080a","sha1":"49dc003549c8ea2a18182dad6615e920d2fa1b21","sha256":"f953a6310e604bb18a0ff68597be57ed842f49e9c6e45c32dee0489d5ebddbaf","sha512":"075dc1a8a80ca6b72a746794840ca3b23922187b1d54e37fb0305f9d115242b08df3d3cb1ab1d186f95fbab6ada931d823586ff9294089902ae38be97dab0ad8","ssdeep":"24576:qKCRtvDUqK1K/+Xc8xH8Vpe6hNuza16FaUcEtW8Tj4xQX:qKCRt4H1K/+Xc8xH8Vpe6hNuza16FaUx","tlshash":"67257cf8764674a507b7d4ed406b0c02fe293b53b40ec0d4f1a999a639b0729d6b7b38","first_seen":"2026-07-02T10:56:16.464885Z","last_seen":"2026-07-02T13:28:16.71707Z","times_seen":4,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/RoulettePanel.CW7xiG3y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.869Z","timestamp":1782998859869,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RoulettePanel.CW7xiG3y.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-1aca\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6858,"size_decoded":5161,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (6857)","md5":"462c3cdb39c9d4d2ce6f0c9f95402f93","sha1":"e58b9e2faa685aabbc9fbd0a8440685f2feede80","sha256":"126b55bfa235c62993b6211c913316878d046bbb54fd70faca462e25fa12df08","sha512":"5908641014adc4ac955f83c937ce879663e29444fd089fe67dc35c77ebefae6ed2c3b31b27b6f22c16d362c03012a93cfc88ee140384eaf30fe1667263770a37","ssdeep":"192:yMdFrVAkPRTVQFUR4NXsby7yB3bex4QTaC2r/6AR9V4Bs:yOFrukPvQK4yTpe2QWCY/6ARLCs","tlshash":"25e18ec9f545883708a726cb65e5504cdd0ef65f827e5ed0f1158ab02bb2c39fb1220e","first_seen":"2026-07-02T10:56:16.417121Z","last_seen":"2026-07-02T13:28:16.718632Z","times_seen":4,"resource_available":true,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.Crplw9yh.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.874Z","timestamp":1782998859874,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.Crplw9yh.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-52f\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1327,"size_decoded":1159,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1294)","md5":"9d0f6e6a5d97958bc9c5dc281a6eb544","sha1":"da030e26f1de31d481c9ca26bcf67ae0d3c36cc3","sha256":"9999c12ddb7d3a649c390d4a950c65b4abec6778dec8600196bf76b3d217d4cc","sha512":"13bb3411d0a93a8ae4daf801d19aa63b06c2b49c7d7e212a8e54ec4c6493128b8a8232f8dc920b7d94feeeb8dba1b1d3da00e4031243343ba0221720491fdecb","ssdeep":"","tlshash":"8c21538eb1c2a1710b3f8598e8918631f3327329d7a5cda0ca9e8e1942d1146e16fb59","first_seen":"2026-07-02T10:56:16.485515Z","last_seen":"2026-07-02T13:28:16.720347Z","times_seen":4,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Tooltip.ByEi9YTe.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.925Z","timestamp":1782998859925,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Tooltip.ByEi9YTe.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 969\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-3c9\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":969,"size_decoded":1275,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (968)","md5":"9c2c0847a6d634c1cc82c3c5ae6b51a4","sha1":"e09dfa30b2fa5490ccbd628d3a7af666fa33e2ed","sha256":"1fbc9862f71425138b62fad8128ac1311ed247a7e5ded0fe32cf7a4cc41ff4c5","sha512":"d3aa99b7dae3e2b7254673251cb41485fd4ede406dfbf4647b781b9f8bfd3cdff148c67c63bd3f76407cae17d5fcc6ed093c77fd60987a3f6594f10dc69ae98d","ssdeep":"","tlshash":"4e11bd1de88184b4067a30cde43a0a10fb172749f85af182fe37999a6145f82cbb5e65","first_seen":"2026-07-02T10:56:16.401789Z","last_seen":"2026-07-02T13:28:16.721983Z","times_seen":4,"resource_available":true,"data":null}},"time_used":502,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":502,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.ChlfHcMy.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.934Z","timestamp":1782998859934,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.ChlfHcMy.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-1234\"\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4660,"size_decoded":1604,"mime_type":"text/css","magic":"ASCII text, with very long lines (4659)","md5":"f72a9bcb12754997afc6ddfaddc7d410","sha1":"816b6c648ff7bceccc83871af5a82fbb3e0e5c97","sha256":"8320bd9f01d21694e5091c718808447bb5e609bf1040761c3d66a1af8570cc51","sha512":"a268cc8063b9b581d411b6c678ceced5d8b0d4795ff4f115a1daaa8d593ed6fa69047b320990fccced24b84935bb5422e463a1be22182816f8a5b95c410938fa","ssdeep":"96:QrH3Kcmumhoz9J7NX+BYO11ZBDyACPhbK683AzF:Q3rmumhYMK7AE","tlshash":"81a11f61b0ec606d3e2fc35868c2de6f7109f1e39f121d4cd55da2fe8ad2ba63562184","first_seen":"2026-05-30T07:41:04.819383Z","last_seen":"2026-07-04T10:40:29.375503Z","times_seen":23,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/search-icon.DIGhTt3w.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.074Z","timestamp":1782998859074,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/search-icon.DIGhTt3w.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 809\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-329\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":809,"size_decoded":1115,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (808)","md5":"6562ae070b30df17151b7741e9b647aa","sha1":"fd2777a192db31cd89a8c797a7e89e9996988d26","sha256":"4662c08aed38a315db3a21e5f50f1ec96c0e005dbffd8075ec2f409deaf37f4e","sha512":"000603cb8e2dcdc027387ffdb3efe5437a3b7521671283a56e2a900da9518e784d3c6d3c88a917409630e3a40954c397c2da5ce83b0552b419881e75d17be189","ssdeep":"","tlshash":"0a01f5be420162cdd035cd2b2d267c41d0b624fb0d7542faead27254ee631d215f9e1c","first_seen":"2026-05-30T07:41:04.713371Z","last_seen":"2026-07-04T10:40:29.22494Z","times_seen":24,"resource_available":true,"data":null}},"time_used":338,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":338,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.DXyPm8yc.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.126Z","timestamp":1782998859126,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.DXyPm8yc.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369a-1701\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5889,"size_decoded":1840,"mime_type":"text/css","magic":"ASCII text, with very long lines (5888)","md5":"416c7360cc77b2c15ae131cf1f472c3c","sha1":"500688c454b5d8f7f72585dbeb9c0e55dc07413b","sha256":"3d309ca9cbe6e74ec35a0e509ff4eb3249667f4b4e0aa91e50b28442697b8301","sha512":"9302b17abcec0f7bb6b675c0bb8efcbc9f8a4f2269d43fcc42e25f23c409bdbd55db03dd8810754f173674ad7addfbd3cb1b0aed9ceac704ce6741b95c1b0f9d","ssdeep":"48:kkv3+Ho6+/r8VRpSmmVUjUI4VDmH/VDmHyVDwkoi60kihtEjvDCzfOzycVWBzeK7:km+HoB/rElMUobwtBwL2Ua","tlshash":"d3c144526a28282c7133b705e8c41a7c4b2cb35357633d8d73292fa75b8735b2a7764b","first_seen":"2026-07-01T20:44:48.039462Z","last_seen":"2026-07-04T10:40:29.212757Z","times_seen":11,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.-ONo_44g.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.896Z","timestamp":1782998859896,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.-ONo_44g.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-2f97\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12183,"size_decoded":4987,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (11750)","md5":"d63c16d9626b07181e2c00851f96f850","sha1":"3095643d2a763ddd5609b499566cff5b183e79f8","sha256":"885c20e4763f2e117f7d3c81bcf05891a7a103e601e1f7e1d1a417377984d113","sha512":"ba5e26aba0d05a7f4ddd8244b824ff30038bacd3e7cc2dc25440448626c338498986489f506039e08b1ff1c29e6caac0469ed95be8364c001540c09108e7239e","ssdeep":"192:6Ttwb7fcGPMgdyk3J+hsqapJ4xMsRd2wai0h7H9SR29oY9blsdC8jBAfDquEvdnA:ddyk3jEpRd2wai0h7H9C29oYtGdCYB8f","tlshash":"8d42193c744a96ffb973c46855a48402706a7b3ddc4898e6e0af1a1299cbf3045e47fc","first_seen":"2026-07-02T10:56:16.441668Z","last_seen":"2026-07-02T13:28:16.730238Z","times_seen":4,"resource_available":true,"data":null}},"time_used":376,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":376,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/f20584451c4dc7e17cca05daaa538851.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.760Z","timestamp":1782998860760,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/f20584451c4dc7e17cca05daaa538851.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.lS0Y1Xj4.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.907Z","timestamp":1782998859907,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.lS0Y1Xj4.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-bcc\"\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3020,"size_decoded":1043,"mime_type":"text/css","magic":"ASCII text, with very long lines (3019)","md5":"b9fbaf3e803cc55a459aa0a5f6a1d4dc","sha1":"ce69c79c09df9ae9c2606b659edd0527e0f55e55","sha256":"e47727f1ed3ac296a45f4212bb90e17b1ea4ea2fb92675f581043a9cf5851913","sha512":"82cd95638a06e8de6ad6478fc322cd4731227c91fbee5899791f847de981d5e541b66212c4f46b6e4c25d47824680d31905fa68a801acdbe374816b19788a109","ssdeep":"","tlshash":"2e513c227c69763f253bad37b96a7a183235fa81438315d1dc39838c0943bb56a8b10f","first_seen":"2026-06-24T13:33:43.078853Z","last_seen":"2026-07-04T10:40:29.402987Z","times_seen":15,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Baseball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.026Z","timestamp":1782998860026,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Baseball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6346\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: JLGTbm6v3vRIJYX73Cam8lOs99.vfhFE\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"e689c24578b5fe13eb187324f803d274\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: INFNvhWDgSZZd6b1o10nGigDyo4WtINEG61dNmhbYlNx4iVFKd8mgQ==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6346,"size_decoded":6913,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"e689c24578b5fe13eb187324f803d274","sha1":"e5e9465c086c197d95dd3997c95ac1f24c6b58ce","sha256":"a6e34ec2119c34a05c2f89f1480332f49ec2c83ff638c47c97f2233135de0d96","sha512":"7a65f8fb35796bb54984677563c9d79539963a634d2c1fdc2a9878219cd4900a2dc59fb34cc9773bd55596bbe7948522e5c4b4f2a4b430f2665385a4e152b5b7","ssdeep":"96:FS165qNYhjvmudKEW8XGVijlEOzOOjY0V0WBzUvWDcWuvorvu8S1KCeepEwBHUk:FSmq+hrt4CGVijyOpHFUuw1vorG84xz","tlshash":"34d18e6f3245be977c17f3b237592e247c53e6fb05c0616de5e0a82c8252d60e05a689","first_seen":"2026-05-30T07:41:04.71002Z","last_seen":"2026-07-04T10:40:29.215847Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.D6YO2Jyq.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:37.537Z","timestamp":1782998857537,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.D6YO2Jyq.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:37 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369a-26b83\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 02 Jul 2026 13:37:37 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158595,"size_decoded":29876,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"9639c5170703e588407d9c4fb578da13","sha1":"4f9f4e0ef578dda19e7dfaae7945388255fd83dd","sha256":"2bae917f20ec46f01f6e87205fc2b7deaa661943e82b998062d46c60660d15ce","sha512":"9d3e3bbbe82c6804a4c7b595d3fb77fd33083a625340a802765abb4c90ab64190b24194a3fd42494ffe4935f0d791af819284fd28a9aca9e49e3c29dc4a5ab14","ssdeep":"3072:2ciSp+SnQNqvMVLPjfV/GJqff9zq/tgFn9uMJBN5pH2349B6jXMoALIMSITqa9eL:VpFnQNCMVLPjfV/GJqff9zq/tgFn9uMC","tlshash":"57f3b6616628603f7c3b90f2c1f4ac9cb21bf682df2615f5fd4951224ac26fa1e76b14","first_seen":"2026-07-02T10:56:16.36411Z","last_seen":"2026-07-02T13:28:16.740847Z","times_seen":4,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/site/f/sitePageConfig/queryList","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.437Z","timestamp":1782998859437,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/site/f/sitePageConfig/queryList HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 93920\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":575629,"size_decoded":94357,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (40898), with no line terminators","md5":"fe3693fdac258d398cdc8dcef866a34c","sha1":"92aac26b1b7af402dbbb8f05367e685015bc5787","sha256":"ba925311a4bf10b7543aa1abeb3d86256e0b11aa170b2d6603a19e9f51f61d54","sha512":"d67a139f231a75abec2267903dae7ea0da43d5288ea7bf48746248e6dd363ce659267eaf30d07281ae8114ce50262c1463e4780f21dd0a3be754f97ee5a4c166","ssdeep":"3072:M4HjkamEE+bPFzoNKI764j3zeJOqpa15Yt6eIwr3YfCKD9fHeK63VOwlhRZEjECi:7FzoXzbqpa1lBz84jj2","tlshash":"f3c4dd21c3b5e4058435d5ed927b276810d4430eef135d7eefe8abfca98e419392628e","first_seen":"2026-06-24T13:33:43.080963Z","last_seen":"2026-07-04T10:40:29.404253Z","times_seen":16,"resource_available":false,"data":null}},"time_used":670,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":370,"receive":300,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/92a8bf2c433c6be6777c989d16d46050.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.763Z","timestamp":1782998860763,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/92a8bf2c433c6be6777c989d16d46050.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.lR6p3XQv.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.905Z","timestamp":1782998859905,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.lR6p3XQv.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-c1f\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3103,"size_decoded":1746,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3046)","md5":"0c3a5cd74f5dea68e76cb62a2f2b74ce","sha1":"ae9b3465f6d307625273db2bf15c84f62b1e4bab","sha256":"ae2f73440f6f7d1ac5a8794a62a7de951762f49ef2f4e65524d865d29bc5cb5a","sha512":"5fd6a1b2759aef7459fcb98132eaaf9f3ce23ca419a1c0436b77a52bc2878062474f4300e71dee806ecd9ed9b70a9aa110df38768e5a2a08e5e619a20e01641a","ssdeep":"","tlshash":"fa518366b83d8db8f2731cdd70214518a2091e4ee1626dd5e83a17aa2c07fa1cbef518","first_seen":"2026-07-02T10:56:16.491791Z","last_seen":"2026-07-02T13:28:16.745652Z","times_seen":4,"resource_available":true,"data":null}},"time_used":369,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":369,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/site/f/siteConfig/query","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:38.964Z","timestamp":1782998858964,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/site/f/siteConfig/query HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 4820\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ndefaultlang: zh\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11216,"size_decoded":5273,"mime_type":"application/json","magic":"JSON text data","md5":"b8e8457cc4077d2cd9efb4ba5dd6e5f1","sha1":"e562f2483efe73e92e8ed3ff195e0f6d9dcf3034","sha256":"8e290ba97ef77f8621dce23ef49914a68c64542ebceb080f6ddc006d2d1746c7","sha512":"3fe642500f235457c78db618577140c9d1743484f607b8b5ef3275586f2f44959d44dbdb0da80ea287d025d56c742b5411bcf7914a3a0d2dd2e0de30ee022445","ssdeep":"192:tsCfkWrWOMM+V1wAwgxBkePKRcDwXhovOzawEwZOmcKMin8h3mT/ggCDdmt9W1:ucrWVMotLBkRLhovOijmRzjVCYtI","tlshash":"3032c70b43cc9ca88b4a13c938affa5895881a47c9c0cd95d3dd6e6c97d5e73321721b","first_seen":"2026-07-02T13:28:16.748448Z","last_seen":"2026-07-02T13:28:16.748448Z","times_seen":1,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BejMyTa9.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.917Z","timestamp":1782998859917,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BejMyTa9.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-3d85\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15749,"size_decoded":8136,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (15510)","md5":"895cf052a4d7d87a29a2c919f3cb4f9d","sha1":"61866d6ff358efd9b061bd24526b3b53bcc62dfd","sha256":"57f945d4ffb6fc107c18583326bd16de8ff5145499caa615fb44600fe23c54ea","sha512":"a326243fc7beef93e719d307a96246edf0cdeb895caca566f63b830e6f6c59f2efe55c3673720ff45a9362b4c1f20e27beecca81102b7bbe5914e879130b82f0","ssdeep":"384:Q14/30e4n4WQlTJV6qQT8lzaAwwVgXbRhwkDO:Q1fn4lV6BToaoaR6k6","tlshash":"f5627c1f710ba63ea67149af92720d0191218f9a8562c9f7e0ff4f181a16cca6b8d70d","first_seen":"2026-07-02T10:56:16.4374Z","last_seen":"2026-07-02T13:28:16.751023Z","times_seen":4,"resource_available":true,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/RadioGroup.B82Mo0VI.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.924Z","timestamp":1782998859924,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RadioGroup.B82Mo0VI.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-2e19\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11801,"size_decoded":3900,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (3633)","md5":"538961b3ad8c5868f05d050d57e9b504","sha1":"e5895006eca34c7e3f5a1cdf38e29cb2c2b3f623","sha256":"307d6ba7c27e848f6a8a69a658944d5ce01c0f7d3a5e9cc93e7cee9a52c0cd1c","sha512":"5445300ef013fa6e42f56a3ce758a5b6e0639d1c06960e8f1f295bceb1721e5196790f96fd06319b423574a425a0fc74c3243ee45ff8e82cc743853a5db2c01c","ssdeep":"192:SD78MyN7VgL4vpCynbZ8ND6DQnbAlpXJefMef1e:SfW0RNDFnbAFefMUe","tlshash":"d432c6fdbe09a1783eb3c695938b424a33047992e712d4e0f4a3b05012eafb9955bf15","first_seen":"2026-07-02T10:56:16.418014Z","last_seen":"2026-07-02T13:28:16.753039Z","times_seen":4,"resource_available":true,"data":null}},"time_used":499,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":499,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/d0fc6cb72be725744777cc1e7bd7e247.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.751Z","timestamp":1782998860751,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/d0fc6cb72be725744777cc1e7bd7e247.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.KcHXIBN5.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.125Z","timestamp":1782998859125,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.KcHXIBN5.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-70b\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1803,"size_decoded":1461,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1658)","md5":"726c773216ecd1e6dc5af1df8e23bc25","sha1":"6eff5e502d3253ecf7f4f747863e0ebbbfdd3e9c","sha256":"04c657b949627ac2a754d34fccd53ef004d9d2811762f178ef7ce85d70d17e65","sha512":"3dbf0bb96f626579ddf0b1f527dd48361898b3c707c128670141d0e37833bb068378d816da2be5f22f41d894d48eecf5ba66e15709a1847de1d27c8d574da6d2","ssdeep":"","tlshash":"f531790a1929977f77178814f4813192604c7f56d023cc76d1b11a326bdb4f4875a727","first_seen":"2026-07-02T10:56:16.407315Z","last_seen":"2026-07-02T13:28:16.755185Z","times_seen":4,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top3.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.499Z","timestamp":1782998859499,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top3.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 20978\r\nlast-modified: Thu, 14 May 2026 08:14:17 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Wp3EnskFKX9AG_zoCoqHyR4rV4mhpaQf\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"8e1de03a2dbbb630efb01043ee6fc2b1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: JWrKrSxtWAuUVuUY6OTSCyHDfhbxnd3ReYmsIjdxyPy3hZBn0enoHA==\r\nage: 3407\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":20978,"size_decoded":21546,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e1de03a2dbbb630efb01043ee6fc2b1","sha1":"7bb09b5bfa88cf843101a9b61972f863309cdcc3","sha256":"2271b2c45b6d60878d05ef3515f25315d3ff8852f257d2735c65b52c7842816a","sha512":"259c7f9ab14719c7242fe4109c25c743ccec308e3bf946b11f40b5a25a08af3488091c233b86e6a9262d9c0358f5d8784c75db5fc4fa378eace8b92b97bc69aa","ssdeep":"384:CCorrDChVYFRAjwJx2qtxCeXyyxaPVKXIoxkPr7TQKweEMI2/vKJb/oY1pcza4Pt:loPDEFCnMeX5xaPVKXIoxkfcTeEMIiSw","tlshash":"8792d0b7b362180fce4ec2230d7ea5427066a2d1615c99cc0f1287a6af6b1945cef362","first_seen":"2026-05-30T07:41:04.807809Z","last_seen":"2026-07-04T10:40:29.142376Z","times_seen":24,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":2,"connect":2,"send":0,"wait":10,"receive":0,"ssl":215},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.BKfsIFjo.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.900Z","timestamp":1782998859900,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.BKfsIFjo.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-108d\"\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4237,"size_decoded":1214,"mime_type":"text/css","magic":"ASCII text, with very long lines (4236)","md5":"9066edfb2ef03eaaf608a5cf3eac29f4","sha1":"1ca0a2f92f415a0facd9ccb6e7a003786ec63fca","sha256":"0b90efb387fc389ea270a0ede4fa5f6b7265c5380aaefc174a9833721cbb9b1c","sha512":"2d6878a68f3fd0e80d708a9624e1ad0086076c22e26d8bae95fe10161a71c2933d1d7c519fa344c14906baee9edd67f9f2f6171fff8e41c90b2e43a1789d5111","ssdeep":"48:gv7BzEsg4s+7sfTomH8eFOjw4jPnjRHTk1OQWjAAkgi6kACmP:m7BzE4VheFGYgQWjPr","tlshash":"2e915b51b9d4a03a265e672d97a17a38963cf134c3418ebac534f3600a423eb72b785f","first_seen":"2026-05-30T07:41:04.741135Z","last_seen":"2026-07-04T10:40:29.222264Z","times_seen":23,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/d6166d5b9f7f6b3e05bc245a162246a7.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.775Z","timestamp":1782998860775,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/d6166d5b9f7f6b3e05bc245a162246a7.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/dc981ec5e070e0d5fe096b99d2662710.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.791Z","timestamp":1782998860791,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/dc981ec5e070e0d5fe096b99d2662710.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/FormItem.BMLzGa-L.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.899Z","timestamp":1782998859899,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/FormItem.BMLzGa-L.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-83c5\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33733,"size_decoded":11202,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12048)","md5":"dde9b66d24fdb724c1847376ab49b5d1","sha1":"4c3b3eb1a32780a661be40c2450548d0eeaafb77","sha256":"e853a17eb58a1e4ea30834c1dbc581912299c21daaa32f2452c0a7f0557d29ff","sha512":"38f8f6f251e95dbbe99c6cef547160070a826af29ae2243b9656b2179f3257090588ad7ce6352b32634ede29a582321b0c627e2125c230a70d58419d061085fc","ssdeep":"768:N/wxlD1aJPfS4fS6jjl5HkWQTejie+meYeJe+Ve+3e+Ce+LeN2e+ye+kej3eA5ev:a1Kdt2QlU9mijZ2ZyrjdgeLbq","tlshash":"b7e2eac872d8b05c8ba354f1905b9417b22bb840982ed4c1f76e98f26af4a5d1763b3d","first_seen":"2026-07-02T10:56:16.422781Z","last_seen":"2026-07-02T13:28:16.760819Z","times_seen":4,"resource_available":true,"data":null}},"time_used":370,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":370,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Snooker.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.019Z","timestamp":1782998860019,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Snooker.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4355\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Nq7dFskxwawJXxWn03kwdw5xfSwHXiLP\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:10:53 GMT\r\netag: \"7cc0482f9890c7de33726b9546339258\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: IFEGLotEaslQ_xMJILf8K0FIg8gyG_5x7pjstsZpnghWllrtinWeLQ==\r\nage: 4608\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4355,"size_decoded":4922,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"7cc0482f9890c7de33726b9546339258","sha1":"57d4628ac073427c44cdecb84eb3b741f0cf8449","sha256":"bf6bbdf6a1a0914f2197dfef8364e9da5ef040d1230b4198856fcb0cfbb27e21","sha512":"134bd45735a2779591105a86047074187f124cfd717ca7688655b535c52e03c11933ae7b65527b9dd79dbca7f6c29a1e09301e03395f2b5e8b74c20a167690b0","ssdeep":"96:87SmEe8KwmxAB6926Bc/Axqdwjy/Wc/eLXuVJXns/rPPS9Pw7o+IUQ:WSnKhxAY9G/1dwW/n/ebairPPS9zZ","tlshash":"07918ec3037a8dea264d87361a24531b94bf5813d8f5765288761c4c20bdf1291d3e6c","first_seen":"2026-06-24T13:33:42.973967Z","last_seen":"2026-07-04T10:40:29.36223Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BChfUJip.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.902Z","timestamp":1782998859902,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BChfUJip.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-8603\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34307,"size_decoded":12382,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (30614)","md5":"d952e00aeca39e7b7884455c925f542a","sha1":"8e04b79c0d59be659fe3707cd31608ac96d80d80","sha256":"d1711990c6774d6d54ccb62519d06a6d4aefc09c321ac62142ec0a401c97b38e","sha512":"e7927cd3fdaf3a159b9e767a599498943264c5404df2cd7a9b339ccc9aa15ba9f7955b93624bdb1bf7a249dacc1deb0358b97bc74ae602e048954a127a05b68c","ssdeep":"768:ToQoVJBBn/LhRVlUBH9M0aKKmKF3hRtFanj6F6bf+Qht0q/Wcff46aU:T0VpVOBpeh8j6F6qQws46p","tlshash":"1ff2385cb0256a7de3b79485703a204492292f9cd820c8d3f5bf8c7127c9e6827de7b9","first_seen":"2026-07-02T10:56:16.478504Z","last_seen":"2026-07-02T13:28:16.766172Z","times_seen":4,"resource_available":true,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/3cd387058abb6c60bde0902da3a988ab.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.794Z","timestamp":1782998860794,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/3cd387058abb6c60bde0902da3a988ab.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202511/af7b43164a484b7a938c856e7480ae0d.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:41.374Z","timestamp":1782998861374,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202511/af7b43164a484b7a938c856e7480ae0d.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 20029\r\nlast-modified: Mon, 17 Nov 2025 13:04:09 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: MYdF8MSPSAB.83AVSyWKBRsIX5IH4vUv\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:43 GMT\r\netag: \"9e2d8609aad8fb25842bf56204aad01d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: LLKFYZwLO46ZUqDBOD1yr2xz7-qq_GRqyP51hTndFDjdRNs50QQeTw==\r\nage: 1288\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":20029,"size_decoded":20597,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit colormap, non-interlaced","md5":"9e2d8609aad8fb25842bf56204aad01d","sha1":"e9426048236ae48b1c3c9557d606ce1d57ebcca5","sha256":"18dc58ad5a3070cf9fdf70fd02cee7814dac6e25433adbcf5ade253dc60d1ee9","sha512":"9dc725c373790ced3079891e16dfd64783b697ea58f5d0590f9f4d2a70646f2f95814c993b0c67771a3774704a24d61672e7235ca59f10052bdc989de44dbc2a","ssdeep":"384:zTFjDCaVAwDuWSVyF0hOvTCuAHbyOaUzNdV6ueRp3fo6YkrpPUQal9iYyJaxkEy+:3VtVNFSVa0ovTFqbTzNP9gW6YktPEl93","tlshash":"6492d0c9bdda6b4a3d769c0c7889b07b036b3f1ed0811b45491a957ece33dd4291abc0","first_seen":"2026-02-24T07:43:44.875416Z","last_seen":"2026-07-04T10:40:29.254107Z","times_seen":22,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bet9837.com/wp-admin/.wp-languages/.wjpl95qv_mlr.php?amp;t=20260425\u0026cdn_recaptcha_token=0cAFcWeA7w2xvD7kMu76paEB9kjhI0K-xM8-kiOPJhXa5B-SE0djxkIf-eqQEASWJd2JZ9i7-eWdsStnTftF0uZoO5hWMmavGIdgWPmTafxyJMcLhBbPQqQjJRCVU9ScyWU9FmvXRzk3ksL6SynBqXg2OcVrnfU2mNZDcTUZh-1Rrm9vNeOj21XjbhAZlRWYURaKCjnuY8XGoQbMqXlxwBzgLDDH","fqdn":"bet9837.com","domain":"bet9837.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T13:27:35.792Z","timestamp":1782998855792,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bet9837.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"38:A5:DC:C5:3B:26:E4:6C:10:F8:71:12:7B:76:26:09:A8:CB:0A:95","sha256":"C6:39:4F:6A:E9:12:2B:BA:F8:F9:0E:87:3F:86:28:72:C3:44:D2:AA:52:0A:F6:F3:40:03:3A:CB:7D:09:03:6B"}}},"request":{"raw":"GET /wp-admin/.wp-languages/.wjpl95qv_mlr.php?amp;t=20260425\u0026cdn_recaptcha_token=0cAFcWeA7w2xvD7kMu76paEB9kjhI0K-xM8-kiOPJhXa5B-SE0djxkIf-eqQEASWJd2JZ9i7-eWdsStnTftF0uZoO5hWMmavGIdgWPmTafxyJMcLhBbPQqQjJRCVU9ScyWU9FmvXRzk3ksL6SynBqXg2OcVrnfU2mNZDcTUZh-1Rrm9vNeOj21XjbhAZlRWYURaKCjnuY8XGoQbMqXlxwBzgLDDH HTTP/1.1\r\nHost: bet9837.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:36 GMT\r\ncontent-type: text/html\r\ncontent-length: 162\r\nlocation: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971?inviteCode=48093\u0026cid=36\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":440,"timings":{"blocked":-1,"dns":13,"connect":142,"send":0,"wait":138,"receive":0,"ssl":148},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"bet9837.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"bet9837.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.vue_vue_type_style_index_0_lang.Cibi7dh5.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.923Z","timestamp":1782998859923,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_style_index_0_lang.Cibi7dh5.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-126f1\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75505,"size_decoded":22809,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31787)","md5":"80d1218efd0efbcf5dea4367e60bca0a","sha1":"8a4c873f89b5c5f0aacbb7c7c32148d5e752ddb1","sha256":"bdaef750a0f9b3f731af78d45babd00ed227385dbb46c586d2994d647f8d0919","sha512":"23bd2205c8dbd4a7381706e3e05d7391e7cba22ae4e667e0c0f005858a25d53fd2c8c1d29d09db860b7698de74edf58c487c546c266fde4cb1494b5b5b1bc68f","ssdeep":"768:A/P3757ET6nycEPF7WOqFsV1WtNhD0tW9kMBiz92Q0jJCLEUEJBaZUkN5V68UWEN:AntwskhnWdYBAQvL5Vs7ZuYV","tlshash":"dc730a98f60ab07152f7c9e9d0af864963163782a704d1f0f0b69c610692779f0abf7d","first_seen":"2026-07-02T10:56:16.386266Z","last_seen":"2026-07-02T13:28:16.772902Z","times_seen":4,"resource_available":true,"data":null}},"time_used":499,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":499,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/2520f957bdfc0d4afe4fbdb4988f7468.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.792Z","timestamp":1782998860792,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/2520f957bdfc0d4afe4fbdb4988f7468.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.DQuttiJ7.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.847Z","timestamp":1782998859847,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.DQuttiJ7.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-1578\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5496,"size_decoded":3557,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (5479)","md5":"9c1b07371faea72b53a30ddbd3c95391","sha1":"7ebcd004ba99fff8bc8dc357c318205e6b0d2ded","sha256":"a6356923d88f2b2bb53126f918ef3c0382399002242e4144c7d540b3305762dc","sha512":"65cce55d2d1d3d01b9f5e398664ba3f7899a14458b05beb8674172596ef19978d082c96081d250141a8845da06e49e78acdff1b821343e5a7a7e2010153d05f4","ssdeep":"96:khxkhM3vivdhRFp/SIBI0AiTYNobk/Pdj12OpoqETxqH1by1nj5aXj+60gFdr:2kefk9pt3hQtjwO23khEGK60ur","tlshash":"b1b12a5870162738ad77c54c2180995a9d2b7f41aa10e8a071fd1a272ed1ce1df6f3ec","first_seen":"2026-07-02T10:56:16.409447Z","last_seen":"2026-07-02T13:28:16.774767Z","times_seen":4,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.-SDXPTxC.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.929Z","timestamp":1782998859929,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.-SDXPTxC.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-dda\"\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3546,"size_decoded":953,"mime_type":"text/css","magic":"ASCII text, with very long lines (3545)","md5":"efb83fa85b72d7a6e5ce5eaf33da0e4e","sha1":"9bf7d9c2776f1177cdf72ae570802617390bb71e","sha256":"0c6b3f3dbe99e74f0bd872f05356559811e31d809813fa7aca629f121e1ddcee","sha512":"9874efb9782feed06474937c2c5ae188ce2d9f398b12fe5b34e46704a6fd97eeb278b37a680a7bbde0a9e5b3dd03b4b45b332392ab9948e7340969ff3a8543b4","ssdeep":"","tlshash":"d3718f92f39738172c77cd929105baff9f6e3b435a0b4875a07122a96382bd23514f36","first_seen":"2026-06-24T13:33:42.965834Z","last_seen":"2026-07-04T10:40:29.223669Z","times_seen":15,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.QGme8C6I.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.932Z","timestamp":1782998859932,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.QGme8C6I.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-978\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2424,"size_decoded":1603,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2385)","md5":"7e23409fa8b045a72ebda7eae32c3342","sha1":"83bb5b70272de7706a0c6fb3dd3b594b0fc94bf8","sha256":"b763f889deacb6c42e43628400d75b778edc7c276f5b7996923cd02267371cb7","sha512":"8970070bf9a83ed9796d6e95bf2fc791c15838310519ed028133c64b33826690ef271f4ab5e0aa084ab9e0a12c1cea0aeee0f7b54543241846099fb8d58a9591","ssdeep":"","tlshash":"3641c7e3ec6d887d58738454b0c20c61a90e3f87d02c5e579079edb567e2c307a0e4a0","first_seen":"2026-07-02T10:56:16.395472Z","last_seen":"2026-07-02T13:28:16.77803Z","times_seen":4,"resource_available":true,"data":null}},"time_used":491,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":491,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Darts.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.036Z","timestamp":1782998860036,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Darts.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6566\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Ct1J6UcYnaNecgk5OdvGyvx6ITjpNN1n\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 11:37:40 GMT\r\netag: \"acb74aa8dfe6199601a3cf060fd783cb\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: WPJ0X8F1SDRuxg2XTb2e6rXcBVuj66WmM26ssS5DmZA9RseHQMw-yA==\r\nage: 6600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":6566,"size_decoded":7133,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"acb74aa8dfe6199601a3cf060fd783cb","sha1":"45e6abd19f8e015ef48af23ef6b33b37badb7cc8","sha256":"3a1e633671368a2e03d10ef7158e9ed84e265430ff646b987b4528b7dfca3302","sha512":"13b2945e0378dd0bdaf636120dab00d595cbe1d87606fc39e576ec4ad0bb86010d3bf0db0230c45cb5cf68ea0dddfa88b523a90c59e1362c0346a77b9278da0c","ssdeep":"192:WSHJLzO6Sdh3GJq4Y3bVpXchJvDUjIEQvpd:5HJLzOndtGUL5ShJYjepd","tlshash":"ebd1afd7dd45125608b24a33a1cf7bf8a3b74dcc88ce8916d5f700b0941a30b1badac1","first_seen":"2026-05-30T07:41:04.856416Z","last_seen":"2026-07-04T10:40:29.173606Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.496Z","timestamp":1782998859496,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 19082\r\nlast-modified: Thu, 14 May 2026 08:14:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: S39LZ8NSmlDenJOFtG0zb6.hOch3VV0l\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"89cf62dcf1f3b745254d922a4183a8a8\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 9V7K7Q6Fn9GZt3ABlJWjkuUBgarBQ7dzuc0jTw2kUdQ0w5_AZKEAUg==\r\nage: 6132\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":19082,"size_decoded":19650,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"89cf62dcf1f3b745254d922a4183a8a8","sha1":"4ecdf9286bad59c3ccb06b769dae7263437d7921","sha256":"53970ef4b20c0107f9bce41f75957df2c51a6f10729036b594439023b641c3b6","sha512":"689d0375a37b75f4b5b47bde60454de99ffd19315720e4d30bc15f4d00060b89c5c5d7340e1181d45e052edef7b75b690cebf0e5d5e13521b458626ea223e8e0","ssdeep":"384:Pccccczu6TRDbcKxiQZ1XiuLrLdv250/nA633Ycx6JJsshprcL+gSYDBOK5Kf:25cEiaPLrZvXAXcx6JJLhnghAY4","tlshash":"9282e1cb8e02ca5cdd1590de8938a2a11748c2b65afff4c0cfc518ea59565c03d7287a","first_seen":"2026-05-30T07:41:04.8457Z","last_seen":"2026-07-04T10:40:29.401351Z","times_seen":24,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":5,"connect":2,"send":0,"wait":3,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/video.Bv5D9_Td.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.091Z","timestamp":1782998859091,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/video.Bv5D9_Td.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 57\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-39\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57,"size_decoded":361,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"718063586df6dc66587fbd457ec5f4fc","sha1":"388405a35f553a05a7e8682e767b288db16c0daa","sha256":"c69902672eb03df339be1ddacada47060eb42bca1ccf5f5efdb38fba69a9aaa2","sha512":"260bd3f8c16fdb74e8548a50abb047a9dc2e77e528173048b63b42687413e0a27a9d4f15be052755de672c2238ce48b6304a6c2207e3f8a12168775cc75975d8","ssdeep":"","tlshash":"689002295c01836024954069af9289699411851a32750694d0160941a319456566c565","first_seen":"2026-05-30T07:41:04.641841Z","last_seen":"2026-07-04T10:40:29.390514Z","times_seen":24,"resource_available":true,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/right-icon1.Bx85-jIM.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.491Z","timestamp":1782998859491,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon1.Bx85-jIM.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 9960\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-26e8\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9960,"size_decoded":10356,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0734e5782f05c953bdd7acf2c595674b","sha1":"859e622c76447446235aac6a80c623bf3f7d036c","sha256":"baf1ad1337f5d52dc3aed20f35ffe1872f27831c347d161c9f9949919d5a6c4d","sha512":"3a89f46c686f9dabf6a0b49f6f59f94e85a5ad9c3cfcb3516faf2612d074cb6d1e205d3d875f4ab3d28e8eb2ccaa9a7768c52c7954895b596718116d0984d011","ssdeep":"192:RcSKais0fuCvtbbqTDBQH2AKbP1F8/9FuzgNQmo+uBnvOswKAUADX2ME:JHisrC1bBHiE/TuqQmojY3E","tlshash":"9422b7e9b3d0a3e0f50a97f4d42696a27b1f34bb3b64e7e4c2915c51b1270ec849cc92","first_seen":"2026-05-30T07:41:04.857739Z","last_seen":"2026-07-04T10:40:29.190151Z","times_seen":24,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.s6eepsFC.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.854Z","timestamp":1782998859854,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.s6eepsFC.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 154\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-9a\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":154,"size_decoded":542,"mime_type":"text/css","magic":"ASCII text","md5":"ec2a611f11eaeeef68430fe3bf973e25","sha1":"c38b814250f4c652ca7f1e772affaf6963726b6e","sha256":"2bcfdd096c6db4ff2f23c1a2f4899b8597dacef281c53d26f12239d0498466a9","sha512":"4a221eb4022bf216db98081257ad813077aab6cac07a90a6b24709be347b004a197e7fd60c90d63d84bbafa24fae193b238284d4a96d6b9546db478c2c7b0b71","ssdeep":"","tlshash":"c9c08c2efb661a084eb3c930ce8832c21113e65ed169418c44000e683886c3a1f425a6","first_seen":"2026-06-24T13:33:43.01355Z","last_seen":"2026-07-04T10:40:29.289815Z","times_seen":15,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/EBasketball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.051Z","timestamp":1782998860051,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/EBasketball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6644\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: zY5lwo74tzH_S_ox.IMkUtf92Bnx7Ke5\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"ba6037fdb293dcc9faf3bef5077fd92f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: XKkoqJf1EhWmhcLUGf3Xc5ACl--LGEfoDsnau29xs3bEIjL0_izvQQ==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6644,"size_decoded":7211,"mime_type":"image/png","magic":"PNG image data, 70 x 72, 8-bit/color RGBA, non-interlaced","md5":"ba6037fdb293dcc9faf3bef5077fd92f","sha1":"4c888bc8f1601c8611fe714c5467b42b9b375ed4","sha256":"19a7da1d4d8ecb8567756a395348745a24b1c7e981f5c5b18be519f38c80426e","sha512":"ad7c0807b59e8aac06fd811189294011c388e0759d20941c3da7a978f33f750f58ca57aa23837addbce4985b40062e78cd7c3359ce88947aeda81b8414e08ae9","ssdeep":"192:PSiLW/KlBV7Q6Ewj6usT7rhXawPZ1Aw4RYrtum4u:6iLyEBaJwOT7PZZ4irkTu","tlshash":"6cd18e4e2ce6dc7b541edcde1ff7b3f4ca324bd646c153046b657b01810256448eaba1","first_seen":"2026-05-30T07:41:04.801653Z","last_seen":"2026-07-04T10:40:29.19571Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.B-QZTiTb.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.930Z","timestamp":1782998859930,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.B-QZTiTb.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-f61\"\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3937,"size_decoded":1572,"mime_type":"text/css","magic":"ASCII text, with very long lines (3936)","md5":"3468fd367c2d5090ab1dbde39ab39133","sha1":"2557a1a34e1e6d34e9881be9ad2d260c3a0e4181","sha256":"1e27820352776c3d8b23ae8133e35f9e9ebba173296300611e1414cb79592629","sha512":"94084dbe1b7e937d9c56b1affcf45a8b48e9045646c682207b900208516ffc86ff0c17b9a6a9b501ede24809576c45a00fca596b058fa0fc8d4bda17c1bd3e52","ssdeep":"","tlshash":"4b81424126cb011a8877f753fee0c95e925df203ee374a8e7ad4649a85c32d138741e6","first_seen":"2026-06-24T13:33:43.000806Z","last_seen":"2026-07-04T10:40:29.366544Z","times_seen":15,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/TableTennis.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.017Z","timestamp":1782998860017,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/TableTennis.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4262\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: MDT5bPD6V_9S__nZLMNqc7j0roPz659i\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"d97da25317b1ad902b641881861a3043\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: FvTEa83SRIaXKc7essg1dfKoVwqdfV6qz7rfv7whd0-RN3qLFcZvMw==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4262,"size_decoded":4829,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"d97da25317b1ad902b641881861a3043","sha1":"43cab7f0d601e6ca7498c4067a3834ce2634d3c0","sha256":"3be50736ed5b4b68dacd9a3b286097246d7e0f498a468b1109392f5614687b46","sha512":"d6428863992ae0fc415055addace14ee07aa7bf8612d63157975f18c2e72a750e37c993ef65a69e863fa7cd07f4d85796f225127c0e240cd27607c97457711d0","ssdeep":"96:87SP/jtnXrt5+Yl++qwI8RgLnTxdVs4C9lrT349PdWWKBE/xZ:WSP/hbt53o9R9TxdVerT34nKu3","tlshash":"3c916df287377d2384680c64e09d43a9487466d66b65c2062f635c460a38153d3d6a78","first_seen":"2026-05-30T07:41:04.764265Z","last_seen":"2026-07-04T10:40:29.276772Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/GoldCoinSign.DNnReX8s.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.885Z","timestamp":1782998859885,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/GoldCoinSign.DNnReX8s.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-fe3\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4067,"size_decoded":2236,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3984)","md5":"68a2a8c97ce759604d842bd6afe6abae","sha1":"255f652f08a15a4b85aceb0ae80af6ccf3d55700","sha256":"cbd76a6e8ab905abda346d842b838cce49a3ece25b8efdb32a73c1abdfafb841","sha512":"c8821f1e99620d1b26fcb22725876d895c266b8822bf3b32bd0166bd33fe6fad23cacc85e895a565672fbd27e743df26880d9e47f03d24f3a2a21f3a0e05529e","ssdeep":"","tlshash":"2281955b7076a5b87aa75c44609480a3a20cbfeec0a4c45964ff483b3b87ce5974d73b","first_seen":"2026-07-02T10:56:16.392236Z","last_seen":"2026-07-02T13:28:16.803862Z","times_seen":4,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.Cb87T-p6.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.888Z","timestamp":1782998859888,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.Cb87T-p6.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 141\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-8d\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":141,"size_decoded":529,"mime_type":"text/css","magic":"ASCII text","md5":"fa0ce5514e807cb046d966fb57fead48","sha1":"1d6380788e17178a5fa1abbcd1b654ece292bc90","sha256":"3a963917a5e90eaa7bbb54ebd50bdd42295be33e1b2db8aa48bb8cf1981d9d93","sha512":"304c316fbbd54272aa4dcf20c0003f20087502e9cb1267b80acc1604f80032b64ceade0c39874d436ca4ae3a3dc94aeb6f54fc63e8e80e59f2e5c8bfc32d3fd5","ssdeep":"","tlshash":"1fc02b462a4c0806aa3fc150419371184708c668cac1cfdc533132e43d0ab2300325a7","first_seen":"2026-05-30T07:41:04.738135Z","last_seen":"2026-07-04T10:40:29.275984Z","times_seen":23,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/OddChangeIcon.BokpnN_E.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.104Z","timestamp":1782998859104,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/OddChangeIcon.BokpnN_E.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-4e1\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1249,"size_decoded":885,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1248)","md5":"051d5190bd8d1f25c7da0591b08a311e","sha1":"74c8e417cb168d2b8ebec3e8112752f30e794513","sha256":"a5b7564a7a83a42bc68604ec95d03462fa0b80db5ac4b9beb5e31ce21fa5c091","sha512":"a99bc4861ca9df18bc057e961b9cc8565624b97514cfc08a2483564160b0a9363db4b7f1d646db5b72349e580010cd806fb1b371fd507ec52afdaefba26503b9","ssdeep":"","tlshash":"2d21f49e5c4a8529dd69852b27225d56d42196a1cfcc28cf97c16631e3e006a3ac817d","first_seen":"2026-07-02T10:56:16.387312Z","last_seen":"2026-07-02T13:28:16.809494Z","times_seen":4,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/9def54b33984dea15b1416f27fb1ca8f.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.749Z","timestamp":1782998860749,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/9def54b33984dea15b1416f27fb1ca8f.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/7b0b1e3edb74f9b464ce9523f58323a6.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.782Z","timestamp":1782998860782,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/7b0b1e3edb74f9b464ce9523f58323a6.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Badminton.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.011Z","timestamp":1782998860011,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Badminton.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 3724\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: WstUMFXE9R_PIGvO3YZ..SEp78p9RT6g\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"2df89a45cd8eead917f1a04f760cb35c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 5AKLwsoZpDzB7vuEfYYXE7zaPlxOBou1FQDJBWc0RMu4YVyxg81KkA==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":3724,"size_decoded":4291,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"2df89a45cd8eead917f1a04f760cb35c","sha1":"5c0dde8efcd74d2ecaaed58f8fc93cb7bb5af3cd","sha256":"1e0340420bf95402cbb14fb2b49b90ae22c1199e5873f63b189397442a95cd56","sha512":"31e496fb76553f068ee8179b6f62428eda2112ebf5cdb367c31ad9b3afcedf25f761c9834b7b78c5f8c5fda996c29cf4c24a8630794114f74cf2b657a7279f25","ssdeep":"","tlshash":"78716c53fe8f7630be1d50d1ae01cea17a7682490fc545518f9271b07cabf9e816a0b1","first_seen":"2026-05-30T07:41:04.800696Z","last_seen":"2026-07-04T10:40:29.298601Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/siteSportBet.B9U15cTW.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.100Z","timestamp":1782998859100,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/siteSportBet.B9U15cTW.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-1fd7\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8151,"size_decoded":2743,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (8132)","md5":"51ad48b1b5889b5085a28c7411b4fd80","sha1":"f7928125431e130a5438f72a3914b402a6b7b744","sha256":"ecbbdfa0190ed44ef26a9a048decfcf44dee2a2964508a789db04313fd7636f8","sha512":"02a2b1da07f4599f731f5a7d13089fadee232fb6e29ae2682717565a6203534e403c94ae3051d7e16bc3a427f9c5e34863842ec5e522ff8991391f11025cbd85","ssdeep":"192:ptl1o3eBbuc5c0E3q8zADNRPrctVD0fultlqcRS4HTiW6c1gxD0ywlqKl82cxllz:ptl1o3eBbuc5c0E3q8ze/DcTD0fultle","tlshash":"22f19367b29f520157c0207c90fa07a37724647e24a388ecbf6deec96625a5473b573c","first_seen":"2026-07-02T10:56:16.449841Z","last_seen":"2026-07-02T13:28:16.815227Z","times_seen":4,"resource_available":true,"data":null}},"time_used":313,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/phoneStatus.DsDFSgt-.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.897Z","timestamp":1782998859897,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/phoneStatus.DsDFSgt-.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 210\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-d2\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210,"size_decoded":515,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"2997acb0f5b00fa084de4c86f5f1a50a","sha1":"e26cd0bc1c157bfdc967a139a61be2d9d5a3bfd3","sha256":"222abccb18585aba8f7364366337fb1715481cb11d99ae7f599f798a482c8c60","sha512":"371f7197e6179185248aa14ee3179df77f06c86ec4294717f0af612919f9515173fe6c48fd82c2aa5f328e43a3becdaad2e4a0e07cb5edc470255e9eb4d89eeb","ssdeep":"","tlshash":"c6d022eedddab0f0c20050926020813db0060ab5b83cc2cab0fc0c319e1b084f3baf15","first_seen":"2026-05-30T07:41:04.65147Z","last_seen":"2026-07-04T10:40:29.232501Z","times_seen":22,"resource_available":true,"data":null}},"time_used":374,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":374,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.o95Fe42x.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.914Z","timestamp":1782998859914,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.o95Fe42x.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369a-356f\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13679,"size_decoded":3041,"mime_type":"text/css","magic":"ASCII text, with very long lines (13678)","md5":"ed094785dc818d2a0a8cec10da7ac483","sha1":"c31b7bad9e90013c8dd69aba18cd1e3743af0888","sha256":"00d719c8926f352fe517d1543833c1e74fc81281fae8490d9d9afa64e202e80b","sha512":"aca6220369abf36c1451944884a3cb2d3e97a4512bde4ac8bc77f9725c945ac3d705c8059a5dc9ebedbf6304d0abdad59b65e12c5f5e6538815b11fa7ccdeb88","ssdeep":"384:gagWzCzC9MCVCNCjMC8CbCHCZCzCUCeCBCACjCMCdC5C5CmC3oCRnCFQOCCvClCP:XSOMgO8Md8auo/N87K9gy43moQnmtCYx","tlshash":"cd524622b22ee01f753bd66175d88ecd6024710345e37adada7652fe84cb6822f3f548","first_seen":"2026-06-24T13:33:42.975427Z","last_seen":"2026-07-04T10:40:29.363429Z","times_seen":15,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/pc-register-bg1.jpg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.976Z","timestamp":1782998860976,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/pc-register-bg1.jpg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\ncontent-length: 151910\r\nlast-modified: Fri, 08 May 2026 07:01:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: t26MQllBSUP8kFyvzeiW_lPvQfbN2dhl\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:42 GMT\r\netag: \"a578aaa082acd7d677171b8c1b28c299\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: CQ-cDig_5PyqxH6VdjmrwrjZTUbdkoHNXgmflGejP-xL4nRYdYEvKA==\r\nage: 963\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":151910,"size_decoded":152479,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x1184, components 3","md5":"a578aaa082acd7d677171b8c1b28c299","sha1":"4cca441e65368aa3947d51597ced4d060a10c57c","sha256":"184896769d9ff249b1be666578a6bc837875370e63c72d82dd27464a5f5f0512","sha512":"e50b87bb3c8bf233dfe8f3eed55c8bcd24e391b7a7c0e78903ff438974edd18dab33849f685c8a93df208fa4d5471ade444b4fa8983a55bc69d755c2d1e20d3b","ssdeep":"3072:xG399Z74H7vprkrNu6Gq6vq9tj7m77c0DXTW+nzAXyZ/4DywY0og3i:HVwE6XIu97WhDCEAixQdYdgS","tlshash":"67e3125eda184855e4750132f649de84af806f5ff0b3c367c884ef96ad68b2507afca0","first_seen":"2026-06-24T13:33:43.102968Z","last_seen":"2026-07-04T10:40:29.221608Z","times_seen":14,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/PersonLoginAbnormalModal.C0O7jhOh.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.893Z","timestamp":1782998859893,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/PersonLoginAbnormalModal.C0O7jhOh.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 782\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-30e\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":782,"size_decoded":1171,"mime_type":"text/css","magic":"ASCII text, with very long lines (781)","md5":"121ff9eb505558700c263530d5b53eb7","sha1":"fde8dc6a4150f6b1ad9914c36142f88a22c0a6e7","sha256":"940fef6a6534aeb9d14f3971c452cf7cd2fe7c61b99099063f7ecfea0a5b1948","sha512":"2d8d3d6a793e8a36b1a03039a0a104003c2bfe227f3dbc46368587d39c80d6f0f472ea52280351790a455acc1b114aeaeb68881b439280bb0967b8fe91015b61","ssdeep":"","tlshash":"93018ea5fdbd9219306fc6b6a1888c941515f3176a810be4fe753850ccc78a03727f6d","first_seen":"2026-05-30T07:41:04.65196Z","last_seen":"2026-07-04T10:40:29.342434Z","times_seen":23,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/78fe45366a538ef7866373bfb1baa8cd.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.753Z","timestamp":1782998860753,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/78fe45366a538ef7866373bfb1baa8cd.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/deposit-tip2.BWmcXMOV.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.556Z","timestamp":1782998859556,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/deposit-tip2.BWmcXMOV.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 6776\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-1a78\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6776,"size_decoded":7168,"mime_type":"image/png","magic":"PNG image data, 142 x 51, 8-bit/color RGBA, non-interlaced","md5":"3eb8137186ba57d0bb14b77432abd789","sha1":"2e295cc2c3565173d4bba7f76ff20be5e89ed36a","sha256":"0e9f445b73e59640760d98f662ad6361177db6c760de3dd273eb42fb565ca062","sha512":"b725e50ae68bf82f8ec2a8e534681d46bba17eb54008c31cd6ab300be651cb97d83d5b9e6fe68d34c78cd2d78b349e8e2fddb01a47523dfa68fda6d56ef0211e","ssdeep":"192:IO43E9LXciJvpGilqbLOGEw1KFORBYlvBkDn:p43UIi1pGbHEwQ4Dn","tlshash":"ffe1b0d1a791ecf03e407f968158904ce31be7828062c17683ef7e4c92b01caa9cfe91","first_seen":"2026-05-30T07:41:04.716713Z","last_seen":"2026-07-04T10:40:29.241293Z","times_seen":24,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/28790fe5f45f127d1fc28713aca09d69.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.755Z","timestamp":1782998860755,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/28790fe5f45f127d1fc28713aca09d69.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/sport/querySportType","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:38.974Z","timestamp":1782998858974,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/querySportType HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 1839\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16130,"size_decoded":2275,"mime_type":"application/json","magic":"JSON text data","md5":"2a10907392669dc9e4e2ebff8e1e7b33","sha1":"baf1b02b4a7ff45ab08d2e0b0aa08d1f0e57e0b3","sha256":"f23db83248ba66ccf5ffab80ef5b32f2654d9bf15b2e7680a38415be3350ddc7","sha512":"e41bf6484618303a6877fc487a29384534e9e5148e56d0c43bafbb5ea1312a77db7de4e09045bfd431e2085b2ad086f5320c3c82fd6b999394f88a07ba23a7ca","ssdeep":"192:H6iXHiKPitzi4ziTqv4fEgeEFEIE7cdzFXE6WgIRaeOazaZa7pE5yE0EohAvi0x/:B","tlshash":"fc725cea139a5c8c670d1a7085832689fbdc415edcc67e49bedddb6d804c7b3130b29a","first_seen":"2026-07-02T13:28:16.832163Z","last_seen":"2026-07-02T13:28:16.832163Z","times_seen":1,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":336,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/time.BLlU9AyU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.087Z","timestamp":1782998859087,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/time.BLlU9AyU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 1005\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-3ed\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1005,"size_decoded":1312,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1004)","md5":"a7dfb3ae82edd47643d12a794a2a5244","sha1":"85a98e58d41163f47f5615f54a7682e0ae0c90f8","sha256":"2dacc69528de17d247c586b371e3906cca9b5157bc3cf0e1b51ac9b7aad81e6c","sha512":"cf500e9b9c91b6bf81ef57a470882489855f4ca8b5190e40e57d1aab7684bea750e51cf3ab98a7dd4e002d583efc773b0c9f6b44e4b83cd05325323fbccc3ecf","ssdeep":"","tlshash":"a91125c12469a026f52701ecd0f883a22525da30fd266955ff3f4a26357b4c7481ff94","first_seen":"2026-07-02T10:56:16.470383Z","last_seen":"2026-07-02T13:28:16.834732Z","times_seen":4,"resource_available":true,"data":null}},"time_used":321,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.C-PjGhQL.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.823Z","timestamp":1782998859823,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.C-PjGhQL.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-471\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1137,"size_decoded":1046,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1124)","md5":"66d97926b1a8a7f1edd66c27b4001d9d","sha1":"4d9d4357c74468d8bb9dbb7bf773097e1322cbae","sha256":"98f9497b4587ff0e624ea8d377aca441e355e1c671962eda6f0007e99f15b00a","sha512":"6fbcc263c8a7187736d88c561f1e55f051b7c3734289465ed6e12a69b09f8387ae0b40447387aecac1a38e9800ee8453196bf55ea6c8ae37b878ed2d211bb43f","ssdeep":"","tlshash":"b8219606f25a61b24c2980f89058ad6763726414f26598b5d96d4d1ec245043f46fb71","first_seen":"2026-07-02T10:56:16.488517Z","last_seen":"2026-07-02T13:28:16.838057Z","times_seen":4,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/OrderLimitTimeFreeModal1.tNfsuAst.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.110Z","timestamp":1782998859110,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/OrderLimitTimeFreeModal1.tNfsuAst.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-3829\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14377,"size_decoded":5581,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (14032)","md5":"58f7eb52a9ef04e86b30b1892d2b766d","sha1":"5e9ad8077adf2b47a6ded446b1953ac5b0fd5846","sha256":"8f7ef1db8acfccd083bbc1b7c6c1e83e04ef43778574722724d7a10d4e536df6","sha512":"1a257f53b9d774ba6ffc424c847d203050da8ddc64f18ac7d1b89589fbd73efc0787c81ad69bc316e31ed6bf4eadd1926159fe328323bc0a3275d11b155e9a3a","ssdeep":"384:2YI8vsCmCNuyl2NAz2lECYGWvSmZnyVK01hT:2YI8v9TZ2NAz2lECYvvYK0/T","tlshash":"29520aaca8354535fa738459f2ef0a42661c3f53d1184c96f8fe59a03f8ad5233ac17a","first_seen":"2026-07-02T10:56:16.406415Z","last_seen":"2026-07-02T13:28:16.840394Z","times_seen":4,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/chatShare.CI7ZQNfd.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.908Z","timestamp":1782998859908,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/chatShare.CI7ZQNfd.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-445\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1093,"size_decoded":909,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1092)","md5":"8c484fa33aae9aa4caa73758c9fc5d4b","sha1":"b107f8624668440b31cc867a1630184d40145f63","sha256":"3a0da513cfde0cf206dafaa07d44b468fb74ee08c82dbab0da48872611e031c3","sha512":"db3dafe9a977c62df92588e4ebba1d81943d9282d582cbfe45586c29187a8e53ec45e707b5830bccde22758e65b180185491a9ecb45f7f109e2ead7dc77ea742","ssdeep":"","tlshash":"a711ddd6b1c639a28761145e90704666f2245d1539ad83f0f23e95733d2b81382fbe5d","first_seen":"2026-05-30T07:41:04.668588Z","last_seen":"2026-07-04T10:40:29.192625Z","times_seen":22,"resource_available":true,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/homeLeagueOddsColumns.DToIJSNn.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.118Z","timestamp":1782998859118,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/homeLeagueOddsColumns.DToIJSNn.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:56 GMT\r\netag: W/\"6a46369c-d4e\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3406,"size_decoded":1535,"mime_type":"text/css","magic":"ASCII text, with very long lines (3405)","md5":"a71340986b47b57db7cfdb76531147c3","sha1":"dd523e91db74d90ce403766e9970f55f19f1e15b","sha256":"02c3a13810d217c3d4175ede761d3714fb01ec826eb26af63a638b64a860b253","sha512":"4e76dfcbadeef92a7f530a5bb1a3514b2f269ebd60a7e72f4065254d6486914a151d1b4094a08b8da0ebc1f0531f15f54dbed773104e2762d1b707531dd91019","ssdeep":"","tlshash":"4c615371b12910ede6bfe140f5e00a8c1564a65752320e1fee8b72668c8b1ef16366cc","first_seen":"2026-07-01T20:44:48.152101Z","last_seen":"2026-07-04T10:40:29.25994Z","times_seen":11,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/BonusSign.B3GMhO1P.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.884Z","timestamp":1782998859884,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/BonusSign.B3GMhO1P.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 793\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-319\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":793,"size_decoded":1182,"mime_type":"text/css","magic":"ASCII text, with very long lines (792)","md5":"7a4a2e7cc9e93ecc3d487daef2bc9799","sha1":"e469b43fcd21a7951b549080ae6b4f9484e27008","sha256":"cfd340ceaa886421d1e6ebbb71e9f0e71801f6a7d54509a4847a16cce67b4eba","sha512":"1e54b3c3dfd6cb95f6528e788f102ff4f5006043e76c9a29cb5b666431b0e4e2c1d957c0f71210293bb198e30389d85a988e8351e3433e033d261d21613a4407","ssdeep":"","tlshash":"ce01c25692423526c04f53c1b2c0955c0726eac3e5a36eee221c6ae657826e342d771a","first_seen":"2026-05-30T07:41:04.83171Z","last_seen":"2026-07-04T10:40:29.296579Z","times_seen":23,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/IceHockey.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.020Z","timestamp":1782998860020,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/IceHockey.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4414\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: dL2fOd.IhaxdemSckgzx9tcODnCL2Zhv\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"59fa3b6a9dd45ab4059941f82f83b1d4\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: odFOFBLd-2eYEhTOijwL-d6LovtHr6fRCYKqr_2G1PMegT3tlG4nkw==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":4414,"size_decoded":4981,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"59fa3b6a9dd45ab4059941f82f83b1d4","sha1":"04f7ca9d4f178cc99e1d11278e10f43a0fa39919","sha256":"479aa40d03804129b5c668ca296c527f7e40cce462dcf668ef1704048b6bdcd0","sha512":"fe69ddeed69180d4eed40d5614e51af678f3b33d487f6bff14d17c3deae5e26d4dfbc978162b9fb1cd1f183bd2213c10c57b28ee33bc6d83a3c5ca29f6ab7562","ssdeep":"96:87SbbLzb3SPruFhoGJb0u39rNo1+Samxm64VlLQnZIhBCE:WSbzjDB0GcwNmD4VlLqZIPx","tlshash":"48918ccdc8fa615f602d9be11c653082d42c398e56954a2c06cfe89f5c453d2bae3285","first_seen":"2026-05-30T07:41:04.655066Z","last_seen":"2026-07-04T10:40:29.237Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/50b75ac3cd80103d24967a594b388569.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.767Z","timestamp":1782998860767,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/50b75ac3cd80103d24967a594b388569.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:41.491Z","timestamp":1782998861491,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:41 GMT\r\ncontent-type: application/json\r\ncontent-length: 50363\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":468870,"size_decoded":50800,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60302), with no line terminators","md5":"a4bf18bafef966c3e5cd020b07a9d2e9","sha1":"37c422802d90ddff11ead879428b9d0a5b3b2916","sha256":"38c8149330a6a5006e5c98e1e75a830036c44fcb988554fe6d5c3598778d1514","sha512":"4b704b5c4dcf112789c95b9e25332de3c2f1bdfd170a64e9c312e1cbeb3497e2032ad410a1537e439dcc568fe15a38b5881eb670d6deafbaff826717927c45bc","ssdeep":"12288:52Tm5G3st8be4oxg8Oi0+QoiCqe4fCO1t+k3K0j+6buAQ:t","tlshash":"c4a4248a692dc4fd9ac67d02e4cf3095e4e03a0be84d2d4008c67e6c9e5fb63b527567","first_seen":"2026-07-02T13:28:16.850302Z","last_seen":"2026-07-02T13:28:16.850302Z","times_seen":1,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":580,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/game.svg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.485Z","timestamp":1782998859485,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/game.svg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 24 Apr 2026 11:29:23 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: B3gsmpVo9ABENKBZ_CHOtow2WnB3u0sy\r\ncontent-encoding: br\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: W/\"a4ae58be5748a57b9e974871724db8fd\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: jmFkPQZyX3iFwm69FUMUK0RX64W65AzU4AnNMCDzm27aEDrZU7BrIA==\r\nage: 2027\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1962,"size_decoded":1516,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a4ae58be5748a57b9e974871724db8fd","sha1":"00ce8c384913999983afe01136af2cd6d79cc6c9","sha256":"2a5c78b187397c09ccc76d8247b7eb45c9ea20f6971e7092424374e7782234c8","sha512":"9dbfaa500414e9a5ce2a0a00acb776bdbbdc334e43e26e04b13de8f8bee0a4d62a05c18930071b8fcc07a62114079b09a0c88fe52cdbeb3cc3ec7614cb4052a9","ssdeep":"","tlshash":"984188fb469ce1d09603cf24e92ba4757ddb74fb3fa58be881409b6895150db498cce0","first_seen":"2026-06-03T02:50:08.043344Z","last_seen":"2026-07-04T10:40:29.327148Z","times_seen":22,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":15,"connect":2,"send":0,"wait":3,"receive":0,"ssl":226},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/normalizeSportLiveMatchId.DIcg771M.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.877Z","timestamp":1782998859877,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/normalizeSportLiveMatchId.DIcg771M.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 95\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-5f\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95,"size_decoded":399,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"ff48b997e9f633bc6a76dc8cd00787d2","sha1":"5b54fe9d781b395dfbe01a64600a02a4374cec8b","sha256":"00646510beb6654691afb8464a9ad71d9a33d41011fb6e9347194501d0bd3b11","sha512":"13618cc0d913c505bdbf53859238e23e9db560e54009c2084b180095759f4868cc1b1a09c190584f37891f2319f9aa7ca87967e56951cc0af1c9210eeab0f88c","ssdeep":"","tlshash":"cdb012cd710d601c97120228133a7c68c030ca0929358ae5d04242c3253b8a0029bfc4","first_seen":"2026-06-24T13:33:43.093878Z","last_seen":"2026-07-04T10:40:29.11763Z","times_seen":15,"resource_available":true,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/password_visible_off1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.980Z","timestamp":1782998860980,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/password_visible_off1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 1658\r\nlast-modified: Tue, 11 Nov 2025 12:00:41 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: FXZ2k1FliWBjNJ3VW_PuA.ovRXgaQRdY\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:06:55 GMT\r\netag: \"e63650dd990949d13994b4028612f77c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: bb8Z02XmH8VPt0dcPiEWp2-urhlj1JQyGPStOEOBRdlZ9sELQvFO0A==\r\nage: 4845\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1658,"size_decoded":2225,"mime_type":"image/png","magic":"PNG image data, 168 x 168, 8-bit/color RGBA, non-interlaced","md5":"e63650dd990949d13994b4028612f77c","sha1":"caa9f8b08557b93c6b7098676ad0cc7fa3592c82","sha256":"fc01619fdaba269e6e3b37f7808593d6c1dc49b5ae41f3718d4ac1c0261ba56e","sha512":"d29f97bb1aa32dc5400bc602f462123ac099b8b6c913fe9aab95fada55c3ba184088a8b6841f50a637b4813f650dad947ead6a3f9d34a60c312229be549b3733","ssdeep":"","tlshash":"d3310ab6b4696398fa0e63f4c0568b62b83ba2ca85b7a91754f464bc53304427b33255","first_seen":"2026-05-30T07:41:04.841722Z","last_seen":"2026-07-04T10:40:29.310251Z","times_seen":16,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/loading.B830RxXH.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:38.948Z","timestamp":1782998858948,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/loading.B830RxXH.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 30505\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-7729\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30505,"size_decoded":30898,"mime_type":"image/png","magic":"PNG image data, 427 x 427, 8-bit/color RGBA, non-interlaced","md5":"dd5fe17816bb2af0998194c5888155b4","sha1":"54228f6bfd9acd8d2ba1ebacc60459a6be90904e","sha256":"0e789d976423d62c631a38975acc2a720004f476db063b5bda08b6462a39cc82","sha512":"2895d42854589708e4d011956259d6654e0b115e386b32ec393c6f46bcd0181e524e52ca437c6a3469a0e0255992fdd2f1cd2df2a8740789fba5c70033e079e0","ssdeep":"384:Jcfn/YQWBPY49lgXZhTOO8W4fq6eFYmgBSOdBeUjBO5pqIY2MZiOLa09e6YEtnor:kUBljgpcO88R6mQSu0pTLbcipEGnq/C","tlshash":"bdd2f1fb2802567b0e3fc89d8b1a46c2b70b27038d6fe444d4a45a7d972afd85f72644","first_seen":"2026-06-03T02:50:08.038021Z","last_seen":"2026-07-04T10:40:29.372159Z","times_seen":22,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":148,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BywoWUit.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.851Z","timestamp":1782998859851,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BywoWUit.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-812\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2066,"size_decoded":1359,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2065)","md5":"e4ecb99910b38558dde60b413afda94e","sha1":"7773f2110769df19fca03211b2dec2cfa5e69f0a","sha256":"befb163184a9512a1749cb9e487316fa4b3166e32cfc9f79bee7f949b64388b5","sha512":"e62bd59de4df414282be08a07006ef0f6a3c0b1ea7dcdf2911db73362ff52199367517531cb60e34aa9a3829d1a826690c60e9bce6057c274f89a70a8b2d5010","ssdeep":"","tlshash":"b44152497039a4bd47762a5ac534026637261b0b312b88f0f2680d1e3375ec6178fbe7","first_seen":"2026-07-02T10:56:16.390097Z","last_seen":"2026-07-02T13:28:16.866745Z","times_seen":4,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/BonusSign.Cail4ooI.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.882Z","timestamp":1782998859882,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/BonusSign.Cail4ooI.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-1047\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4167,"size_decoded":2312,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (4076)","md5":"91c807440fc36b05c3c46be9f0a45d8f","sha1":"b66f2eba6bbd2e2dda149e6618c1db27be40edd3","sha256":"5a7369a11522a6c065a3e554a9513158fb90352c4d072e30544280a9c68cfb7d","sha512":"318c8434baa79575462dca58f47115dd8cabecf6e22f8d98352995cba50b89da658b797e8876fc1417e9b2f4c6e3869cf2eb30cf7cc336278d45e4b9c0d68cf5","ssdeep":"96:lXIiwAOUZ62KHkSzl8AiK/P40siCj9Hy+8i9a/aEBoNaD+2cGnq:RIiwAkz8AV40Sxqyt8Cvn","tlshash":"b681864bb07666b4baf75c84609180a35209bffec0b5841a75ff08363787c65578a73b","first_seen":"2026-07-02T10:56:16.391066Z","last_seen":"2026-07-02T13:28:16.868926Z","times_seen":4,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.DuR6eNo5.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.886Z","timestamp":1782998859886,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.DuR6eNo5.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-6b3\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1715,"size_decoded":1342,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1690)","md5":"8bca4b81a7f9fa8944cb87f185a1238f","sha1":"66b251ed835459f5c9129d0899ca3cbbb8485ee6","sha256":"c9f52fb227b28877b3b2465516ff6d8472b88309a88d70608fef8ce4f051615a","sha512":"c2d0c79cb1edc281c05ee4a7b6d474ffc4aed2f81cd737bc2d3dd7fc24e76c41bd619e43fdf856a6aece387232409e12a8d17676669ce0c4c09a842baecb2e14","ssdeep":"","tlshash":"db3196be741ed6f4f21b48a4e0d54413c61c77bd8239ed8ee67605392f81544424d73e","first_seen":"2026-07-02T10:56:16.379299Z","last_seen":"2026-07-02T13:28:16.870515Z","times_seen":4,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/orange/voice.mp3","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.200Z","timestamp":1782998860200,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/orange/voice.mp3 HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nRange: bytes=0-\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 \r\ncontent-type: audio/mp3\r\ncontent-length: 27217\r\nlast-modified: Mon, 02 Sep 2024 17:32:10 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: A8iVAWvk62QOdVCqlxmA_tEY4tx_Qy4D\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:42 GMT\r\netag: \"870121a5cdc217704c12d487f5ee463e\"\r\ncontent-range: bytes 0-27216/27217\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: grO_AG8AgWu0CSTkq74vROwgEiO4TK8OTw1v1evqf16oe2E6O8Gt5Q==\r\nage: 2659\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":27217,"size_decoded":27798,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"870121a5cdc217704c12d487f5ee463e","sha1":"10e871aba6d1dca800b8779c51ae1cbbfc2d0edb","sha256":"a66146607678eb3c324cc5169b74314281828108d7d1d04d18b5ad40a8b7a69c","sha512":"73e784e140ecc6c9f5a02befc3cf330facdc10a622bac98fce69d110bb51b36a1134c6378746a10a88b31d67088865a83401b532e1d3ba53b79410e5267ed61b","ssdeep":"768:OK/RL13CwFoatSB52ZnDfOnOgGOSwdUzpfY:OK9dlFzW5uDbMSjtQ","tlshash":"4dc2f1e530b2f910c08a8758cb7e1dad2457237b9f297ffff94ad3a201366851504b6a","first_seen":"2026-05-30T07:41:04.793076Z","last_seen":"2026-07-04T10:40:29.151804Z","times_seen":22,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteConfig/202511/8e9b1b0d8a84420f8d48643f6fe63ed1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.554Z","timestamp":1782998859554,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteConfig/202511/8e9b1b0d8a84420f8d48643f6fe63ed1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 21322\r\nlast-modified: Mon, 24 Nov 2025 13:14:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: cVVWv0JlR1oB2o4Xw.GZIhrlrtqGCBns\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:07 GMT\r\netag: \"fd43cba637436f0ff41272148a952a5e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: LycLHUaF3sl5CCX6cEOqODh9OIE27JLlTkgnNQ3vKWiUCiZBfeMPHw==\r\nage: 3933\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":21322,"size_decoded":21890,"mime_type":"image/png","magic":"PNG image data, 368 x 100, 8-bit/color RGBA, non-interlaced","md5":"fd43cba637436f0ff41272148a952a5e","sha1":"0998ae892c19d573c094a1f4c022a87afa8d0c0f","sha256":"09dfc6b2d54a842fcef6f9456b94d9b88d3bfa54a6353071b3eb32d297123cc9","sha512":"c8196a56814ab34df47495876051a96c29beb5d24257427c4d142897a197925f74b6eeb2664161d3e6ef7e1c6e6715925056bceb97d1a7a8f659960528a2d192","ssdeep":"384:awVuWMK8I/0eisfqUdlDBHDF2lc/n+0x39pVIwUsKAqsDbWwzmpER3:TuWMKNEXUXh4c/n+0x39pVQsLnzmK3","tlshash":"49a2e161bf5cd7d4a93b30dc0a238260d7e7d326d61e22dad3412b41aa54b73127cb99","first_seen":"2026-02-24T07:43:44.885844Z","last_seen":"2026-07-04T10:40:29.401925Z","times_seen":41,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":89,"connect":2,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/League.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.565Z","timestamp":1782998859565,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/League.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 46333\r\nlast-modified: Mon, 01 Jun 2026 11:10:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ALai7UvPsIMBkJfgOZ75b4CV3O29wMVT\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"5dbb888185ade5a40cae365d80539f76\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: uBnom99pzy6GpFiwksrD2ItQMkPG2DeJdZ-ihxWzNMq23caavfSYuA==\r\nage: 5438\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":46333,"size_decoded":46901,"mime_type":"image/png","magic":"PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced","md5":"5dbb888185ade5a40cae365d80539f76","sha1":"955a1fd52c050d4e9504d5e133375f4f495c2c17","sha256":"327e5531beb1127473c8042f67251be99743a5ebeee035e19a4b0a6690f99b21","sha512":"fad5e7dfcb1be3bbd067e1d9734a598e5d100a2847e85f60b25f87ab80ec0a1e5c82db2bd9c1a06c9054f67d37c11afd989cc9c9b213036d97bffc9ac7f861a7","ssdeep":"768:daKQzzua1WK3t8oAV2+tbwOo5R5ikPTzUGP/UYUtHZ3ew6vOFT:d9QvuaoK3bth7IaPZsjVIeT","tlshash":"fa23f244b616e09737440b13031ebbb7e9cbdaae933b2274361deb5a865d08dd08536b","first_seen":"2026-06-24T13:33:43.105301Z","last_seen":"2026-07-04T10:40:29.339835Z","times_seen":16,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":78,"connect":3,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/RoulettePanel.Dpimhcgp.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.870Z","timestamp":1782998859870,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/RoulettePanel.Dpimhcgp.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-db4\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3508,"size_decoded":1424,"mime_type":"text/css","magic":"ASCII text, with very long lines (3507)","md5":"f8d0155317be3dcc160751d23cbd2c4a","sha1":"733832df39e7e16b52d1332fa42781a63fdeb2fe","sha256":"6daa31ad51daff8cae583da2afd298b724c77013afc0122368e0cd438b49245e","sha512":"55789d98667becd58cc65d3c6e0e36f9d83d2f2e92aa6a016620f52751f498fc6e8752b2881ac892ddc8f091f73da465f7f68783236a1b532c29085e90de9891","ssdeep":"","tlshash":"3c71dd20952c2104c67ff511aea8ab8d013757435f3f18add2940c6d8fcbea52abad52","first_seen":"2026-05-30T07:41:04.784316Z","last_seen":"2026-07-04T10:40:29.372808Z","times_seen":23,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/useRewardModal.BWcnRKYb.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.883Z","timestamp":1782998859883,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useRewardModal.BWcnRKYb.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 364\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-16c\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":364,"size_decoded":670,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (363)","md5":"70b88f06d9381547ec19f8a58dfb3e23","sha1":"f2cdf78317b4ca0922854e6f184c023e5e738198","sha256":"a432cbfa6b32605abae1b62ceddc68cbd88eda61fc58575ce7af47a701884737","sha512":"2220b145c446f89f6bb75b752abc6b399d160bf992b7bb4595a92e899396df0f8c29634228ee8b75f8456739598d9f7d943473441f71146b52d3f6d392f1a701","ssdeep":"","tlshash":"f6e0c067e0ca56f4282e299be13801b901d414cab6cbce84136c5ae61b2d2d2d027f03","first_seen":"2026-07-02T10:56:16.505825Z","last_seen":"2026-07-02T13:28:16.882841Z","times_seen":4,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/RoulettePanelModel.BEn0NR1n.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.860Z","timestamp":1782998859860,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RoulettePanelModel.BEn0NR1n.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-8c0\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2240,"size_decoded":1529,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2223)","md5":"1eb26eb627d43f5524d11da41b104a42","sha1":"76137db87d9e10165937eda9ffb437c7cc2a9c6f","sha256":"7f85ff8235b62e5921ed6e0a34c7506940dd1ad0f6c54d44ac06439492e4f9bf","sha512":"2502da9b29380c55d637838d91e44a63535672b91c086594a1966f2b64eef68c0815a7443ff57d0d24e47c9d8675810a4b88be2f50d9a2cce27b7f534988d8f4","ssdeep":"","tlshash":"c541b6d9b05a8afe17b74e9ce41948d1e41c396a4361fc8865dd44132ff6de840bf319","first_seen":"2026-07-02T10:56:16.403444Z","last_seen":"2026-07-02T13:28:16.884822Z","times_seen":4,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:53.004Z","timestamp":1782998873004,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:53 GMT\r\ncontent-type: application/json\r\ncontent-length: 50364\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":468870,"size_decoded":50801,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60302), with no line terminators","md5":"f3ed232cedc16a9bbd03d40f4cb0c52b","sha1":"00dcf5e3bf96ad43fd76b4ccf1f23160980d9fe7","sha256":"af009968c654f74e1c759fd7dc1b78a770c616cc05970c9203040f227136789b","sha512":"28bbd73bee7f410a8e265e8e42cb20041756b5736a147cd00cb7df3e72b839eb3966516161e2fffd2025ab5fcf33b760e07c9c9aff3827b3dfaae80d90c312d0","ssdeep":"12288:r2Tm5G3st8be4oxg8Oi0+QoiCqe4fCO1t+k3K0j+6buAQ:/","tlshash":"f4a4248a692dc4fd9ac67d02e4cf3095e4e03a0be84d2d4008c67e6c9e5fb63b527567","first_seen":"2026-07-02T13:28:16.886842Z","last_seen":"2026-07-02T13:28:16.886842Z","times_seen":1,"resource_available":false,"data":null}},"time_used":737,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":731,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/RoulettePanelModel.BXjy0EwR.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.872Z","timestamp":1782998859872,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/RoulettePanelModel.BXjy0EwR.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 325\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-145\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":325,"size_decoded":714,"mime_type":"text/css","magic":"ASCII text, with very long lines (324)","md5":"e8b22cbc10fa0d987ea10295b4bfd632","sha1":"f276724db9250ba71bc8ca07721093d9c3bd7c85","sha256":"9727f0a5bd301d4e08d10eaabcb3d58050c0d86edd8fcb01a96d44634e6ea459","sha512":"623788a133aca0f5164e887bf8934c50101d196d9764da6018d9a8df9a1017963a2513e3d4ef9e3d5005360bf0ad7d94f576e479033b34ef0fdb7084a2a075a7","ssdeep":"","tlshash":"2de07da677216050a822abd4d29cce2e9b36b65302cf5de2ad8882d715c73f330e6315","first_seen":"2026-06-24T13:33:43.077986Z","last_seen":"2026-07-04T10:40:29.352316Z","times_seen":15,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/pwa-icons-vi/180.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:44.308Z","timestamp":1782998864308,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/pwa-icons-vi/180.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 19835\r\nlast-modified: Wed, 29 Apr 2026 10:19:18 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: pyY8VSPFGKJP9EbQ_53QskcgoJWdec2.\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:06:28 GMT\r\netag: \"eff89b3168e3dc4083613c9287e6c2d3\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: TY0PPIbQtMYrkC9co5BwiAWk5eQl6i9tU_hNbQgFOxGPDgk7WUkpNg==\r\nage: 1276\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":19835,"size_decoded":20403,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"eff89b3168e3dc4083613c9287e6c2d3","sha1":"d5efdf2e4097be3ca411bff866d930549cb63a4c","sha256":"2f590b22d7bb194b40364b835235693826e87c74eae5e796de43aae80c917386","sha512":"4a6505b52e04194663a2d3ee9622069d401522f647ce66096cdbeb7192143dae60f11d2e6986f68b749441ae6ea249e169d4596b7f85926a7f6ce90e458c58bf","ssdeep":"384:re1b7OQ7xe3s/pVrtXqGAFUsEtrdffOw17/WNqBE3qc7NlmR1jvobe+4tfHvxa:c/OQd2s/LBXzAKNtrdnOwlWNqBcb2R5+","tlshash":"bb92d0dd147077788d2280a32b5928fb9c5f245766e6d03577b8e997becdf4aa2c4c00","first_seen":"2026-05-30T07:41:04.79592Z","last_seen":"2026-07-04T10:40:29.405424Z","times_seen":22,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T13:27:36.243Z","timestamp":1782998856243,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /?inviteCode=48093\u0026cid=36 HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:37 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-dac\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3500,"size_decoded":1617,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"50e5893e07e0be7a6e495a78dadca3e8","sha1":"87bbb366544d60a333e4b61b87d72ea575313880","sha256":"e9094651b1c5265c069810b5275c63645dcb0666ecc8df77b71225ea6d1482c6","sha512":"196cc9176c5a6701a76d36976770c9b96a1d61ce9632832af4d55f377000c3eaa5a7fb1b03173da6428f5653b8e395190094080cd8f51633e75b452c7e693714","ssdeep":"","tlshash":"f27164954ed0a0163ba287299afab01468d2d087850cd844b54ca3d99fd0f4ac7dfefd","first_seen":"2026-07-02T10:56:16.432812Z","last_seen":"2026-07-02T13:28:16.892715Z","times_seen":4,"resource_available":true,"data":null}},"time_used":985,"timings":{"blocked":-1,"dns":382,"connect":148,"send":0,"wait":298,"receive":0,"ssl":157},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.jsHMj9PS.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.078Z","timestamp":1782998859078,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.jsHMj9PS.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-49c54\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":302164,"size_decoded":140886,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (45391), with no line terminators","md5":"517267c12444047eb41a06b8873ff756","sha1":"27b9b07a372f85869840ae03bb09ba6393776435","sha256":"4dce1d95f857975e001da696bdc261fb9fe029e717e2eda885648a0109a2b6e8","sha512":"b1dff599ce3b10755fe0245538181b85d6122e7725b7168974b83204d5f57384c8e704cff87ba6fc87d273046fb40b4d13d1f3ea048b70cf263b11204dee954e","ssdeep":"6144:OFdwuwe8RN5x+OyJJUK3oa8jcOit/ECEN3UOvuFI:4zo5YVSK3oX41ECEN3UOvuu","tlshash":"52541ad839d2cb3acc00b8da73d051a22d8e0b7a77a900349971797f5b317c39de59a8","first_seen":"2026-06-24T13:33:43.042162Z","last_seen":"2026-07-04T10:40:29.175122Z","times_seen":16,"resource_available":true,"data":null}},"time_used":318,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.BvmoD7C8.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.838Z","timestamp":1782998859838,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.BvmoD7C8.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 525\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-20d\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":525,"size_decoded":831,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (524)","md5":"42dcadd81f2946fa1f84f193965c1f9b","sha1":"24ae8e1c44108e847d7559008f7502f2b365a805","sha256":"dec337afa256c109a931ce63bb6a340f2536b971a44b964114b7769e5eb57786","sha512":"e1c693f8d2bc1de7f6a86c6d0c8a6b6986798cddd6694eaff7c849de9462fceb2e4276ffbd75f14865f5c7d4f4cdcb219e7e0b22beab6fcc0cad089bdd193a30","ssdeep":"","tlshash":"90f00e2a7f4cc0b4a6370dcc31738028065f07dab634eb9582d37fa92f89520a95e138","first_seen":"2026-07-02T10:56:16.457184Z","last_seen":"2026-07-02T13:28:16.900886Z","times_seen":4,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.o1qzxYzJ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.876Z","timestamp":1782998859876,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.o1qzxYzJ.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-acb\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2763,"size_decoded":1665,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2754)","md5":"a57e6299771660870c03b7c2c9dad1fb","sha1":"13d0dcd24cabbab93a48605b892da2078ef670af","sha256":"e231447695397508848696ce3751b073678b3d35b7bdcb415da29e97cf11d763","sha512":"8e8ee44142958b4eedef6f13f66ca573d081ecaa707f8f492873284e22122f85ffb01c6ef2ecfae76e07139d642fab5a6a37e6a24b9a1be00f65779a3abfd9b3","ssdeep":"","tlshash":"ee51a7012c02c6fe6deb8100912e628ac1493f38d52ec556a2fd48067bc78f6b79e764","first_seen":"2026-07-02T10:56:16.412707Z","last_seen":"2026-07-02T13:28:16.902902Z","times_seen":4,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/not-reserve.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.734Z","timestamp":1782998860734,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/not-reserve.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 2585\r\nlast-modified: Wed, 05 Nov 2025 07:32:40 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 4AEL8Tkvsq9Z1ljOvXhTWd7ew2xCBRla\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:42 GMT\r\netag: \"ada663379b43197e79b187b424dc8ee9\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: am5BkCtLohLJYxbYWCTzeMu357E44aFfagIIxl0XDUapsixuX2R-hg==\r\nage: 1869\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":2585,"size_decoded":3152,"mime_type":"image/png","magic":"PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced","md5":"ada663379b43197e79b187b424dc8ee9","sha1":"8c31d5fa34c9205a716a93f19fa166ca50da4de3","sha256":"7dd7f8b2c4275f3d3e78dd20cb85a58b7a9f530d73877b3371feccdbda6bab5e","sha512":"5e6b9d1587d4034d4efbb461e488bbee90992a0c68b2b4808822398c0d9f695b8f599266dbc80ba1b49d4968be70ce48c5e5a5c52fc1e662636512853abc992b","ssdeep":"","tlshash":"52511ad5b2b4ca355b4fc5b1073a1e8331831e205ac2361ec6a73edea644fa06ce84c2","first_seen":"2026-05-30T07:41:04.806741Z","last_seen":"2026-07-04T10:40:29.177147Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.vue_vue_type_script_setup_true_lang.B6dbxlq0.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.112Z","timestamp":1782998859112,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_lang.B6dbxlq0.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-4a2\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1186,"size_decoded":962,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1185)","md5":"f180702adb8f34364a41b5f8a72a2fd0","sha1":"144f2b9d68b73aa855ab777afe1d31ab1cdf737e","sha256":"4000b63a2c8153d74b47706c92222221ec2a5df785c2cea54a9b7ace48b99612","sha512":"849ad5cc9b6883d85146b4356e4ca201c62bd32284c0dea34fd368cb17d0d751acf92770f49c7910b195cfd40ad6c034b75106b3eeb73a47ab9d0748091a5946","ssdeep":"","tlshash":"6121668b3c6800bdd3b30c44e26199ed2125135ce276e8e2347b542e23a7cc077da1a7","first_seen":"2026-07-02T10:56:16.433646Z","last_seen":"2026-07-02T13:28:16.907113Z","times_seen":4,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Volleyball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.009Z","timestamp":1782998860009,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Volleyball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5582\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: D3dLQA.qVr8ZNvsvDBstg.I4sNwnK5xF\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"86902d569e448113497dc0cf585ab082\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: vnpyVMb8rXLYqimwd8PldMWTB8vMLeSDSDDvDYbttZQMBqRFSbHVMw==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5582,"size_decoded":6149,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"86902d569e448113497dc0cf585ab082","sha1":"7e88eb53521c76762459bea347df3f3f4e9f894e","sha256":"d3f642e8e875fa8af7f9247ed241b08f6f5f6a2265bde5a681df710d09603dfd","sha512":"6aa6e48faf436852e01877b3cb37f13ff65bff355e5226093f200f82162beb047f39ae3e3f5c80bb88718b1411d175572b02155904a9300d0d6d39ce1a4073f5","ssdeep":"96:87SkNxk44OR+XMWK0Yj/2klaXZybbyU6oBdCzTA+94n7GVvbhUdmKh/YUsIoXLo3:WSh4XiMWm/2klapWj6L0++7GV1Ud9h/f","tlshash":"50b1afbb16be143e2607e53dd10df803dbd8abc8e854bfd858920ba1902788c31387c6","first_seen":"2026-05-30T07:41:04.823417Z","last_seen":"2026-07-04T10:40:29.385304Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/site/f/siteNotice/queryList","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.983Z","timestamp":1782998860983,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/site/f/siteNotice/queryList HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:41 GMT\r\ncontent-type: application/json\r\ncontent-length: 2609\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8709,"size_decoded":3045,"mime_type":"application/json","magic":"JSON text data","md5":"02b1103c018a6c954212a7c20f8549fe","sha1":"407d258e101a298887916fe5b3e944755518deaf","sha256":"cefc613d67f704bd24da7df181d7ce27d757dd270b2d75be6dfc70c601e5917d","sha512":"616a537ab579d0d47c2bf8dc6f1785c4bdfe2866682cadee34138067b3fe7092179ab7bec4dd9c7cb311d353b93a0d760046f61401cf23ffd8a00511f449ca10","ssdeep":"192:jXsT5mi5ACmTA6o/cCITlx1MYJCotT2fO2kCVTouwRCXHT1qGRSPTx8ugvIFT7nE:jFlmy8","tlshash":"4602851f87f9e92d9e8902d272e7ffed57852543c0d0ca9871cdae5e948a973120a313","first_seen":"2026-07-02T10:56:16.396389Z","last_seen":"2026-07-02T13:28:16.912705Z","times_seen":4,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":315,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/sportActive.svg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.484Z","timestamp":1782998859484,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/sportActive.svg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 24 Apr 2026 11:29:24 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: u9cvmN0rptiMJCoVnicS2rDMr_U2PRER\r\ncontent-encoding: br\r\ndate: Thu, 02 Jul 2026 13:25:24 GMT\r\netag: W/\"17f037afef78671b3a79131ef93a0bd6\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: QR6r_pS5TISGJneK6nr0hPg6sfBFdTWNB9kmla2gRdwrkLxjNG1ZuA==\r\nage: 136\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":3437,"size_decoded":2110,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"17f037afef78671b3a79131ef93a0bd6","sha1":"4aa4d445f24048d8995eab34c9fd1c11749c1ea8","sha256":"f1a8d21ff03e8ec4e19f414b384732cf9167975488d4dc83b573fccd1401a0ad","sha512":"04d4adca9d5e3a2822f13f1fb708cba5761b3153588e98aa887d7b7466e7bbdcbb9b7e72e895c145cbb703ce1ce51deafa97a58b3a854ccba1d134c96203aa9c","ssdeep":"","tlshash":"026164fbaae0b6c1e546eb24e4338455baaf3cb77f9116c5c188ef44b3040e54d88c44","first_seen":"2026-06-03T02:50:07.922972Z","last_seen":"2026-07-04T10:40:29.231759Z","times_seen":22,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":16,"connect":1,"send":0,"wait":2,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/use-notification.Cd0mneOV.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.830Z","timestamp":1782998859830,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/use-notification.Cd0mneOV.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 189\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-bd\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":189,"size_decoded":494,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text","md5":"cebab973a8b0a6b9b3c2f23083c6c155","sha1":"1456e6d7bd553ae31abcce4b7be34dd1b32fbdaa","sha256":"762839cee8e6ac56bfb456dd81db518c42b6215c9bb1b29153985f49e6c31b80","sha512":"76eba053b05013ed94519660759297b8616cd6c33eabd09abeb100644e036962be9cf8371ce1ca1dbae7d1497fbdedb1119e2b8a31a516059ba6ef2e3e9fa908","ssdeep":"","tlshash":"edc0229f304162b01bc305b37026088e41a34a093b480af0028f84747b122f0830bc8a","first_seen":"2026-07-02T10:56:16.44262Z","last_seen":"2026-07-02T13:28:16.917634Z","times_seen":4,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.XVBvL4OA.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.842Z","timestamp":1782998859842,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.XVBvL4OA.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-5b3\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1459,"size_decoded":939,"mime_type":"text/css","magic":"ASCII text, with very long lines (1458)","md5":"9c52d1b2f71e0afed357060b2e7454c5","sha1":"32b36b5fee94aeff313970b10cffe63c86754b8f","sha256":"ae9f9a3e25cbd27d1197141b8120280fe0c1faa4a24234c4fd6f4a003d157b56","sha512":"7ea33bd695f5dae84174c4da4a0403b28a3dcb4071ab87a09a7aea7c50f8ae9f5370cc5de0512b9ac64aecca629e6774b7685393dde61d901c419cd77e253596","ssdeep":"","tlshash":"5c31ef36363c752c943be5296cc10a893010e38b6c778d29d6912778d6c76e33b547ce","first_seen":"2026-06-24T13:33:43.093027Z","last_seen":"2026-07-04T10:40:29.247326Z","times_seen":15,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.B9AsewNq.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.867Z","timestamp":1782998859867,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.B9AsewNq.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-456\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1110,"size_decoded":783,"mime_type":"text/css","magic":"ASCII text, with very long lines (1109)","md5":"e500f6f309458ac7e1d5468075f56f17","sha1":"b915e856bdd865c9e9243cdda030d3bed29bf660","sha256":"86a0196af368f216e174073bef4cf5cd6cb881a1a90a7620e85c32339e7603b2","sha512":"e0489be531affb81403c2b281c4d47c2550b05f5e7d47632ab9b16207e32d6c15f53bb40a05f9ab2c6df880bf1b223832f0c3c7623e22c77cc68a8fdcfc12932","ssdeep":"","tlshash":"e7118ee172d7e0285c7b441364e12e7e051ed244730a0ea8cf2ebe39069d1cf3ba0565","first_seen":"2026-06-24T13:33:42.989548Z","last_seen":"2026-07-04T10:40:29.386534Z","times_seen":15,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Tennis.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.002Z","timestamp":1782998860002,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Tennis.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 8248\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: D7dIDmuBH2aO1IrjhiKV7osIcB5OkP7K\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"ec78707614e03a287bded42efd886ff1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: BKHTWV_HDliIHjd9Gsf2ruufbC8z2Ru5ga6tqA9naWZYRkfq8WIJ7w==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":8248,"size_decoded":8815,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"ec78707614e03a287bded42efd886ff1","sha1":"216bd2c8ea160f41c82922a0f804f43fbe7cdb44","sha256":"fae775b3cb1d5c285e59a6151664c66c8600c08ea2b97ad11b4d62eff09227a5","sha512":"5cfb8dfeaef0ffa73988ffe8f3e02ff0c6f5b0a1b8df35018466f5a5b696bff1adf37b94a8eef2a919aab4b7677d6115fbef8c9ae3abd9fb8bb9c7397fecd403","ssdeep":"192:FSZzIeHoSlQgOAD4EothrHrnXDsDqZnUwK/ie8U1tmWKNYy7:kTHb2LTEihzrTs4K/ieztmtqi","tlshash":"ab02bf2091e265dc9c7a977c550fb42858acfcac081225b4bbe17a7d271288ac1bf1e6","first_seen":"2026-05-30T07:41:04.760904Z","last_seen":"2026-07-04T10:40:29.233988Z","times_seen":24,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteConfig/202511/ee3819441aa843ebbc3fcfbea1bcbe83.png?t=1782998860885","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:44.312Z","timestamp":1782998864312,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteConfig/202511/ee3819441aa843ebbc3fcfbea1bcbe83.png?t=1782998860885 HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 42751\r\nlast-modified: Sat, 15 Nov 2025 16:16:45 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ZB_X_s3yYKWbNy40BHwk8SsZ68ob2BID\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:45 GMT\r\netag: \"4b7d5edff22eef9f76863fbe30214b73\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: S7KNMALVp2Mfe4t__L84lvH7t5SVUkV8mnfecefPOkbhxltrTXHd5A==\r\nage: 324\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":42751,"size_decoded":43318,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"4b7d5edff22eef9f76863fbe30214b73","sha1":"a99d5c2d985ad9d22b045879a7870209fb614722","sha256":"da43fe136d4c9a0e7d859c35849a09ca7675a07f207aa4cd083c1bec02f0d70e","sha512":"a2e6b94f92242170f1044ac0d75b63a1e58f9331667e240269eda228c9f3bee8b8a592c9d87327df6b1d71938f30a86843d522ddc8ae1687182dc20c3ea87d5d","ssdeep":"768:6jgtLyYlr9sWCEbsbMSYd78COUW1+CNToJJwrQLMofwb4XW1F:aDO9sW2bMj8COX1+CN8JY5oo8m1F","tlshash":"2a13f1b34481c0e0d882187b8ee31bc97d3a570917f968b55e74a472e62b3446f6d3e9","first_seen":"2026-02-24T07:43:44.927031Z","last_seen":"2026-07-04T10:40:29.32556Z","times_seen":22,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.BTbhL9pU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.920Z","timestamp":1782998859920,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BTbhL9pU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-5e80\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24192,"size_decoded":8256,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (23920)","md5":"ba7b45c505fa954e014b18b60c0062f7","sha1":"3fc8cdf5c6c66520da576bac2f43a4ceeacaca85","sha256":"9a3651b7bbaeddef2ed50c308f1b24d760bebbcceb8198ad9e1e0f64ff91657a","sha512":"7a1638360a8137db401845d3ecd865dd763f2f2da17254f52420360e3dbfc4ea5db2595440b52510253450f9831e9778d5835538109aa64ce4b1964576a79897","ssdeep":"384:nYd4MMg0ZuJeBK/ibanSC3gEDbm7UjFjYxPeVYeaFXlFefPcoSv0Lby7zyao:nYd4MMgHeBK/ib3C3gEDK7Aj4PeVYea6","tlshash":"61b21a47b13a1e7eb3630da0f0690597560c7fdbd410da80a5ff1d701bdac80566da7a","first_seen":"2026-07-02T10:56:16.473652Z","last_seen":"2026-07-02T13:28:16.933821Z","times_seen":4,"resource_available":true,"data":null}},"time_used":494,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":494,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Boxing.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.032Z","timestamp":1782998860032,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Boxing.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 4818\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: jKajfFxiBf50xZRNiPtqvaRJlW_XsmuH\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"522f6206be2b4d3a8115bee642891f15\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: l5HzBPTCvgKer6p37r-QIANKyuk5L1RJeit0PAY6S8uxDYl3kQyFiA==\r\nage: 2026\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4818,"size_decoded":5385,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"522f6206be2b4d3a8115bee642891f15","sha1":"7c9f3823361734a79cf056392e955374a90387a4","sha256":"6e4ea93724188b909623297f786de73f0b1b5ce771d8c0295bf2d2158dd96577","sha512":"5ea59d2e26257c4413808650b9a79748fdf0619b850212ca69665c6c0a5a9e5bd97302772ad5beaf4b0535fcd234a640475dc18b56b23155d144905539f79ac1","ssdeep":"96:87SJkGRTNlYiL9IbIa8vDQeTfqQ6AHwtDADcmOJV6MhDgfW4gz:WSJk+TjYiLWP8vD1h6ASfbJV6MFgfs","tlshash":"92a18fde14f9e87edd5601c2e72b1b5253a3ff8241c3050f9c754c5c98250966bd766c","first_seen":"2026-05-30T07:41:04.717826Z","last_seen":"2026-07-04T10:40:29.217313Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/MatchOddsPanel._vrRQHid.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.096Z","timestamp":1782998859096,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/MatchOddsPanel._vrRQHid.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-2ff4\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12276,"size_decoded":4550,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (12077)","md5":"3e80b75c8fa37006bf964fc7924391c6","sha1":"7c50513956160d53363117fce25f668aba56d8f6","sha256":"ac1533500dff6ec7946aba90c5110b4c450f3a697f1674655a9ad9a271a4c538","sha512":"d1a4e9093a38a8d2d50933274991a3fef8eeafe6ce6a2db8eeac597620e99d0aa555c8dca76a20511b306b4e8c2f92af10fb350d1bd087f64ac4e7860f8c6abb","ssdeep":"192:r3F3iBrmH8QMrZIghSu/iCX8s2coeSQ8zNW6XRpsDsFiwEFNgk:r3NiBrmHHMrZIYSu/iCX8s2coeSQ88Z/","tlshash":"3b42a7cd44c64119f7140a65e07a31a6ddb93c09740af642eefb5cfc2a11d828fb9f2a","first_seen":"2026-07-02T10:56:16.36776Z","last_seen":"2026-07-02T13:28:16.939748Z","times_seen":4,"resource_available":true,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/use-keyboard.B7z3Zalq.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.928Z","timestamp":1782998859928,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/use-keyboard.B7z3Zalq.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-4ae\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1198,"size_decoded":812,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1197)","md5":"ea397845558570f06dc321f62f44b9cf","sha1":"1c7f0f89cbdf602b407abea30fde12021185b346","sha256":"752effbc336dc3d8660b0201691f2df155345c1495043eb35e4cf14f18424623","sha512":"c8bc4618f9a3221297a26c6ced4a2a62a83d9d61eb11651347f228042c85e33f995eb27f11f25e4223cc52188a47bd00b992cb0ca28a7aaff463b394cd65a158","ssdeep":"","tlshash":"432154a0201d64fd9aa9ded82a3fec0034927970b009b861107ddf3f9ff9a429543192","first_seen":"2026-07-02T10:56:16.476716Z","last_seen":"2026-07-02T13:28:16.941758Z","times_seen":4,"resource_available":true,"data":null}},"time_used":490,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/88d209a9afdb94c2f4c0f8a2a09240ee.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.789Z","timestamp":1782998860789,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/88d209a9afdb94c2f4c0f8a2a09240ee.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/MatchOddsPanel.C3ylOrnJ.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.108Z","timestamp":1782998859108,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/MatchOddsPanel.C3ylOrnJ.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 57\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-39\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57,"size_decoded":444,"mime_type":"text/css","magic":"ASCII text","md5":"c1a98d71ce6f556564bb4019362a1a53","sha1":"f01846afa1c087928f90f69c50101d40ecae8699","sha256":"0cce136a72a9bb84eedd4ef42258b56743b9184fc0ac85bd2f2017eabf109e99","sha512":"c42adb7e999e33ef303b85fc56ed60c257f60d0c4e0e35ce650d6f8a5d17a3dd1d7770b384f3497e48c9326ddce82f03f2d6fbf78ea074e93bf0646c02344aef","ssdeep":"","tlshash":"09900214e408041555ef96d56a8270020c04a1da980003a37925dc4dcc675a53096a16","first_seen":"2026-06-24T13:33:42.992892Z","last_seen":"2026-07-04T10:40:29.171895Z","times_seen":16,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/vip-icon.cH3STq8z.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.500Z","timestamp":1782998859500,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/vip-icon.cH3STq8z.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 5288\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-14a8\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5288,"size_decoded":5680,"mime_type":"image/png","magic":"PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced","md5":"33483e43b5818f1ba75440c0efdd8319","sha1":"26e0799e259421edeebebb5623a9b6ed137bacf0","sha256":"b42fe7b7c3c8fab256435e67ca977667e3353f7e67bbcda10ddf2b5cc13deb87","sha512":"6561643e312a096d23b7e7c2474ed59a756077f1760dd4c5dff732841c1b04b1ee739e19f324b310c5b620351dcc01e4aa5f63bda33d419528abae6a1c747f81","ssdeep":"96:vtAyrUtuis3gNlCzZZgcrL17p3frv7zgzOytFAp4nVltq0U1qZ2sLh0OEnAqz:FAyrUtuPguNGc31t3b7czk4nVq0U1qjg","tlshash":"82b18dc17b4bf14ae24206c11b926c5beead22c5f7ce6a4b514288204c93fa6052a312","first_seen":"2026-05-30T07:41:04.815975Z","last_seen":"2026-07-04T10:40:29.371037Z","times_seen":24,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/game/gameNameDict","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.107Z","timestamp":1782998860107,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/game/gameNameDict HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 45777\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":168347,"size_decoded":46214,"mime_type":"application/json","magic":"JSON text data","md5":"2c0ad974ccac106b81a9314026d82bac","sha1":"0c1f9f5934e52651b2db6a9f49a29e4b6f04489b","sha256":"f5b745b8eb75333d0d06df2828f602dda1f9f3ae3e85c4e86dff164bdbb3638c","sha512":"1c9f266ba9ddb41402e32c017f6b2ceefca55d34c398cfd7dbbb0ea2096c9dd237a30814da842a6f10cb43a0966002d4f582946d592a75b6344888846ef94d76","ssdeep":"3072:zc+Ihc8+AxjiMOE7fkaYvoiTc1RkroeWgvSREWap:zcly8eWSSREWap","tlshash":"9bf35beeca4d9dfd41613e3a064f25e974f1360fb1dd8d8471a4aa7b5ec870e0422ab1","first_seen":"2026-07-02T10:56:16.508962Z","last_seen":"2026-07-02T13:28:16.952094Z","times_seen":4,"resource_available":false,"data":null}},"time_used":693,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":231,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Dropdown.DOF8tuD4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.927Z","timestamp":1782998859927,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Dropdown.DOF8tuD4.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-49f5\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18933,"size_decoded":6220,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (7816)","md5":"b3c570048fbc3562307589ebeec6c177","sha1":"7099ef9af0dad824edb2597d51f354942142c93e","sha256":"205857e2b5f4ceadb4a714ae0efc778e4fa46acf9931ea3e4b47f0425ced71a9","sha512":"fd23c2b3d859fb282150fb5239711cc64db625f06f2d3ef8bc0eae6f7877e81ef2e29bd7d9c484cf30bcc5e59c0180ee4b0b11d8c820eb57813070930d598e1b","ssdeep":"384:pvav73ZShV7dlXoxDsw547MIfXeiNpSBpyex2yj:NU7JShVzoxMXPNpSBpyex2yj","tlshash":"2782e894f44ce5609ae385d8d29a8109a2172f83ee16d2f2f0761cd513d5374e29ff2d","first_seen":"2026-07-02T10:56:16.419094Z","last_seen":"2026-07-02T13:28:16.953785Z","times_seen":4,"resource_available":true,"data":null}},"time_used":496,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":496,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/previous-level1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.038Z","timestamp":1782998860038,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/previous-level1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 1404\r\nlast-modified: Fri, 31 Oct 2025 07:06:29 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: BLph8z.l9maxQ8vizNOqMvtgHWmMdQYU\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:15:32 GMT\r\netag: \"06596b7b56a44efb9f21add73215ddd1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 0fxnGu4baESkEGcEmXdZ8ZiE1-V3OXk016DZrd_7iFPmK3Z7vuqYkw==\r\nage: 729\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1404,"size_decoded":1970,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"06596b7b56a44efb9f21add73215ddd1","sha1":"f22a2eaa0dbdd42ee5b2c643e226f9ab7ceb5037","sha256":"852972dd053b8e4605e6993076970696eadeca15db304d304fbfe50add9adc7c","sha512":"5681f34a4a7eab4a3d722c87644c75ff34d03708fd5b3114187ebdd13116d198a3f817f3b4a259d6f41e084273908d9a3ee4afd74f2feaf0a6b74e87fd156e08","ssdeep":"","tlshash":"9a210bc0cfcd74d7c6e2455391604060edb50d5e925b53084847a9cf5c4fa0a27c13eb","first_seen":"2026-05-30T07:41:04.843615Z","last_seen":"2026-07-04T10:40:29.250587Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:58.878Z","timestamp":1782998878878,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 50366\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":468870,"size_decoded":50803,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60302), with no line terminators","md5":"3fd9d08bf9f38c2a86bacaae1795bc47","sha1":"730401b3fa7dec09b052d899a789b00971c66575","sha256":"2a1dc957511d1573486b08c32cb8ccbd4323d0e0d9003bba4a7cfe27e194a25e","sha512":"dd77a283ce42380e77b2e4843b3f96697022ded8f52d5f7a792a18bb3a7afcfb45cec70d708f683c6e12a3d1962abfb50086fd15a702029ef542b2e5d45fe934","ssdeep":"12288:j2Tm5G3st8be4oxg8Oi0+QoiCqe4fCO1t+k3K0j+6buAQ:n","tlshash":"3ea4248a692dc4fd9ac67d02e4cf3095e4e03a0be84d2d4008c67e6c9e5fb63b527567","first_seen":"2026-07-02T13:28:16.960349Z","last_seen":"2026-07-02T13:28:16.960349Z","times_seen":1,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":715,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/Skeleton.1zrvalXo.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.068Z","timestamp":1782998859068,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Skeleton.1zrvalXo.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-99f\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2463,"size_decoded":1494,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1286)","md5":"fdd36081b374ae74cedd91d0234b7174","sha1":"73bca12f38d39d5dd22cc84f130928f28eb03ece","sha256":"0f2de6e24d4d19c190afbae5fbba1b86e7761dac13db6bddb0622170257d44d9","sha512":"35625c791da328381707b7b5d03a4b6bc01982120ecf83cffb7262e58a7fbbd39ea7970247c7e2cc17331f8529364f220741fb2196034abf4e490e72bb0893b0","ssdeep":"","tlshash":"3a51a79cf2dda8f769e3c8ff626a4754101835856770e2a0b2b638a136012779721f12","first_seen":"2026-07-02T10:56:16.448899Z","last_seen":"2026-07-02T13:28:16.965053Z","times_seen":4,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.D4fNHM_5.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.834Z","timestamp":1782998859834,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.D4fNHM_5.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 759\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-2f7\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":759,"size_decoded":1148,"mime_type":"text/css","magic":"ASCII text, with very long lines (758)","md5":"aaa5eca5d46f37840effa67bbef696ea","sha1":"7baf91513b0723056512685ab04a61163ac6535f","sha256":"3c2716adbf811567dd5b9876e5a95c826cb22dd64e5b1aadd104026c99a1688c","sha512":"167a3143db3b92e81a2e0c52e2ed297b065ccbd3eb40b90cc03294e2aa77669f1b14e5849be90d88415d919f7da7652919698062498119ba3553592501edf185","ssdeep":"","tlshash":"5001bd162d1ac13e406fe187a9619dd402317683ca400ef9d6af70b05dc74d2622aae1","first_seen":"2026-05-30T07:41:04.765745Z","last_seen":"2026-07-04T10:40:29.402471Z","times_seen":23,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/e1827708abfbe8fb5ea3a7656e41deea.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.768Z","timestamp":1782998860768,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/e1827708abfbe8fb5ea3a7656e41deea.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.Bwa4_3Tu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.880Z","timestamp":1782998859880,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.Bwa4_3Tu.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-6e4\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1764,"size_decoded":1333,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1699)","md5":"b7ddf40d12eae1146fbe9e3a9bb2e14a","sha1":"f9e5d7dd6267b8c21bcaea74b056523e0fc52786","sha256":"d5fc5608dd6388a80e002ee413cd7a63a511da14a5db33d35c8e3be6bafa7af4","sha512":"0a20ca884c1ecde8bedb0d9a9f5fc69df6e39563f183c4d24e657d3f214d53d7d67a1f23aa55c999ddb5349d911a511aa34f2287c232a95ab4f46ade82169b33","ssdeep":"","tlshash":"eb31c63eb47a8bbc725b0834415108ca362d3f9ee275e094c0f849161ed6de0c36b028","first_seen":"2026-07-02T10:56:16.405448Z","last_seen":"2026-07-02T13:28:16.969156Z","times_seen":4,"resource_available":true,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/InputOtp.DzE8sEAk.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.892Z","timestamp":1782998859892,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/InputOtp.DzE8sEAk.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-13fa\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5114,"size_decoded":2579,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4338)","md5":"ff16686b8a2979374dd7c685a9c3e0a0","sha1":"fc44d592ffb302c087194c1128f9f2ff1d689234","sha256":"b510b6fb60883abb5368f7e5d09086bd56214e3ce6118aa87a1fb2a4f2699ddb","sha512":"8c48f141a1e028fcfd7fefe02b67d21f5be990665697f0c153f5ca7401d7b8d0db61532286c333f9767677758da25e15c3bdd36b526c5f0f79aa36ae5f999ed9","ssdeep":"96:+Ns2Ib5bPHMw5wIHXzspv6aJSuFbT/Q+qMhvd7GERnNQLE0yFzsV9HGfC8:L2Ib5bPHMw5wczspvV1fQ+qM5pRNQLLq","tlshash":"7bb10a993193a1b1b6e34ee1846d8021e3163e08647df0d0d573dc951aa0b8962fff7e","first_seen":"2026-07-02T10:56:16.435632Z","last_seen":"2026-07-02T13:28:16.97145Z","times_seen":4,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/MixedMartialArts.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.028Z","timestamp":1782998860028,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/MixedMartialArts.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6110\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 2sqr0o7gNP0Uoq0QnPZLnpM1Wa2cqG4B\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:53:55 GMT\r\netag: \"451745237cd6238434fc9ef02db24b20\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: ELRsdodrWLY8HxsBV8qCLBcX9zHzCujBu8MAxjhhbM21BXKtEA_d9A==\r\nage: 2026\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":6110,"size_decoded":6677,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"451745237cd6238434fc9ef02db24b20","sha1":"64e570c93605823ecbd84f79c513855d472e7875","sha256":"edc74dd7f7f552c584987a0dc5527156f213ae03fe93d9f8edb22018b17430d1","sha512":"6001d0d3ed52df16b44ebdb16834e5875d929b2f3d6b427c141a36b29c07ed2cf5a3c568acd09673dda3b9f61b331552bc048ee94f07a44a5c9c5485cca13303","ssdeep":"96:87SkiU/+1JhJdPUqvk49AJqLXDYicGhkKF7XekKH7Jz0V4AzMQ54PF2pQzSVN2IW:WSBUsJdPR9AJYzYicGhkKF7ukk7JYVqX","tlshash":"15c1aea641713318a94940e8e6c6b94b7f661d2f97b16801f849a2bc6422034d6dab57","first_seen":"2026-05-30T07:41:04.669153Z","last_seen":"2026-07-04T10:40:29.36465Z","times_seen":24,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/MatchTimer.BV565ww3.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.095Z","timestamp":1782998859095,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/MatchTimer.BV565ww3.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 149\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: \"6a46369a-95\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":149,"size_decoded":537,"mime_type":"text/css","magic":"ASCII text","md5":"88bfdaa9674d5724b9b1b58cf09777b4","sha1":"e69c6cd9ded3f566ed84aa06b76c2bdbee7457ed","sha256":"0768337eaea3355b7268e8ce374e3285b2f25e3f9a9ad42f74cf590759079ff4","sha512":"c88702a0e3af6bb19e61a7c81aca65f69f2c09e3504f615b9ebafe75bdc7a8e0f82fd7ed01371a07aab9061464dcf106fdcfab1cf20b1e991c92636cf8509870","ssdeep":"","tlshash":"a9c08c960023862869a66c901d60a21a9002b643ea869345c8ca521bc8d71932ab0b8c","first_seen":"2026-06-03T10:08:00.151731Z","last_seen":"2026-07-04T10:40:29.368432Z","times_seen":20,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/PersonLoginAbnormalModal.DXqeHgyl.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.889Z","timestamp":1782998859889,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/PersonLoginAbnormalModal.DXqeHgyl.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-2bb9\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11193,"size_decoded":4611,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (10120)","md5":"70b0e368fa78d87bfc230ad336c79c90","sha1":"4267ea293b9972f7325683349db6537379995c27","sha256":"a888cf1560afb1e851fc0ec9612ec2100511b8ab8610915c400840ea7ff83119","sha512":"f762d57b9a2caead6b25e5d7be511f65c77d47f5a13c5bc1433b12a1aeff2b9fc95e2069669bb39724d28f04105ed1e7beb1e511c7fe8e3b4994feba93216d40","ssdeep":"192:8gFkminwhdsWzw4swSfqCDd1Wi2vUfk3ERuAAcNN+OprSqeMVe:7FkRnwhmcwlfF2vUfk3ERDNNjeM0","tlshash":"9a32291c313ae77e3f5b5420b1a82098900c7f9ac518dcd7e9be4c172adaef446c5789","first_seen":"2026-07-02T10:56:16.398173Z","last_seen":"2026-07-02T13:28:16.978237Z","times_seen":4,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Cricket.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.027Z","timestamp":1782998860027,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Cricket.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5031\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 4fL12d5PikIv2r71rUVqwYa21OpaEeQj\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 12:22:09 GMT\r\netag: \"677304722789e38061437d9ae84d583e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: dm1joYBjF1kAQaERWXgx9mm_8JjUtwIDZSFKLuqTsny-NSkDQW9kJg==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5031,"size_decoded":5598,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"677304722789e38061437d9ae84d583e","sha1":"2ce92570fcab5ddd8ebe8e70728e5c66964b579e","sha256":"9582f0480895c8d2a798940790fbd0f176213dfd4f635bf3ea98eaedc4bed637","sha512":"68c53d99daf99af14e43a2435410607951ef98c830c52a19bb770c990c8554bf58ab238caef7a8c070053c2b5de3121f309f42da46e917933468d662f83513bd","ssdeep":"96:87StPdtJA1ccsvM8yN2L6R746hMkd8UPeBh9iIA3xHpcjJhA9DEFA:WStPdWHyL6HhMJMef9iIoxHpAhIWA","tlshash":"75a18ce4bbb8887edc72f98701b6b48eac5c7c8a52a080ac528f70b1315ba58501631e","first_seen":"2026-05-30T07:41:04.620301Z","last_seen":"2026-07-04T10:40:29.335124Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/LimitTimeInfoBar.BGcCQktQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.109Z","timestamp":1782998859109,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/LimitTimeInfoBar.BGcCQktQ.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-19e9\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6633,"size_decoded":3130,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (6550)","md5":"7a72e92f8939f5b0d6698aaec20c06ce","sha1":"37aceee9cd0af9ed45a569198745ed4be617ada1","sha256":"0effd87a871f2a16bca45b46ac78cf9f7ac8ed1de16e6eaa259d2a406350d0de","sha512":"20ce5699b8f3e5cf4f3305210f314d85bcc19491c06a0b03c084b5a0889e05aa5fef60ae5b831036b1546022c5dd7cefb46e2f5aa3cb8d569d774bfa57c4cce0","ssdeep":"192:6US/QYauljiffbSQx96v00tjusAw6wXbdfo/uX8Ci1El4:6USGSQxkv00tdpoGsCij","tlshash":"afd1eabc71315838f73b889851610166900d731baa29edd2e0ff1a399edcdc51ab91df","first_seen":"2026-07-02T10:56:16.38917Z","last_seen":"2026-07-02T13:28:16.983026Z","times_seen":4,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/LimitTimeInfoBar.BB_7qYiO.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.117Z","timestamp":1782998859117,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/LimitTimeInfoBar.BB_7qYiO.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 395\r\nlast-modified: Thu, 02 Jul 2026 09:59:56 GMT\r\netag: \"6a46369c-18b\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":395,"size_decoded":784,"mime_type":"text/css","magic":"ASCII text, with very long lines (394)","md5":"7767a647cd4fdc3c469b1eaf191122b0","sha1":"2141e0280c65790449d3a941af0b32beddd06679","sha256":"b265762d682c56233a80a1918c6a602cc434aa57c313b397485f345c51fb847f","sha512":"fc8650e7eecaab1f68b69fbe97587eec7ace0ecb9cf9d94858d35b5bdf53cd56a62182dbed0e8f87ea9fdbe9b9b55569bd8a3dffadc1ef63aae7d4595e68aa1f","ssdeep":"","tlshash":"5de02bf1e62d153c7cb3d8e56e74668ee2e19053c25252109281353fe8df18324a5b07","first_seen":"2026-07-01T20:44:48.06146Z","last_seen":"2026-07-04T10:40:29.194263Z","times_seen":11,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/BetCard.DXf47VMr.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.910Z","timestamp":1782998859910,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/BetCard.DXf47VMr.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-f9f\"\r\nexpires: Thu, 02 Jul 2026 13:37:40 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3999,"size_decoded":1429,"mime_type":"text/css","magic":"ASCII text, with very long lines (3998)","md5":"d8d7e61a3718eb7e2901cb58bd97956f","sha1":"3c66ec0197448a30c0b742754afcf16586471ab8","sha256":"c2b44e9e6f95f5a763e499e66f608c90d788624978417a1b0467ea393d8fc083","sha512":"ea38ad3f50b728cf7dc0bd3a8cec985e74e666bca6201cdb936a1035cf93460eb6f40be5768a44e7e77defb0841fe90c96e0e4933d353fb3864f3d6e956c8b2b","ssdeep":"","tlshash":"b781e171ba1e912c7a7fed6160d04adc660a7207430386acdfd738769cc78863b3a95c","first_seen":"2026-06-24T13:33:43.035832Z","last_seen":"2026-07-04T10:40:29.233254Z","times_seen":15,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/AmericanFootball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.021Z","timestamp":1782998860021,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/AmericanFootball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 5558\r\nlast-modified: Tue, 28 Apr 2026 03:44:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: AWeDlgH7R4a72WtiHbFp8V3pbKdvhied\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"31c4ab00b35a863a4f3579d4671a5565\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 4XIHobAC8SVHro4zGPI9RzNaf4Zoi_mY18FllnAhE4niaWTJ3plkfA==\r\nage: 3932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5558,"size_decoded":6125,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"31c4ab00b35a863a4f3579d4671a5565","sha1":"21aa5684fd8806c31e7f867c0780b31d72a0bf44","sha256":"834672e2b150ec1c2dbe42a85085267496ce597138bbb5a83f83e89ebed659b8","sha512":"9c695838c22393fe8a5237bcdf153d9557aa43f6fd56d48c0266ca636fc3dfff2ad298a4d603aca9f91ea50f8ecdf0eccfce7f7fefb133a1ca60befe76073e58","ssdeep":"96:87SKnJuC62gDWZCyd7oqdkAtpqSkGDZO/GNy9N3XzxxmJlQLMRWi4zm9:WSbWz7fabSkKNyjTx+v4q9","tlshash":"48b18e9a94764102d09fb66f4cf391b09f873b802589cfa27cc3bd663b207268955d87","first_seen":"2026-05-30T07:41:04.751559Z","last_seen":"2026-07-04T10:40:29.135759Z","times_seen":24,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/GameHeroSwiper.CIMwZgOs.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.065Z","timestamp":1782998859065,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/GameHeroSwiper.CIMwZgOs.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-3313\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13075,"size_decoded":5259,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (13000)","md5":"889dfb65de86cb9ba3827de4383314b6","sha1":"056c7f6952a97aae5990f8416fdaf590e150ab50","sha256":"3b1337bacc63202616cf8d47744d6a1557b5e541f6fd06653687604bcd623133","sha512":"49d204ec109b4c891bb960da0609802762cabfef7fac409557c0306b15c287c37602a8c2372b98f8bbcba647d594af2ca531f00eb7dace13f70db3b501d3d506","ssdeep":"384:m1D+wM6QOyM+J3GCdZI9Ix17TIvYEy9LELpLLLK0d1sXXR5RzR:m1PM6dyMeGcZIyLIvYEy9LELpLLLK0dI","tlshash":"da42e85c746245bdfb3e898b1254781d71282b82eb65d4c5f2fc362617e2c79ca1a33c","first_seen":"2026-07-02T10:56:16.483207Z","last_seen":"2026-07-02T13:28:16.994255Z","times_seen":4,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/league6-active.CweVPZl0.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.071Z","timestamp":1782998859071,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/league6-active.CweVPZl0.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-61fd\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25085,"size_decoded":14767,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (24948)","md5":"c03a350aea54decb52d5fb0d7297c05b","sha1":"53414e49c32e5c981295ba23631508a53e69a493","sha256":"ef818b9a0b6d8d5e8f9ccf1e7f982d59f7b2e55c7b60e2042bb9baa1b21a1de1","sha512":"3b7490181964ae4af2ecbc9322d49e5a2d02a6efe3cf79a49799ab0727c4cb8767f67e7d83bd84f8d3c789d45473452289e2d74b16517b2d6666bb285af1a0a7","ssdeep":"384:prhaZ+JwIhoZSPFZBxSeqsYf39WyvYb4l4D+rLJbocR0EtxHFl:pcwJwI+SP+epYf39psOecyEt9Fl","tlshash":"30b27d6935c71d3ed39318a470a900907cb83eafd0189841eafc7a617adac50ddbb2dd","first_seen":"2026-07-02T10:56:16.465857Z","last_seen":"2026-07-02T13:28:17.000374Z","times_seen":4,"resource_available":true,"data":null}},"time_used":339,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":339,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/siteRewardModal.xFNIXZ9j.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.505Z","timestamp":1782998859505,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/siteRewardModal.xFNIXZ9j.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 698\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-2ba\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":698,"size_decoded":1004,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (679)","md5":"b2c68643caefc7cc85d869ec6effe659","sha1":"9c5873c5bc1d270fca3cb4c9fb8180f554313049","sha256":"cfe97d949f929e7fb15d510ebe138897344624f202f125f1fae37199dc71b9bf","sha512":"97b2826cd1e34facd81bb5ba4602a8abf3e31b7d7be69bfb03080395de1463340f34f61675e58ddae991a411d960ef880e67c24817fd15be9ed184edfd285b8b","ssdeep":"","tlshash":"33017607e80934b914b766b2745579020398b93a958a022c39b538df26dc885f3f9f30","first_seen":"2026-07-02T10:56:16.471897Z","last_seen":"2026-07-02T13:28:17.002674Z","times_seen":4,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/member/f/common/getVerify","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.981Z","timestamp":1782998860981,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /api/member/f/common/getVerify HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1697,"size_decoded":1654,"mime_type":"application/json","magic":"JSON text data","md5":"781676a6220c417175b34384370cb5d1","sha1":"c1026a50ff80555d97a7bb036565c5cc2870f1bc","sha256":"3253210630b5dc5ed9d0883f5c15ff371e58c88127b02d253cba8baa46bfdfcf","sha512":"44f10177fc65599228e61220018a66e76a590a6f9197462cc582e55f0c07c20a2ef9bfd2cf7f758f17a1442af627abc60b67ca2e0cb25d5881b2df9a05d4dcff","ssdeep":"","tlshash":"bf311a2495db3bb209012d75840a11879ae986cc0ba0475ef3eba65415388033b167c8","first_seen":"2026-07-02T13:28:17.00488Z","last_seen":"2026-07-02T13:28:17.00488Z","times_seen":1,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":305,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/1d6c905e1243664c54468b40aad58e8e.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.784Z","timestamp":1782998860784,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /data/1d6c905e1243664c54468b40aad58e8e.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T16:30:45.19793Z","times_seen":16979040,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/index.CBQFteMD.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.063Z","timestamp":1782998859063,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.CBQFteMD.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369b-56e7\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22247,"size_decoded":8316,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (22096)","md5":"a59902a0285d043c55167f4a642602a2","sha1":"574acf182fe847d91d02ee3dfbb1ef02ba2f26fb","sha256":"b73c482cefebec71c3f8a6a3ee7239a5624aeb468c5b60067c313c486fb64a62","sha512":"caf812ed14ea0d6fc353e0e9638c5e9559a4d1be3d4a0c16872467bda3fb7cfdf80b20472857bb42424c354667a5f87fbad32501f80056662702c6c8b4a7e6f0","ssdeep":"384:i3wV7VOG3VHjGPbQFfoZAD7FP81Rvs0LjxCDNLp/mDubbOPzHgzjOrJbsI:gwV7VzVDGYoO7G1i0XxCDNLp/kub6Pz/","tlshash":"dca23b0db1121c7ae7f72af0b02c406076742ba6e006d989f4fe8fb53792ca19745f66","first_seen":"2026-07-02T10:56:16.506734Z","last_seen":"2026-07-02T13:28:17.006992Z","times_seen":4,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/OrderLimitTimeFreeModal1.C4a58RVW.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.114Z","timestamp":1782998859114,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/OrderLimitTimeFreeModal1.C4a58RVW.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a46369a-2b97\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11159,"size_decoded":2929,"mime_type":"text/css","magic":"ASCII text, with very long lines (11158)","md5":"e21a09417fc3032da1d543c82918370f","sha1":"410e80a44a66faad903756badd7e000259621605","sha256":"57465ca913e9f5dabecec11316ed9eb0f67fb3a6c742ee0eec9055293531265c","sha512":"e252e8b9c23189427fe273301d71b83d998737fa99d4ba8af471871b4f001880cd4a2993890c8521095c5e4f42bbcede09deb77d9d4fb7ea31bf6a533e4077e5","ssdeep":"192:31LO8qGeaitxaKiceMPpqsqdQPfixyK47BggZMBF2MFkfrIAFzo2BuyUGPLj7cm:31+G3oxaKeMxp4QPQgxrpvFzTBpP","tlshash":"5b3285b0b46d3038b537e758e4e05a8ee1e5e153e6170518dad5732998cf383297e3ca","first_seen":"2026-07-01T20:44:48.012008Z","last_seen":"2026-07-04T10:40:29.252546Z","times_seen":11,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/download-icon.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.490Z","timestamp":1782998859490,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/download-icon.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 160824\r\nlast-modified: Thu, 27 Nov 2025 07:50:02 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: UkjYisdUFOjtYCmRmzU6E7Zr1fXYm_Jf\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"4ff046dfc19389a1ba22fc7e62ef1d2d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: -7-uw0T_xVGRxHdBnpaCK8_wEOT3YQRqnwE5dF3jD-vKjomK-wXS8w==\r\nage: 3078\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":160824,"size_decoded":161393,"mime_type":"image/png","magic":"PNG image data, 540 x 432, 8-bit/color RGBA, non-interlaced","md5":"4ff046dfc19389a1ba22fc7e62ef1d2d","sha1":"b162234dddef66536083082d08bf85b57c75104f","sha256":"fa1e0aaf146270fb5a90bc2ee852fb900620df69bbd0178ad891e00bca13d01b","sha512":"db05faa994f21e2f970f8c8a812c350e0a9991a08043fbec3528e118508585962c25fd608264163fac98ab361eb9ca45b50530cc94bbb1f572c9f1008d36876c","ssdeep":"3072:qrS1mNb6SKUmpEfC/GHRGekGwLPErCRGysTbXkJxO4ojukORdlpLtTeR+k4dDy:d1mNbPK9pvGH4HiTbUJguNRpLst","tlshash":"16f32346ec37b5f8a9fc2b6a3b64c0441f4d4d1a138f42e750bd4e3b1e8260239f9a65","first_seen":"2026-06-03T02:50:08.031588Z","last_seen":"2026-07-04T10:40:29.178843Z","times_seen":22,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":11,"connect":2,"send":0,"wait":3,"receive":2,"ssl":224},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/Champion.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.567Z","timestamp":1782998859567,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/Champion.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 63468\r\nlast-modified: Mon, 01 Jun 2026 11:10:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 0tYGRaIDz6wEVA6H1tyWwwdrTeknX9fC\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"4359f4865294e8b9c531e6d29073af21\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: JHmj7PmPgfeWWeV2Vs5rzSYE8dme6ZvWjdOanR-hBcvyO5aJNovkdw==\r\nage: 5438\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":63468,"size_decoded":64036,"mime_type":"image/png","magic":"PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced","md5":"4359f4865294e8b9c531e6d29073af21","sha1":"0592efbd26aff43412f8831641dc5556b2b5d517","sha256":"1fa794ff9b760fb7e01db7c07a2d026b59480a51414884451604fc17cbd823d8","sha512":"e4880805c1a2de3409d093c6773b599bfa10abf62b6eeffdbb0d41394ef2d86b0abbb41f88efcf212e18d9e000acc6e15bb3ea92c4e82d7d1afe88f8fc0b10aa","ssdeep":"1536:UE1e8OFvIhJUL6qeaW4Nu/tvtflSCm/ZsMj+I/huI0t/PCYLnLKl5:beDvIK/2lvtfsTBsA+I/FJKL05","tlshash":"2c53021825ed3bc25d3cc156f5e331bcaa24d06723650b22edc7fc192e8c2ac7513a5a","first_seen":"2026-06-24T13:33:42.979881Z","last_seen":"2026-07-04T10:40:29.407285Z","times_seen":16,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":76,"connect":3,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/useCommon.OIkAmoc3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.891Z","timestamp":1782998859891,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useCommon.OIkAmoc3.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 971\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-3cb\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":971,"size_decoded":1277,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (942)","md5":"53f53ea74260795752a29eddd9a449bc","sha1":"8ac5e31c4bae0c1582f87149151757b2b2d13697","sha256":"5c1de52323ac38ddb8fab9dc34e4b6335e8c389e911937e9948269108b0b5b5e","sha512":"a5449abbdc06a25c73db44463c09a3746be3dfd532a264f8ef4705edae7ba01cd8ffa06532a1a192691f37c5a65669c6fcb345e3f5b10894cbd901247510bd6c","ssdeep":"","tlshash":"101150ae2f681cbd912858f87a5b08124216d6892e1ccac1b05f4d29b59de80ef72fc5","first_seen":"2026-07-02T10:56:16.429026Z","last_seen":"2026-07-02T13:28:17.015593Z","times_seen":4,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/img/right-icon2.CA_mfVyH.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.492Z","timestamp":1782998859492,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon2.CA_mfVyH.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 60519\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: \"6a46369b-ec67\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60519,"size_decoded":60916,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6111e72a5bcd012ceb62d5add84c9949","sha1":"cfd667f062465cd60f7f5be64f51eba0ab42ce4c","sha256":"e392f4128c43fdb316678c473bb409494391cb098ff17f3cca050524c927dbbb","sha512":"b9434c10216cfb60779054bfdf8e0399eaa9e38e9ddb664512ea1e54ff70b0cd4fe2c42c910a9545b7730cbae9e871d339c4c636b1a5ab42d94f058f69104c88","ssdeep":"768:aTDuFBlw3W63T+OrENriyaolJPS2J9SzEt1rHnJrYr7U/ggNL43iL9Mu3iaarv:aT+wGy+O789k6rHJrYr7UIgNCUauybL","tlshash":"fa4395f5a7d8b2e0e106ebf4d4229461775f3cfe7fa6cb9983a05d90d62205c898dc90","first_seen":"2026-05-30T07:41:04.773059Z","last_seen":"2026-07-04T10:40:29.312147Z","times_seen":24,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/js/usePagination.DqzuaO-X.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.921Z","timestamp":1782998859921,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/usePagination.DqzuaO-X.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:55 GMT\r\netag: W/\"6a46369b-402\"\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1026,"size_decoded":843,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1025)","md5":"657dda60881dc1b2eec0637b5c6fa760","sha1":"48eb018d66f5243417504da6c476184306037c46","sha256":"548fdd0bb1bec74eb3743f6811f07b4c415cc45c044f5cc9904ec782ba532cd7","sha512":"dc6594067079f827b2caedc623aeed01e8ed381453c7aba10d199eeef4018f8ae4408461b7582a94fa5d5ffb33ca4590581e323c855bc0de3482782a0111b256","ssdeep":"","tlshash":"8d11c286f26b31b45379c8b59099144c4d046b95756598c87dc9575963b7ccc3345831","first_seen":"2026-07-02T10:56:16.474629Z","last_seen":"2026-07-02T13:28:17.022131Z","times_seen":4,"resource_available":true,"data":null}},"time_used":503,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":503,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:40.049Z","timestamp":1782998860049,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 705\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:40 GMT\r\ncontent-type: application/json\r\ncontent-length: 49679\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 195.64.118.152\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":467286,"size_decoded":50116,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (60302), with no line terminators","md5":"a8331df1f2430747a1d61bfe66871147","sha1":"c29f1f4f9f3fd555a915bac81ea73b34ddec6682","sha256":"1329bddf1f3f4066e90e8bee2e8d3ad32f5a79e5464d7284f2703fcce28eac44","sha512":"15b6afd1c8feecaf2501d2c2afbc802fe05f120506c8da6e996a4215b34afe21c4ea2f092d9202c45f8784fc70d0ea80ec2980d5f99a72558bac14c30b4bd51c","ssdeep":"12288:+2Tm5G3st8be4oxg8Oi0+QoiCqe4fCO1t+k3K0j+6buAQ:C","tlshash":"95a4248a692dc4fd9ac67d02e4cf3095e4e03a0be84d2d4008c67e6c9e5fb63b527567","first_seen":"2026-07-02T13:28:17.026259Z","last_seen":"2026-07-02T13:28:17.026259Z","times_seen":1,"resource_available":false,"data":null}},"time_used":558,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":520,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/static/css/index.D9QCF6o3.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"47.91.109.114","port":9971,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.123Z","timestamp":1782998859123,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.D9QCF6o3.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/home?inviteCode=48093\u0026cid=36\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:27:39 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 02 Jul 2026 09:59:54 GMT\r\netag: W/\"6a46369a-102e\"\r\nexpires: Thu, 02 Jul 2026 13:37:39 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 195.64.118.152\r\nx-forwarded-port: 9971\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4142,"size_decoded":1051,"mime_type":"text/css","magic":"ASCII text, with very long lines (4141)","md5":"7a23d56eec17c23327f7736d9f6886f5","sha1":"50dd84fde91d56fd230c86dbc2ca1fc658c7c608","sha256":"3420f740079364fe98e85ab35deb01853c55ab98a4a77ef749cd5f9d2444e561","sha512":"f19347ef23dc5e3860fb5b2b9ff2752306475828f348478bfff9c86be032ace4f138f5f28c4253d34aff6fc057d4e82bbd4982a04840d4a34d2d19a01a2f2fcb","ssdeep":"96:QHeyMIJw+3UN0x+Gi0Obh0bydxM7373RZ:Q+yBWyUNcY0Obh0bydxMLLRZ","tlshash":"608194c171f8f02b56735937247e1aba483e7ac187058fbc5ea7a1c40961ea93763437","first_seen":"2026-05-30T07:41:04.609943Z","last_seen":"2026-07-04T10:40:29.147785Z","times_seen":24,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top2.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.40","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/?inviteCode=48093\u0026cid=36","date":"2026-07-02T13:27:39.498Z","timestamp":1782998859498,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top2.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com:9971/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 22898\r\nlast-modified: Thu, 14 May 2026 08:14:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: LOGnTppTdxck7hXyAQRzzudvdKdru2uw\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 02 Jul 2026 13:26:41 GMT\r\netag: \"c60454ca36eeafbee3a4c9f6a3609c37\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: F7Gv4TmNzkrEYn-aqJVHvKqZVfoY6wbFoazTyYbxlO-jeMJmfFfeIw==\r\nage: 6132\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":22898,"size_decoded":23466,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"c60454ca36eeafbee3a4c9f6a3609c37","sha1":"bcd3671b6c4279a93ebc396e6ac0394112c9cbad","sha256":"f18837f1607b0b5de317b9f4eda6988d31e2ba388d6c088dbadec6fab7eca28b","sha512":"7118ea5a0b3611854f8459e64b538ba3ffc9fa38a57a27fb288a7c0d4832a04db7499b8f4ebdf1a6f919141bf62b4a0f29c32227a76ac3f43b31ce8cda811c64","ssdeep":"384:5T6fLwuMSdYyWN9QtajC61NoEbjIESOpG7QMW/AfFc/GAzzCoRapt/PU58J6mfJw:9UMysBjC61NoEbXXpMFSz9aCmfZp8N","tlshash":"5fa2e1850befe594ba773154768f0a6a851b7a9e401ccf2eb26d3835d4c1cf1a090f4b","first_seen":"2026-05-30T07:41:04.783326Z","last_seen":"2026-07-04T10:40:29.332255Z","times_seen":24,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":3,"connect":2,"send":0,"wait":3,"receive":0,"ssl":226},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
