{"report_id":"61611a55-3e97-482d-97d5-9c93021ab5d6","version":6,"status":"done","tags":[],"date":"2025-11-15T16:40:58Z","url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"172.67.155.227","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"title":"Winzzo: Most Popular Online Crypto Casino Based on Blockchain","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"172.67.155.227","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-20T16:40:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"winzzo.vip","ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-10","domain_rank":0,"first_seen":"2025-11-15T16:41:01.841542Z","last_seen":"2025-11-15T16:41:01.841542Z","alert_count":310,"request_count":62,"received_data":6923135,"sent_data":27825,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/34230-e87c8d35c9fa1ab6.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9b4900ae7910372c39f90a4ebc702603","sha1":"9a24a588c269ce9c3f57345c32fc19f6681dbc0b","sha256":"09f6962b4e78defeacf0013f19bf739d5427801904333b19f9ab4cf541db3440","sha512":"4a02c00c407ec0eee649e22031775550a2e27fd675d23235783ec11d04efda2480a219e318fbba5739af05b0bd575f5d6d94a5a5dd2db29a03b891b9ba3069d4","ssdeep":"384:05ae/t9qDM109qxJ7aPk9RqKIyoIPzM73I/AKIJ1L/7E48z/08zXvnL5/Tz7qt5V:veVwDM10wxJMKIKIy6IzIj/9KcKN/POB","tlshash":"b5a272c9a390993d2583c53fc635b426e2bf09fa753e534062a9c63df909cc4e7365a8","size":23047,"data":"","first_seen":"2025-10-16T04:05:32.834372Z","last_seen":"2026-05-23T15:36:04.92212Z","times_seen":13049,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15510eac41ab1d5ef4d07adf66470336","sha1":"af7eb0a2168918b5999e83b71a10ba52809f38df","sha256":"e5b9e2570593ab1e59ae6a397baec8491e4c3d5e4628aa1439940ac0e2aee2fe","sha512":"116e3ef82cb1608f729f9731bf3ba61a1a75624fec0adf57d0536e5f7e1abae6c939e93af5bbde399079cc1634b5ffda250a76f08571d2e30c88eceecd05b22a","ssdeep":"3072:btfjLiM+NFCC4YQbCCAaI/02UHCgwLRE4:btfj2ld4Y40fUHQRE4","tlshash":"0df3f7e83d99e2116eb342a7109f2803737c262b240d4c60a615fd9db5b845bb17bfde","size":168420,"data":"","first_seen":"2025-06-09T17:09:55.347659Z","last_seen":"2026-05-23T15:36:04.89081Z","times_seen":13199,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d4f58df8ef556437633bb90cc31469c4","sha1":"c1c713bb5046a54cb79a8e7537b6d7fca624fd45","sha256":"2dcb2e50c883929aebb7a64a7a22cfe2260d856a3c36a6926c082da19c552b7b","sha512":"54c8a79f5897cd198db689700c24f950ad7fe19eed815f8bfa0e47428701d8c84a1fd8f677a6f1b2a4f1443f35f2dbd19e6f456ceeebfb1c59275bb356e1a5e9","ssdeep":"","tlshash":"bfc02b041427c47b421c6f4dc02243d4e4b020bcdc492480801d181800d0c313b40cd6","size":130,"data":"","first_seen":"2025-03-25T18:26:20.414558Z","last_seen":"2026-05-23T16:37:50.796078Z","times_seen":36850,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a6e1178e4bbf5730bd664a49dd3bc24","sha1":"17c3ae3273f9de6afbbdedf2e413dbb3a6722792","sha256":"3814cddd18b2095e01abb745a99e5ada90178e709c09879324c3b623f2d829ea","sha512":"cfb1aab0bf589e33fd12906f448ddbbf7163420a088de513b174304c9ba3a7abcd9b41c98bc4dd51edd0206c1fe4660db9857e3c6163d1bf50c670cefddee509","ssdeep":"","tlshash":"de9002b090c39c5890264186687100160b6c040c01080141132184d810115048e40d8e","size":43,"data":"","first_seen":"2023-03-13T01:07:12Z","last_seen":"2026-05-23T17:04:42.650177Z","times_seen":138436,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/58172-2e2ad5efca352ade.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9784916761bd2bbc76012952021d42d","sha1":"253cf85cec6b9a53b449d758e2d542a9a182bc23","sha256":"c0b7563919543117a0168d95e03a8812821df1f79a8bf094dadda24536660d92","sha512":"54d0abe66c6ec80868c406f1838ff8760bcae6758bd406c57e29d3ae842812ffb81cb315706c46e5d6a26e8bb80c7b1fc2787d02e360d635ebf22aad6c3c7431","ssdeep":"384:H74ml/FeOUGcg70p+tlof7VCEv/f2rVdVOmo778U/eWJV+o6:b4mldXUGZ0p+tl8VCEv32rVPOmg8UWWo","tlshash":"cb62a6d12b10495d3583ce7aca363929f2ef69ba393d57401168cb3cfd18ad4e6361e8","size":15156,"data":"","first_seen":"2025-09-13T11:18:32.621492Z","last_seen":"2026-05-23T15:36:04.894597Z","times_seen":13121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1704fc737e37afa34078b3b90ce1466b","sha1":"f642e7cca28c8b995f3f4899b952e4bdf160e8cc","sha256":"ba25c8f949e7798164c1079101ba2ee33b4ff67636e0d3cfd6eea51d802de2a5","sha512":"97e1f6730f8fac6cb7616812078859a0950be977aca41e11eb6731315a17db5ef2831a299d1df9e3f6ad49b08ef855c2ffbbef53331c689ec2d4aa891a8223c3","ssdeep":"","tlshash":"6741200fb208e4453ca3ee1b42331e76a48edd730279f26ca54eed6e11429be476c965","size":2248,"data":"","first_seen":"2025-11-09T13:38:48.730364Z","last_seen":"2025-11-16T01:25:44.576391Z","times_seen":303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/53090-941dd81da5fa3210.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15925877203605d5f2355beb36d57347","sha1":"17da103edacb7e181adbf9304938d039a200c1d7","sha256":"a986f72fb7dc330235296b864ba0f244f1126b2eff777b8a13ae36875dc96157","sha512":"ad516778c2e0dcaa482b03f5ab7a44fea87ce340ae85aba921277db245d9e6c5a49f70a27eeb99b6bef662c873647590edc83e75c63116c4e456045245b91568","ssdeep":"384:hC/SLOZgztFl6pfisYkxdZEAXtwdt4DvWmV9PvTLsb6r7/:Y/SCZ4Fl6pfisYyZEhdt4yIWbU/","tlshash":"0862c6e0d362fad8ed6785d5f12ea906b11f2f988b19c074f6b85c2053181c4ba27b9d","size":15666,"data":"","first_seen":"2025-10-16T04:05:32.826709Z","last_seen":"2026-05-23T15:36:04.940848Z","times_seen":10988,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/31684-b8837a619f76486e.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c9e1f9e9713d9d76f976369dac25760","sha1":"1d7cfa0fb89dd89210e337557ab9af8fcb9e7e17","sha256":"07adc3c304cb5798f2e26622c0215307b7b65a7f8bbb87a32f44832f781b75f4","sha512":"a34dc478e1f217f0cf2d8a2c291b933dfeb5121fd41a2f08f2ec3a5b526ca55babffd1358cf0b55ad15009821510b7f6ca9a66793931023d3910d85938ff1b0b","ssdeep":"1536:3Hk+1qVc+dJWgclHHlU0Zb8OeM8aZLoEAEuRaQ3aTcXH10nZAEUOW/oM+G6GZVsT:VqW+dJW9xAMiEuV36XZNGZm01A","tlshash":"5704b8b676d0f89107a780d5843b400af3395c3b146f74a0a3e6cce975645dea1b3faa","size":176018,"data":"","first_seen":"2025-09-13T11:18:32.512742Z","last_seen":"2025-12-06T23:52:39.117547Z","times_seen":597,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/73345-b438bcc17722696d.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb597de485c3029dc93b6f3225acc0d7","sha1":"d3a6bc9d6749ea9f0ddd1b1862c90303f3ec3254","sha256":"3513d69dd757c29044eb92ab6a908ba6755e0845c38105ab2e196b0c75b96583","sha512":"1420716788ac11ed76547147942bdf2329c1bcfe8770745c3bbce32f99ca5c5866e20253ced9e0ebc4597003f7404825de2b601f8d24b5c2fce1125eadf0ad63","ssdeep":"6144:bV5sFqdfuGDdF0pL8sS65eILs3QKQmiOB0lDz:bispi9mVB0lP","tlshash":"ef644a9c7682b474939b016a807f0107f37e2d57240e4824f270d9ee7975e99a2b7fb8","size":325834,"data":"","first_seen":"2025-10-16T04:05:32.880573Z","last_seen":"2026-05-23T15:36:04.913036Z","times_seen":13090,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/56060-8656721e7f9c8859.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6685f1c3cdf6f0d1227ab2b5af23a056","sha1":"491d91380ba5da6dcd5027bd954e6fe11103b18b","sha256":"237ff25124f0ca73e06c9e1d59caadd016273fa9b5b6bf211c991cc8d34d1b92","sha512":"6667f2ba323afce441aa6e23fdcb8504dfeda05286da37d594827c605042ba88ddd7bc5c6ec9565109d4a0ad4ddc9f8cdde4ca22cbb9eb8122b85ba04bf1d0b2","ssdeep":"192:/ztywjuim2pZQizyySL4tLg6SpiQhQ+YmzSRAz21OfsuAAuaSXCfb+e:/z9juim2xWySL4W6STYmzSRA61gEC5","tlshash":"4622ea847260793e1547866fd1be5516f27a292e382ed25433b9c83cfd21ac85336bec","size":10031,"data":"","first_seen":"2025-10-16T04:05:32.850927Z","last_seen":"2026-05-23T15:36:04.933982Z","times_seen":13094,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/95064-8ece3d2817a292cc.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1820ac6716b4d7fabd4dc1c1f875bf6b","sha1":"572e78286fc5400c9ae75eaf833f43b33d7374f2","sha256":"e10d260450467cac4102b28d0e25aff8e28aaf534178f2db835f27ffbf2e2dd1","sha512":"52e76827863a4baf602a24c2413c48cf40f80113c3d950c2f2ade8e9c77497de7207a1ce270d6467f01cb439d622efb0c06dff646581c420547ef8bbda8f43c6","ssdeep":"384:mTEzSMQjeMy1BHBB7V0BvDrXIwXJ+ba2YUSTNN8txdOTTpPNUp0icpUAHEvDBUgx:wEzSMEeMIvp0h08J+G2YnT76WM+HTY","tlshash":"0662a42e9175adf4f2526c689faea40c719f958a4b1648bd777cbd3000894ec3b137ca","size":15030,"data":"","first_seen":"2025-09-13T11:18:31.957785Z","last_seen":"2025-11-27T20:26:36.441914Z","times_seen":547,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/53069-c58f8f632eda4cdb.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da17cad8d521aded130ecf6e4281f047","sha1":"00d75b30a6986d64f8a8ed731ef76480b061d93b","sha256":"abc0e12aaa96d7f95084c61c15d77a04b9eda96dd5a611b1e9a405fe48de45a5","sha512":"2bd6306ac6bcf07f3d8bf0b56c3ebea800aeca4d170fbc0a932d379ba5d38fe2d4f74512ce255eac02202d528b39e04fc7c6ec08854a2a015e1409491ab9529a","ssdeep":"384:G9+QZybNhuWIpYh1IWtfmg2Lr4i4ysxQVv839TORERMR4e8TefNxBc:25kNhlIpYPIWtfmgcr4lysxQRkT+4Q47","tlshash":"72620888a399a6e0f6819bf8970f611db57f32a08a49c8a4f3707d3060854ed7e55fc3","size":15859,"data":"","first_seen":"2025-10-15T03:22:35.364489Z","last_seen":"2025-12-12T08:06:26.80288Z","times_seen":294,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/82849-380dffdc0dc4ddd0.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b2dd0a100347fd3f84d241021cdd6e0","sha1":"52683de19b9bddf38b646469032b1ed204fd633c","sha256":"ead8fc5762bf83c3e5cfa97570dde8bfc968a4f3b34eb45f22b063d00e408a1c","sha512":"5bb93fd32f7c31627654dcc091b930d97b69eaaf3664d0d84f6a2d01c6695bf0492cff6639f69af8d9d79ea2e51650a242e9646457b5920a45ebc40a78e67bf6","ssdeep":"1536:4UcXlryCtX55mQPVpmsuIurLJmvU340MLsUDG3BZN2EaZxVcGR5c7dhP3Whj21m9:3+v","tlshash":"6604d5debba0a2f4f005e7f8d7125468366b39fe6e52ca68c3a91d14e90108cdd59dc3","size":178013,"data":"","first_seen":"2025-10-16T05:32:37.319774Z","last_seen":"2025-11-16T01:25:44.555828Z","times_seen":423,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/not-found-aa673beed1a0d17c.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"517473bc536db4dbebd6487563eca146","sha1":"f21faf08e40f6cb1b74eaefcb9a180061efdcce7","sha256":"91ae4e593344b4f4b340d0977cefb2001673eed4e835a776a3d75aea93080810","sha512":"bbf5c05af3847c109eb8063604e3e2c154b4b97c0bc5bc3a4e4fe574280deaf2098a4064faf5072600b35d20a60b824f11dddb5c36ad8aa61a969189c0b92a28","ssdeep":"768:oyPr4cLO1IlSlF62mJpMzlou2Q4rF4UpWzW1DnHbu1agQT27wtYRfH+hB64UUo10:fkif2aMaiR6HKf0x0XEdw/nje7/a9yOI","tlshash":"c61363ec5bb109cca98946eabb0614bc273e91bab068892ced0d1d386041cd5fe17fd5","size":43090,"data":"","first_seen":"2025-10-16T04:05:32.951614Z","last_seen":"2025-11-16T01:25:44.549575Z","times_seen":431,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/53331-b84ec44a66d742c9.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ffc2a9646f640ee24bec96371d8896d5","sha1":"43fb84011d63dd3ee53c4c5a6ed7bee651bc780b","sha256":"ee75b3f83f6bb1fe59b15f18a040463973036c403110a597b3e77b659b240fc9","sha512":"19765f02ce6babd708e5a582fce2a697188168486b56c78f66d75c7ad4d29e02371f839d2b967fa8094e949f2fa6de2e478d24e24b3150f0eb404dcef6fe63f6","ssdeep":"384:/bEM6MGSQhbWOoOSQ6b82p7X4WsIBcf9CkSfA9CM3ORBq5T25iaTuJ8jFNDtv/LO:/L67hSOoe6h7X4WsIBu9CkoA9CM3OTq1","tlshash":"63b2d7e993f4b6e0a006e3f8d607a8793a6e19fd7b32c95893d95c20c5910dc266ddc3","size":23606,"data":"","first_seen":"2025-09-13T11:18:32.113392Z","last_seen":"2026-05-23T15:36:04.918685Z","times_seen":13108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/58211-c087ffe3e38101f6.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7d84948f8ca0ff495e7533d0969b670","sha1":"3330c776cfbb7ea04d30b89a9686eaea35f24747","sha256":"2180eecb87df810a0f91771ce87e9c4f6e185e9011d00147eef0ca9c7ed750c1","sha512":"04a5f0711a52dd8bcfe0ea6d66662ed5e0a8610c8caffe461a8c8178f8f40e55b4c40c7ea11716a7dce1631534f5e22f9c5d86393e31835bcc686e4aa6254c85","ssdeep":"768:01KE8vZ7HInPlFvvb5AvexGRrxVP1fr4UK1fWbqYsCL1fZnK+jBV9YCO:0voWV","tlshash":"f20399866740a83d2587c16fd63a6415f3bf14ebb92f9390219aca3cf506dc0f5365e8","size":39725,"data":"","first_seen":"2025-10-16T04:05:32.927959Z","last_seen":"2026-05-23T15:36:04.908314Z","times_seen":13052,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/92148-f4aaff0397544571.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e5a9fd6c13384f417dca9b4c6a264114","sha1":"af973071192ef3c9c7303f8bf652433313df5cd1","sha256":"1c118c9909b4025458035a8429166655f856ff6fe8e876f8473c864fc8b7e395","sha512":"e718174294504f8b2477aa8d18a04c1b8a41fefc2edcc184ca7e165d05a8ec0ba1f5cf02ee1a047aec26d1552f21baf7c5353f9515444a157aac1db75d0d4c6e","ssdeep":"384:DLtQxW+19Vd6J4FU0Zs1Th/ndpRqgG4gjbI3/ovs2GK/sYp3wm7GjUWybgAKJ7d2:dQE+buJZ0y15dpRk4y+gt7/sml7GAFs+","tlshash":"3472d95da3e6a5e8f503e3f8835bd8353aa72df56912cc246bf56c25d50008cb8a5cc7","size":16657,"data":"","first_seen":"2025-10-16T04:05:32.855496Z","last_seen":"2025-11-16T01:25:44.551607Z","times_seen":426,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"450a54719181351ee44260025b5ed39c","sha1":"527debf984097caf46ac904f061ae73b44b638b2","sha256":"52c54666865164ff9ba58cb7f143142c90edf5a478e453c707bf65bc0fb9f15a","sha512":"9e082ad50047514bf3908b9e9305575e525abfbab7b15ed699aedf186baa0659956355548459e7126f0d8b1a3f14f35a63d2d220fc1d9b52b39544fe86ae82c9","ssdeep":"","tlshash":"c1e0395ce506f866a9218a2f002f1d65d1ccda6e43b8509873eccae2d349dbd1388dc6","size":432,"data":"","first_seen":"2025-11-09T13:38:48.731194Z","last_seen":"2025-11-16T01:25:44.577043Z","times_seen":303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"adb8528d712ef59ef6c74d60f7bc370f","sha1":"1e2a60292aad1ce8e88c616bded80fb74a2a0af9","sha256":"31b80f5e74391d7088831ff3a3e0d5a43c9c5dd37ec3bcb82be3672a5f374743","sha512":"9d647061a91caf2d21bd4325cfeb85e9a7b7127812b7613261d40b6fc2f430b806dd0665096a7e54010facf1380c917fb633f4077d75622da15ba3173f8eb0a0","ssdeep":"48:LZSx0VoWnnBn6V0mDNVJO/hygnBn6N/yVpBqoDNtNLO2hre2SbDKVJf:LBBmFAIe8UpjXrevO","tlshash":"8f91c01e6406ce0bdc7e7d6d023e9d36a0cccebb47659af4814ece581a4a87527ddc81","size":4365,"data":"","first_seen":"2025-11-09T13:38:48.735023Z","last_seen":"2025-11-16T01:25:44.577542Z","times_seen":303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/30731-19de50721de60a13.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0a6f403b4f59187fb0a165c9821ac3fc","sha1":"d6ce18fdade2a25f708897c701ff2f11c6b6937d","sha256":"6e6fb1f3038f822ca348ea62ee3c31370dc9532cb4c315a3d0724e3c2b473563","sha512":"64a67dfb42b4390435192862c524cfb6f5c0cbadafa3469a133def471589a44c01a5062ac61e337eff6570591bee8fb87d1b129e5a441f486604b7971830c312","ssdeep":"3072:9dHg+1uKewJ0Byiw1QRi8B6a3bmicWAM7c3jiPYFEcFBKKMhEmDwlQx:9dHxQRB0Dz7vMKmDwQx","tlshash":"a515b5985bb553fcf405f7f48a2ba4b43f6a38f67a42c4b8c3a91c15d4520ad89a5cc3","size":910744,"data":"","first_seen":"2025-10-16T04:05:32.777392Z","last_seen":"2025-11-16T01:25:44.554929Z","times_seen":431,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/fbq.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b834c87557376668b3c3fde729a8db5","sha1":"872448d973ce02e75d52b31641d961601167d04c","sha256":"cc63b490224b081fc3bef6a696dc3ecbe7ea7bd45df00c8a53cfe304e7bd5469","sha512":"1c40528c95bf8c5d60ebf3dba6df8ca43390e5239ea50ef08705e547c48635a1f399f2f9d7207b4575822d2ce3dfd6e2b7ef7ee3b431255837cf2545ea5ed4c5","ssdeep":"","tlshash":"e7e0619f2c43b42733e97639c727a67b3763070178c2d919ba05c8151fe08966c96d9f","size":408,"data":"","first_seen":"2025-03-19T10:41:28.92776Z","last_seen":"2026-05-23T15:36:04.941625Z","times_seen":15060,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/global-error-84c26475654e8359.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"86a0c59c18713dec34f72247f6404b91","sha1":"98f942f10f3985863957d5d9cd2abb5b24db53a2","sha256":"8ad3f0d37edae87defbd4bd0b5ad2ea68249e18b9a2e234e47528e91b7dce82f","sha512":"5546453fe918ab9bce3efc59242685291314a053c461bebd4d77f0b37d17bfc60ebf3d4bb03a9e808934fa0a31d566362831059a26704f5ecb09cca33b9ca1e9","ssdeep":"","tlshash":"bed0ebc202407cac74160b6c00b0d830300800b77018c8dee323ae2008624e00381c0c","size":258,"data":"","first_seen":"2025-10-16T04:05:32.905383Z","last_seen":"2025-12-04T17:28:23.099055Z","times_seen":502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/(landing)/page-dd5894df70d9ea33.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b20980901bb6f848c9a79d617f206adb","sha1":"ffb80752d4427f398ad0fc29a2a1328aacb8bb01","sha256":"903a64f21cbd3990d50873b5f19363b543309172d78eb2ece085b7038c8998c9","sha512":"2c5e5dbff2257481307d5bc438cb131b903dae69e51952e3c7c2d96635cc5ac50d879dbf3f2dd0ce9ffc8fd7a3a088029a0896067790d9a6d632e4f21227a117","ssdeep":"384:+Saddq55XGydqhFoSObqu7zYOJV56wIchB:+Sqk5WWWoSObqQJV53hB","tlshash":"bd62a881e254daacb45394adc32dd039326f25a5d65e8570f4fe9c3861094c8ff2bbac","size":15024,"data":"","first_seen":"2025-11-09T22:34:14.850844Z","last_seen":"2025-11-15T20:10:48.589644Z","times_seen":229,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6b02d0d7b29ac7ae111d005e726df7de","sha1":"b53f0fc978691dead2e88a78d8664f88a82db1a4","sha256":"93605140c2a6aa74ff7dd95820900cbca9d0d83b0e7652d71ace1ae8071c96db","sha512":"b8b05b39a69ed251d76839db412968a808af99d914e2eea0801a88adf1ae927b07e0642396b2a9ea3b6cf775c26b0ca9478cbaed22040619ce90faaaaa50e2ab","ssdeep":"","tlshash":"5ad05b39a004dd66bc1a7546183ded3b105d548f0455dd6427c4cd144992a3a3302dd1","size":252,"data":"","first_seen":"2025-10-16T04:05:32.985205Z","last_seen":"2026-05-04T01:40:26.232655Z","times_seen":513,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1aff0998bf170dae9b47b137424bde0f","sha1":"c7ecb6ee0f0f216c97144f6c214b4f31bc85e663","sha256":"e36ded9369ff5d14d8d38ef8a685cc862eee64633209c3362dc57c8bb407a1e0","sha512":"67f54e6c86b336b32dcda19911605cb75d83638b8dc232c6b2f8f1355c309c2ac6b65e663f0ae2121c2d490861861e9fd057ce4c136337dff7e2dadd082d27c9","ssdeep":"","tlshash":"c0800470c0400c15d431405314341105017d400d0100470053505f4470111055505dcf","size":34,"data":"","first_seen":"2023-10-28T22:44:11Z","last_seen":"2026-05-23T15:04:09.286456Z","times_seen":1716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"812e5206d1230e9f72d4ab14d94d40c7","sha1":"2f44993249a15e7c55ab6920b04b6a72ca5fe3fa","sha256":"00ec720755c6370b9058e409e550c300f0ae7013767c770a9d9c0472031d0ce4","sha512":"f76868ee104e73013e04dd364a2a8ed954a2b1cdb6740d72fd7168f80b75991d90af10f02e5fe55b2c409feb063a3bac2d04ceb4ffb3759dbefdb2b6b26b9b67","ssdeep":"","tlshash":"aad02b91dc13dc1dc3574f25183f1c3d21cdc56513059247e885c97c5981e3809f0dc6","size":277,"data":"","first_seen":"2025-10-16T04:05:32.993642Z","last_seen":"2026-02-18T17:19:51.898296Z","times_seen":504,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/dc112a36-4dd9553e3950a789.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b0312e3e2ff7226227ee081f6693db1","sha1":"823c7003795d9623f8992900a6f337f599bb7eda","sha256":"dccd0125f7ca7c6c5f3f8ae7d813743257cb55899fcab2d63b70fdf06b2a05e2","sha512":"612eb966b9409ee719588a9f82170d4d6c9b5c075b85981a1ac0dc0fb8119997de7f6a139ba2908d7ccfe0ab342f452e39ca15ec3d9fafdc1c2a7d36cda06d87","ssdeep":"3072:Hbyz4KjrqQmINGbpJGDc0Lf1c/X6Rpbdt0myoQj7sOU1IMi9wD5yojt:HijOQmINGbpJGDc0Lf1c/qD0erI5BEt","tlshash":"295419597254343805c540a9906f094bf736292e246ac49cb36cf4efa8bdecd31beb79","size":305838,"data":"","first_seen":"2025-07-19T01:07:13.417114Z","last_seen":"2026-05-23T15:36:04.89238Z","times_seen":13182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/(auth)/layout-21ec38ef81635840.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eeb148fc570d2378a9f4fb4cef9277e8","sha1":"f15bcc479e6192f1c27e2c50e9957c34d69e1dc6","sha256":"28e0352c26286fc5b9430539a76f6e36d0f8ade3679fef2b830ed3805fb8b690","sha512":"0d5e4e9dc24973836af109e4586ee36dfa759ed54863e94049c0c21323043a57cc61354a7d5016b098e269eaabf1fe4be8e76ac9b487c6fe54177f0e396d92c5","ssdeep":"96:XZ8Q2TeV9GCuyzz3qZqCLXx29Hn5G9UV3aQ+7XCrUBTCUBTVy19GCOsY89GC4b6:p8Q2TeCtiz3Xqx29o92d+7XCrUIUvV3g","tlshash":"70c1a5b7b6c5fdb2565688d088378207ba503d37205fb480a7facce53169dca44d1f8a","size":5634,"data":"","first_seen":"2025-09-26T22:32:24.049018Z","last_seen":"2026-05-23T15:36:04.904069Z","times_seen":13127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/49080-2901843180fabd12.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"69b80d969aaad07036978bda468796f5","sha1":"e06516d12bff2faa89329f83289d27d4ac369917","sha256":"5f09712195529d437bc348578aca6c679da21c9bab03b7d1012f70a672a5e017","sha512":"bb02ebc1b0fecb6ec0cde686fa78655706bf3f50939f8e7b52347e7aa9811af62fd5e477fda50bd35febb5fab3c591e88fdcac416da22b22d3c1b90f3d9220d6","ssdeep":"384:OQLgSjUuqTsJIMnocJPYVrBNfF17KGYJy/t3F:mSjUsIXcuzcpy/tV","tlshash":"a96209a0b580bd360367499180ff4706b335593a5c1f9498b7b8ccd562b4ece41eaf8e","size":15261,"data":"","first_seen":"2025-10-16T04:05:32.818988Z","last_seen":"2026-04-12T21:07:55.02759Z","times_seen":6851,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/63712-a16fb043cedefd4a.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"614fe7514839a09db165d48ad01da840","sha1":"e492263f454db98a8cc2c89c777e5572e854e343","sha256":"4974bda3ce7194ae592697daaccd424e6e8e231bf15187182bf4d16522e9bffb","sha512":"7eee15e6bce48c5b1adfc53ecfd7492109fa6272d866622f055b91ccc80e8bb4e9fdc350413cf4282d6b85b13fa72188cc51445cf6eafb6167d149ad45af1b8d","ssdeep":"384:RSHQzwzI46bFWDyhQ1qqo5W6m4WIQgn1fy4GaQANJVOPe4+snOcT34McbAmrh/2:/dZsunDqNs/AFD","tlshash":"1aa2b449b9d1f47453a3aa51843f440bf2674ea8a05db8d8d367c9e5adb888e4073f3c","size":22721,"data":"","first_seen":"2025-09-13T11:18:32.286663Z","last_seen":"2026-05-23T15:36:04.916583Z","times_seen":13123,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/73943-a1da367143a13ac7.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e490c41ebf0e8e65f7d80bd12ad7df75","sha1":"b29bdb1b8eab7dd7ebee21f75abd74b12cbeeadc","sha256":"7b286340f4a6040af83fdb4a88fc934389877998f068ec85355d16f6d5041441","sha512":"7ffa1d698766b0d6e98fd0e9ebe2d6705e2865fe2991462d8404d326c6b27d30dd790c32f9ebbd8542d7089799c8b0dbe41b46b47d8f1b75abdf933cfaa13826","ssdeep":"768:Ssv1I3roaqNU6UECNOatsevuDexU4wt21csRm9M1+L0DW+XWZZuU4Os6salZPljB:EtP8Rl","tlshash":"8b13629c97b119cd7d885ae9bf0600bc373e92bab069882ded4d0d389045cd5fe1bb94","size":41441,"data":"","first_seen":"2025-10-16T04:05:32.786226Z","last_seen":"2025-11-16T01:25:44.556336Z","times_seen":431,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/layout-e1318fba240c7669.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2d8def05eb0fd86ffddc640de68f8121","sha1":"4bff0afba9cef882277a220997bcfa9a08af9af1","sha256":"838155bc9594ce478e2991997825742a7a4e0603684b542d27e191d54eb59785","sha512":"99a0a5d9ff0e0a8cc2559b26270ff8d40363e48f98e7591205fe53000993f03d555b5f175276ec7ea5caac3cd96e4f3ba939dd8b81a27a2f92cf0fe3e770d424","ssdeep":"6144:qdGqB9ykZ7BLnoVj/4D4mfWyDJf49jG9p2A+My4xOy+PuE21QQN33JeRVZeNEq2+:kGqB9ykZ7BLnoVj/4D4mfWyDJf49jG9D","tlshash":"3f14774c87aa02ec6f995dc0c607748a4fd19513aed789fcdab9be1447b1aee1310f42","size":201564,"data":"","first_seen":"2025-11-15T16:41:08.347335Z","last_seen":"2025-11-15T16:41:08.347335Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/webpack-a85e5d8b5eb3171d.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b42bd3d42317bca958a4554fe2d49e93","sha1":"9d8880c0eb0c754b056fbae9df45cd39530434c8","sha256":"756699917e0d69205fb1cf2b8eb40bf6d251fcb9eda9d18bc93f3f6740b69b85","sha512":"0f7877fa594a1b678e8fd80728bc67dd85348254d9ee843573b8afeef8c0ee4564aa7c039e0b9ecc7b24de728731c84eca35818436dd87f6588de660148cccd4","ssdeep":"384:Qhu6LDiavH0qIc49SNj/OiatVzpqBmCBrD5qeqQM8F7PHZ7KtfC59QRQt:QKavfIf9SZDatVVeND5RZM8F7/Z7mfCT","tlshash":"7f825cbd735cdcea2d3005c26c1760e4761870223c074ce1b1eae77600b6db5a66afb6","size":18242,"data":"","first_seen":"2025-11-09T13:38:48.719988Z","last_seen":"2025-11-16T01:25:44.571037Z","times_seen":305,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/twq.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f4d9e824f13f7d27acdc868f36f7208","sha1":"125a712d37aefe5d3e52ce2ae8986e109eb473de","sha256":"d6768cdba372d919e6d9322bf3cf3a0dfe427d86293aaf16f23d096028a00a1a","sha512":"d6395459961f34c3efc4c55ffa6bd873fbf20cf9aab17d31ec926d7ff645cfb9ae0cfea469b98e0604c5de162b60eb1bfc7b06a6fe91e3497f3a4fb32d29c20a","ssdeep":"","tlshash":"66e0e7f12d093d631fa11374117f931f3143210575595b91d59cd540376249f8037b8c","size":308,"data":"","first_seen":"2025-03-19T10:41:28.935479Z","last_seen":"2026-05-23T15:36:04.893139Z","times_seen":15053,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/24464-a28857939df965be.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"979e998b609ef76b1dda237e27d365f4","sha1":"d0847db3ae97cfa14d1cccaf7618fd2da0ff3ab0","sha256":"a759eb3661ef97033bd6995f9b131034f60379536fcbe2f9316c49f635b3b4a2","sha512":"358204847404d43b20308e85858fd70c78b5bb9f94df23dff1e5e03de04fc452b01154f3f38a2ccaa1ad057b18708ac5bfbcb3edc1dbe7d89f7655d5d426c1fe","ssdeep":"24576:M/cpQlKxZNgvIh/VAJNgvIh/VKq/cp5lKxi:M/eGG842s4cq/eXGi","tlshash":"9ec5415c8b6601fdaf586d81ca4770658fe286532fd789ec9abb7e104bb06df0301e61","size":2704981,"data":"","first_seen":"2025-10-16T14:33:45.09062Z","last_seen":"2025-11-16T01:25:44.580516Z","times_seen":418,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/main-app-fef4a8898ec7782a.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c06acc17c28c2888a1a2466b0a0d12d8","sha1":"63d7278ad805cf6b27e6fb76daee100f7cc61afc","sha256":"90a949795e63ad10200d2f57df2706979fd66bd412caea2130a9c707e21c5d5b","sha512":"745f5cba8c1f8c006b2d9a1f8ec15fe3e66d7909766f446755243e1b63aa4d611233d9fa175bc9001bcbce4a4a782e79feb80846ba96f394b38c1ed2b1f3c2bc","ssdeep":"","tlshash":"f5f0fba55f0df42f5d266e74fd97ace2184f4275206b4e647d01dda23c67b6cd260408","size":537,"data":"","first_seen":"2025-09-13T11:18:32.65005Z","last_seen":"2026-05-23T15:36:04.933295Z","times_seen":13173,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d184352aa6b4fcf6db3dbdd12752b9ac","sha1":"0ade76566e0a91c7501dbe86e257af47a03bdd1e","sha256":"e6b9d53102189f20088e6da79fb085e3782a65e9f0313a34320fc899db8da9f9","sha512":"52d3c5f7f417c846208a36ad21dff69827a0184d0dd5bba1751353b49f633be13ab61492a03ac17e9a93854696b44fb5d87305834adbc5be43343836c371951a","ssdeep":"","tlshash":"aff0dc62ad10ed1389b60f1518b98c7425ccc53f82406aa9aba5ce2e254e27cea73d95","size":462,"data":"","first_seen":"2025-11-15T16:41:08.388381Z","last_seen":"2025-11-15T16:41:08.388381Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/4533-d42ff445e36846e9.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a350b10e45e532f0f7bb91efd37c9eff","sha1":"3cf97c58ac9fc98c2cca8bf34f2eb3809c8dbec8","sha256":"829cc771371efe9dd538bd70c7d4621d311818488bdd5618f12a960d8e23758d","sha512":"50fb90c261d10e006ff24882cbc53878d237cbc7c051180beda6aab15f82a16888326a977838396d1206a30c3b98c160ab3f3b2b964e34a1a45ad890c63eb00b","ssdeep":"6144:+w/lsfDuv+PunKOuelr8jbdfjuNxd7dd63Alr47Wu58wMQTMnTI8HJbt4KOHC5VO:rhnKOPR2IdW3qNuVMcsJlVdJds","tlshash":"e5151a0d8b9833f12fde3694364a4d3fe65db2749351c466a8d9e3aa118cce4503bbd8","size":950239,"data":"","first_seen":"2025-11-15T16:41:08.390211Z","last_seen":"2025-11-15T16:41:08.390211Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"winzzo.vip/global/fbq.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/fbq.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JuqH7hgtWjXoPBkCxgKETZjW0DlC8hepjJcCoaUm0XKD6xei%2FbdMkuGAkRXwpEaPoGwnF8XzjCmHkujVisX8zxn4f9USBSzl\"}]}\r\ncf-ray: 99f030f9ad7e56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":408,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0b834c87557376668b3c3fde729a8db5","sha1":"872448d973ce02e75d52b31641d961601167d04c","sha256":"cc63b490224b081fc3bef6a696dc3ecbe7ea7bd45df00c8a53cfe304e7bd5469","sha512":"1c40528c95bf8c5d60ebf3dba6df8ca43390e5239ea50ef08705e547c48635a1f399f2f9d7207b4575822d2ce3dfd6e2b7ef7ee3b431255837cf2545ea5ed4c5","ssdeep":"","tlshash":"e7e0619f2c43b42733e97639c727a67b3763070178c2d919ba05c8151fe08966c96d9f","first_seen":"2025-03-19T10:41:28.92776Z","last_seen":"2026-05-23T15:36:04.941625Z","times_seen":15060,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/audio/message.mp3","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/audio/message.mp3 HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 29091\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nw1VfK6bWfcov8AxsiOK8DdfQnJW4A79rBbZLDwV68OcYE40emhpoLJApMCDtcsh%2FbCFEbx51I1y9rGZ9BayYS58qGnHHP2P\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f030fe6da956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29091,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"a74d3b2a2dee5892841f7e37ae8343a9","sha1":"90b69421807b860b265c34a5e2f249e3fdf05ae8","sha256":"7bc02c22f6a0a75446187dbe0547a7eca86c05e3d3d369e0831dc084bb974ea3","sha512":"7186807bb91804317231d48b985557d4259820c45cc6ef48fae69cc7f50b7195b1fa9c271aac9c2104b7cd0a48a772a9223db8f0e4f53cb2302bc401246c0f9f","ssdeep":"768:OBdZJRccW5UzJDDNx5kbu61m29Ij3Va3ZH0jycOFFLQU:0JRJW8DDNOu/j3VaJwyXv","tlshash":"92d2e13b2d840d8cf1868574226fd588e0b97c9a129e5f52ed9feb494637031bb08fd6","first_seen":"2025-10-06T22:40:31.572152Z","last_seen":"2026-05-23T15:36:04.91921Z","times_seen":13010,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/css/f0cd90a8557dd1ec.css","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/css/f0cd90a8557dd1ec.css HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NaagBgg3PGAOyWiNiLyABC1AKOynAlK7MliYJkDWwSbzz7eMIjZPqoShbd96rLc1O2BX72Aj1YGGfD0oN%2BIGCIFMlVhlGevA\"}]}\r\ncf-ray: 99f030f97d5d56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21882,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (21882), with no line terminators","md5":"e295d3b1124708676c209ae0980879fa","sha1":"b59a36c89b17190b97a85a0da19166929fdebab4","sha256":"a098aad924950d51df1e9c5a0b324ad18e34d0c6f7df4e04fde193ec178d621f","sha512":"49297fa2e1d06c8301a992fd081ffccfb44ddc00eb9ad46c8bb0327af8268dce056b382153cfcdd38ed1d918ffe3d01480903455f8cd00c0d9c4b4fcd92fa111","ssdeep":"384:9X1Voox9aT10nJG9iA12yfVyeIPPH/+dEPI1VO4Bewybjq+:9FVoU9aT1kzyfVrIP//+dEb+WG+","tlshash":"0fa246336134a93cb5f79822f9a06add3596c113d6b306e8e940bd39c4cb5e33663789","first_seen":"2025-11-09T13:38:48.72568Z","last_seen":"2025-11-16T01:25:44.571549Z","times_seen":303,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/34230-e87c8d35c9fa1ab6.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/34230-e87c8d35c9fa1ab6.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IXiv41rs4SaA%2BvLb3aa%2FM4QFhU5hLDO8AFwyz3wmA4c8CQvYxXFIx8ZpSBw4Z5b2L8GyAp%2BP1IMUNsdowqnNz10TMruIU5k%2B\"}]}\r\ncf-ray: 99f030f99d7456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23047,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23047), with no line terminators","md5":"9b4900ae7910372c39f90a4ebc702603","sha1":"9a24a588c269ce9c3f57345c32fc19f6681dbc0b","sha256":"09f6962b4e78defeacf0013f19bf739d5427801904333b19f9ab4cf541db3440","sha512":"4a02c00c407ec0eee649e22031775550a2e27fd675d23235783ec11d04efda2480a219e318fbba5739af05b0bd575f5d6d94a5a5dd2db29a03b891b9ba3069d4","ssdeep":"384:05ae/t9qDM109qxJ7aPk9RqKIyoIPzM73I/AKIJ1L/7E48z/08zXvnL5/Tz7qt5V:veVwDM10wxJMKIKIy6IzIj/9KcKN/POB","tlshash":"b5a272c9a390993d2583c53fc635b426e2bf09fa753e534062a9c63df909cc4e7365a8","first_seen":"2025-10-16T04:05:32.834372Z","last_seen":"2026-05-23T15:36:04.92212Z","times_seen":13049,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/(landing)/page-dd5894df70d9ea33.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/app/(landing)/page-dd5894df70d9ea33.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Fm4Eq9kqWp9DxaoSG%2F4JQ%2Bw0c90VHbO7yoEUq45MwWYUL%2FGLAFSE20O1ozgZ2ykYry%2FNoIFbg9DWoqG5xPmo8DBuGpPBDVeY\"}]}\r\ncf-ray: 99f030f9ad7b56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15024,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15024), with no line terminators","md5":"b20980901bb6f848c9a79d617f206adb","sha1":"ffb80752d4427f398ad0fc29a2a1328aacb8bb01","sha256":"903a64f21cbd3990d50873b5f19363b543309172d78eb2ece085b7038c8998c9","sha512":"2c5e5dbff2257481307d5bc438cb131b903dae69e51952e3c7c2d96635cc5ac50d879dbf3f2dd0ce9ffc8fd7a3a088029a0896067790d9a6d632e4f21227a117","ssdeep":"384:+Saddq55XGydqhFoSObqu7zYOJV56wIchB:+Sqk5WWWoSObqQJV53hB","tlshash":"bd62a881e254daacb45394adc32dd039326f25a5d65e8570f4fe9c3861094c8ff2bbac","first_seen":"2025-11-09T22:34:14.850844Z","last_seen":"2025-11-15T20:10:48.589644Z","times_seen":229,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/gb.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/gb.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GQ6kbOa45hEjbsRLn9fmtEyC5Qm%2BDbD9zIaSQyUiEi%2BoOyM3Uv8fX5SoTfdV1DET3ciTEcQ2E9mfk3RJVSiwOSWWX3IKyGv5\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031036de156be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1183,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"99a9e5571c2f5acd9cb910ce6a3f39a6","sha1":"876935939a01dae371583220f75bef15b5185c68","sha256":"5ff2f32ed6905d887f7d771029c1e65b1ef059e92260b548908cabb4e886bf19","sha512":"14cfeeacd8e2f9b67bf2e1f5b2823a98fc60854fca5afd0b10be72ad647ffd38aa4058188451c98e2045628706f0b84dcad508fa901ce146705102fed962de1a","ssdeep":"","tlshash":"ea2163c84370b5c059a74fba9f28a2dc924925f9ddc96ecd10be0538445ff5ed01f009","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-05-23T15:36:04.90534Z","times_seen":6009,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/stat1.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat1.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xLkNKsFC6G6xOlDMENq9U9DxlbgN3LEQyQI20P13dcg55hc%2BALNWAWkb4ShljvTBJoje3JTg9k11SS9hUWbmwxvRNiB0aemy\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f03103ade456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3636,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"a62014bb87def86bc408bac073b0cece","sha1":"24ce6cf0ee0ebe7956bc76e9bd16151ec3da5244","sha256":"69a3b7fd361a9307dd99ab7a8c12c3178f4ee11e5573a2c0f78fd014e04f4b64","sha512":"ee7ff1a7a9cf304d61ac90e25998182241854e3de44df25fd9541b3caddb222d206a4d3fa250e4d4d64ab42d595f79a0e24fc21ec4fb753f0b7ca2d64eb73282","ssdeep":"","tlshash":"d771e6cd2be812f0ec85b7f6df06642cb80e14b2598848b8f21d1f557b04ce98a4ac92","first_seen":"2025-09-28T21:41:24.045294Z","last_seen":"2026-05-23T15:36:04.919836Z","times_seen":4894,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/stat2.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat2.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BVAe0ozL5kQ8cAgXqH6FzgD15J8PfUADex0wyT0fC0JK2hidOyXNWGSR2VQJJZxpv8lLN5tSzuOicrG0vanbqcnoiqCcusnL\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f03103ade556be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4012,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"5cbab71b6d96ad7f65cb930bb401ba68","sha1":"48996ecb2d0d7d9c1ecd4ccf994b9a24dd52ec6f","sha256":"a1c783e7030d327da610a9c36e0359b2e07573771468225ac6a6cd3c2d7bf12e","sha512":"5e70c60a35359b551d6009e1f63ebef5911c29a63d89ec24225f48c7f20d33982b1f0353cade31e7f541d3df5d534984b6c69379373d086a7e1c5adf536eb780","ssdeep":"","tlshash":"3881d5d82bf585e4a2869be3df01582c3d0790fa2ec54840f39c6e682f55c7dcd128ca","first_seen":"2025-09-28T21:41:24.398473Z","last_seen":"2026-05-23T15:36:04.935832Z","times_seen":4896,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/es.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/es.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LUngE1fo7ry1rq79LrBJnL1vCTPOg%2FtCCJMEE9EY8SEiknympm2Zw%2BSJ7n3m3yyAIi93QphFHXaU7VrHSEE%2BdjlbqYkfZ7jj\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031044def56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":629,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"a8224968196d0dd6d84e44c98093c280","sha1":"882b8a579de32e24e13e999b411abd814071cc2a","sha256":"f8cf69e4d0d285ff8e9be18f239b65e38fe1a235086a8daae53b1baa1e7a3557","sha512":"096da45f1e9c9fd020364a51f387110fe6b08969d607a52acd6acf7f01215e15ebb88c93484b7aef1392143f744ca491f8862151d5c4850ec8f7b9d4d419e870","ssdeep":"","tlshash":"bcf049c5743db18388098b742d6e70e6408e721b554814dd70079b28a3aa3df7ac2f6c","first_seen":"2023-04-17T16:03:39Z","last_seen":"2026-05-23T15:36:04.915857Z","times_seen":5792,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/fr.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/fr.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZR6jMpIcnM66z4Al36TpRVK%2Fsk9LuZcrvHSfaUmvsGptAue7zBYDnisqTQHIrho0ZmUguYY6Cxw1llqyeb402bZlWCf8A104\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031044df156be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":270,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"c1a36c711f0ae0ab46c7dce06f63a723","sha1":"5cff6743ac6eed2912288bacd35c363a2d586d18","sha256":"861059eae96aea4c38466209edfad68fbd84ada37bae4ccac92d03011046a524","sha512":"e8d4869bd8d77613770a36de15c23dfade7a3bf3a465c4a6c79be55d9d6660874b5cbb60e631f04964840d3b4d736ceb25f31b30779e8d5ec64023f8e855cdeb","ssdeep":"","tlshash":"f0d02b9dd07de0c448138b703fde31c1418a6326364600dab047272861cc3ef7e40f04","first_seen":"2023-04-07T23:46:38Z","last_seen":"2026-05-23T15:36:04.943596Z","times_seen":5803,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/api/extra/pixel","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /api/extra/pixel HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://winzzo.vip/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yvmipijfvE%2BaTozK8nl9ILA88fh1%2Fj%2BehzgGA9iB9NLohjEj78chnh1X%2BaZ9iA7M5vlsIJ8wngy0ts%2FvPt%2FOlgxIbfGFfAgJ\"}]}\r\ncf-ray: 99f031008db756be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"428647be4acae0d85bd0799a59237001","sha1":"25b1dbe5aaaf5fe53a11fdb05fd14bcad3e92ebb","sha256":"edad519cb99926a099d84224b6b7427bbfbaa60c6ecc1673c039a0723be93006","sha512":"8ed0b8ab8b00e7883301e4dc47e6ae3c38abe1686e6de48d43983fa8105203f86c36b86cff1a09c9bdf9406ac7c4ac2f8b6a8654a42e1b5d03d843b5085428dc","ssdeep":"","tlshash":"f4a022c30a200bc2cc00000008203b22eec823238300022bc00c0200caae0fc30c333e","first_seen":"2025-06-04T11:30:16.150294Z","last_seen":"2026-05-23T15:36:04.901862Z","times_seen":11862,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/css/dc249df9fc15b505.css","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/css/dc249df9fc15b505.css HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RHumHihRHFVGSTMHkmL5bw6Jr3hB8LDxcNt%2Bfis7i472w0tVf0auo4A0CVDjxcCtmE9JJw%2FJuCFXJ4PWLeCujhWMkos3UfWt\"}]}\r\ncf-ray: 99f030f96d5c56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5766,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (5766), with no line terminators","md5":"4668cc96d22d223dfc3649a6adb2777f","sha1":"bc7faf2d9f393a76055b11cce66f59051a748180","sha256":"1cfd3929771daae22e134c014b018c3be8d8e2214fdf310885417fbce13d0868","sha512":"fc3a9254255b9ba1b9983b349aa83f60ad10b85d5e735488127be25ce5d53f7dfb4c3d12431dbf049e620c06c4ec2ae0b00464d9285ebe7177270eb75d788b16","ssdeep":"96:SWJhs8lOuQmlyItK1Sr5qv0jmIeAhxsHrjtTRo:SWJhP3QmRtK1Sr1jmGhxorhTRo","tlshash":"e8c19a3bf3219072018b4f4d85e3ef69da2ed18297539ebba490080cf3ce9d11565e5b","first_seen":"2025-10-16T04:05:32.899281Z","last_seen":"2026-01-30T14:20:26.858295Z","times_seen":432,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/webpack-a85e5d8b5eb3171d.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/webpack-a85e5d8b5eb3171d.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jW0s4foW1vFIhkwL3RP%2F59v2O5fJTQp8OeGPYuOWE9%2FVwTN5PVGffCBG01Jml%2BpjArbx32Ft8yJeD0tEFfid%2BhLr1xuPB6AT\"}]}\r\ncf-ray: 99f030f97d6256be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18242,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (18242), with no line terminators","md5":"b42bd3d42317bca958a4554fe2d49e93","sha1":"9d8880c0eb0c754b056fbae9df45cd39530434c8","sha256":"756699917e0d69205fb1cf2b8eb40bf6d251fcb9eda9d18bc93f3f6740b69b85","sha512":"0f7877fa594a1b678e8fd80728bc67dd85348254d9ee843573b8afeef8c0ee4564aa7c039e0b9ecc7b24de728731c84eca35818436dd87f6588de660148cccd4","ssdeep":"384:Qhu6LDiavH0qIc49SNj/OiatVzpqBmCBrD5qeqQM8F7PHZ7KtfC59QRQt:QKavfIf9SZDatVVeND5RZM8F7/Z7mfCT","tlshash":"7f825cbd735cdcea2d3005c26c1760e4761870223c074ce1b1eae77600b6db5a66afb6","first_seen":"2025-11-09T13:38:48.719988Z","last_seen":"2025-11-16T01:25:44.571037Z","times_seen":305,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/not-found-aa673beed1a0d17c.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/app/not-found-aa673beed1a0d17c.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zd3eKwin0EKKBCDAKNQ%2F3RQIMLd5IsRl%2BmeOvSSftNF8nsuyd0SeEf1WIBAeoeCtF%2Fslbz97LIfGzqYq39cPnPBMeNOj6q4j\"}]}\r\ncf-ray: 99f030f98d7056be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43090,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (43090), with no line terminators","md5":"517473bc536db4dbebd6487563eca146","sha1":"f21faf08e40f6cb1b74eaefcb9a180061efdcce7","sha256":"91ae4e593344b4f4b340d0977cefb2001673eed4e835a776a3d75aea93080810","sha512":"bbf5c05af3847c109eb8063604e3e2c154b4b97c0bc5bc3a4e4fe574280deaf2098a4064faf5072600b35d20a60b824f11dddb5c36ad8aa61a969189c0b92a28","ssdeep":"768:oyPr4cLO1IlSlF62mJpMzlou2Q4rF4UpWzW1DnHbu1agQT27wtYRfH+hB64UUo10:fkif2aMaiR6HKf0x0XEdw/nje7/a9yOI","tlshash":"c61363ec5bb109cca98946eabb0614bc273e91bab068892ced0d1d386041cd5fe17fd5","first_seen":"2025-10-16T04:05:32.951614Z","last_seen":"2025-11-16T01:25:44.549575Z","times_seen":431,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/api/mammoth/auth/check","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /api/mammoth/auth/check HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://winzzo.vip/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wFuBqOt8r1bDherGWjXAiV5THZwiQe4%2FC5QxXd%2FCmrlkq8%2BEXEw%2ButTkf6o2arkSNDD0Tj9lJw54bvgYoFbwJ1kukT9SVMoM\"}]}\r\ncf-ray: 99f03100adb956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"aced0d4c1bf7b416bd8757e86c69b12e","sha1":"242609e9dc75daa64e55af8d8254cdc02722ee92","sha256":"831690950d50aa783757553ff7dce0e549b2bf0c29fcc850ee8ef7a7f6bb54fa","sha512":"8c854561d71566fbd9d1e18c91f1bd391cbedf2b2e8b52d84205d4f773f36b14bfd5d3ca2cba9f5a300b8d96b025ab3eee5d5e3a19985e78386e04584e24d0b3","ssdeep":"","tlshash":"8d80040115000173f4001144113c1d115c54533745410014fc7cd0c4c7530d53043c17","first_seen":"2025-09-13T11:18:32.558363Z","last_seen":"2026-05-23T15:36:04.925559Z","times_seen":12894,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/pt.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/pt.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5TKOlPlnl%2BUNkq4h9K%2BQ0mS3V0psvS4%2FIVnWBHvGqA53gPH%2F0tnU0k6jbCw83DqcCRYxlALsZRpQ0rDk9uB16oFjdJ0w3rFH\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031045df356be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1445,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"6e9db125513715df3ec213f701b912d8","sha1":"f0fbb6a6e5b7a068d28792280f397a4b879deeff","sha256":"3054e3bbce0d049b0ab3d157a16b24f7a572a7a45e73d342e3b7b8d5f28f0a4b","sha512":"06c04e06e44b97fc2b4379173dcaa7003f3cc5ed58db1697e0934f96878fc16928e08eef9a0be085cafd61b545718da8e8a7d8b456b57b194a51c1e22128c775","ssdeep":"","tlshash":"4a3174c9a335b0c24a17cfa87f2ef3c2044a67f8291c9884708ba90c3955bcdbac4d00","first_seen":"2023-08-14T20:47:06Z","last_seen":"2026-05-23T15:36:04.920508Z","times_seen":5386,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/landing_block1.webp","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/landing_block1.webp HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/_next/static/css/f0cd90a8557dd1ec.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/webp\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tKZWPKr2X8%2BNC%2Fj73YBjztgL6h8%2Bckagq%2FkbceFqv%2FIO%2B7lnhYSNyxf876cx620TYcZjWpZhJoGRSkCUOYJQEY8dMj2dnKTo\"}]}\r\ncf-ray: 99f03103ade356be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":100668,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1692x502, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"beadda0b4e63711b0b4765bf474b7f91","sha1":"180570575f14b695a295b80cf0d1db2879ee358b","sha256":"3d139969597c0674834ae9c8f2a3858fa88b6e34e944d17b161a19fbf45c3403","sha512":"e1956715f694351fee5bdced0c2552a7f228c08e9eb91ab0c6bce7af3d701f91f6c608c9008ab126e76713c4489099a1bc35d208be0f977c920e3f2c2a6d79f9","ssdeep":"1536:z9sFxYytScZqDm2ld1oaM4MhR4k1q/9rDZfgyZF4DMnYyZxhse1dUdKIpP7geRLB:zi3DScILf1jmG4q/n4yZF1Z1reRLEm","tlshash":"94a312b8ec062ba2bace5143894077b0c468b49ca3478b710855fcd4296b9eb6d179f7","first_seen":"2025-09-28T21:41:24.747542Z","last_seen":"2026-02-05T15:53:50.651778Z","times_seen":1112,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/63712-a16fb043cedefd4a.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/63712-a16fb043cedefd4a.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z97P1SzT3hg1uTBuQq7%2BDieAG1I%2FmV6%2BFLgYNlfCXDjUmsmAK2I8WM2IXThgDWJ%2BP2ytZ6LLvnm7Bn%2B1g%2Fne86OPsFGZkugV\"}]}\r\ncf-ray: 99f030f97d6856be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22721,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (22721), with no line terminators","md5":"614fe7514839a09db165d48ad01da840","sha1":"e492263f454db98a8cc2c89c777e5572e854e343","sha256":"4974bda3ce7194ae592697daaccd424e6e8e231bf15187182bf4d16522e9bffb","sha512":"7eee15e6bce48c5b1adfc53ecfd7492109fa6272d866622f055b91ccc80e8bb4e9fdc350413cf4282d6b85b13fa72188cc51445cf6eafb6167d149ad45af1b8d","ssdeep":"384:RSHQzwzI46bFWDyhQ1qqo5W6m4WIQgn1fy4GaQANJVOPe4+snOcT34McbAmrh/2:/dZsunDqNs/AFD","tlshash":"1aa2b449b9d1f47453a3aa51843f440bf2674ea8a05db8d8d367c9e5adb888e4073f3c","first_seen":"2025-09-13T11:18:32.286663Z","last_seen":"2026-05-23T15:36:04.916583Z","times_seen":13123,"resource_available":true,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/layout-e1318fba240c7669.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/app/layout-e1318fba240c7669.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eNjlA9SuE9kDI5E%2FzeP%2FAE0FOBNjXrFc2%2FDF8tWHpCC%2FaLV3KklUjBxzR5Kk0fGC%2BwTF2ky%2FqTV3hUhx9SiZoBjQfRDm6OvM\"}]}\r\ncf-ray: 99f030f98d6a56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":201564,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"2d8def05eb0fd86ffddc640de68f8121","sha1":"4bff0afba9cef882277a220997bcfa9a08af9af1","sha256":"838155bc9594ce478e2991997825742a7a4e0603684b542d27e191d54eb59785","sha512":"99a0a5d9ff0e0a8cc2559b26270ff8d40363e48f98e7591205fe53000993f03d555b5f175276ec7ea5caac3cd96e4f3ba939dd8b81a27a2f92cf0fe3e770d424","ssdeep":"6144:qdGqB9ykZ7BLnoVj/4D4mfWyDJf49jG9p2A+My4xOy+PuE21QQN33JeRVZeNEq2+:kGqB9ykZ7BLnoVj/4D4mfWyDJf49jG9D","tlshash":"3f14774c87aa02ec6f995dc0c607748a4fd19513aed789fcdab9be1447b1aee1310f42","first_seen":"2025-11-15T16:41:08.347335Z","last_seen":"2025-11-15T16:41:08.347335Z","times_seen":1,"resource_available":true,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":333,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/73943-a1da367143a13ac7.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/73943-a1da367143a13ac7.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Sk2a1DY58xaIrw2Qs3qEtfPpjQJ1dC5kKwgRWS7B5SEyp342kR%2BFXYLUyL%2B%2F4OeD9UQThgKeV%2BTIuINq76%2Frg4s8lWqGPSYa\"}]}\r\ncf-ray: 99f030f9ad7c56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41441,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41441), with no line terminators","md5":"e490c41ebf0e8e65f7d80bd12ad7df75","sha1":"b29bdb1b8eab7dd7ebee21f75abd74b12cbeeadc","sha256":"7b286340f4a6040af83fdb4a88fc934389877998f068ec85355d16f6d5041441","sha512":"7ffa1d698766b0d6e98fd0e9ebe2d6705e2865fe2991462d8404d326c6b27d30dd790c32f9ebbd8542d7089799c8b0dbe41b46b47d8f1b75abdf933cfaa13826","ssdeep":"768:Ssv1I3roaqNU6UECNOatsevuDexU4wt21csRm9M1+L0DW+XWZZuU4Os6salZPljB:EtP8Rl","tlshash":"8b13629c97b119cd7d885ae9bf0600bc373e92bab069882ded4d0d389045cd5fe1bb94","first_seen":"2025-10-16T04:05:32.786226Z","last_seen":"2025-11-16T01:25:44.556336Z","times_seen":431,"resource_available":true,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/gb.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/gb.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Br61ejJII%2B5VQ5DmS1UNsLW25Un5XvgXqnrWelu%2FTjAx1dvp8uyiTMAAGjzlTr929xwI9pzBjbqEMaHIxHJltEdM5voc7hGf\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f03101fdcc56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1183,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"99a9e5571c2f5acd9cb910ce6a3f39a6","sha1":"876935939a01dae371583220f75bef15b5185c68","sha256":"5ff2f32ed6905d887f7d771029c1e65b1ef059e92260b548908cabb4e886bf19","sha512":"14cfeeacd8e2f9b67bf2e1f5b2823a98fc60854fca5afd0b10be72ad647ffd38aa4058188451c98e2045628706f0b84dcad508fa901ce146705102fed962de1a","ssdeep":"","tlshash":"ea2163c84370b5c059a74fba9f28a2dc924925f9ddc96ecd10be0538445ff5ed01f009","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-05-23T15:36:04.90534Z","times_seen":6009,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":141,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/footer_support_girl.webp","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/footer_support_girl.webp HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/_next/static/css/a0b6481c832f0cd1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/webp\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e2tBcqSbgEp1x6tjwOWuLmE7bri01P%2FH48qpUf9IL8rxOv658f0paUCZd%2B3Y8PzYZLubUvDju5odxCAoC5OY39Hegf%2BfIDb1\"}]}\r\ncf-ray: 99f03103bde956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27048,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"09c8bbd7b72104fddf5667366b91e8d6","sha1":"1132071377be49d825243f2bb3d765f27633304c","sha256":"39196e9de7c8f8487ac14dd234fd18c29134cf4ad2e240a7868dcc69ea976ef9","sha512":"6c7baee249ec1f5f52efd5e10f1f26624f1a1d60cd1efce0b18131e36626d6bbefb1f818384506bc655728ff6c6d16e49627f82c0817646acb209a8bf2565e98","ssdeep":"768:1S+q2mnK++XmZL2QnHpqX+ayb3uGNt2El:Rq2kK++XmZ6S8XwjvN8El","tlshash":"10c2e1dcaa393ea457439b0447a8ab91910ebc7b7881c6b514274329d72f7316f0e877","first_seen":"2025-09-28T21:41:24.688739Z","last_seen":"2026-02-05T15:53:50.636912Z","times_seen":1112,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":171,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/dc112a36-4dd9553e3950a789.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/dc112a36-4dd9553e3950a789.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CxLsMOyKn4QCG1zfEqXerUCPSPdoaWVho3YY9%2Fiti4TxNhBd8s6D6eevTf%2FXI33ZtbY0i0o76gYgO084g94211b0r9GepykM\"}]}\r\ncf-ray: 99f030f97d6756be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":305838,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8b0312e3e2ff7226227ee081f6693db1","sha1":"823c7003795d9623f8992900a6f337f599bb7eda","sha256":"dccd0125f7ca7c6c5f3f8ae7d813743257cb55899fcab2d63b70fdf06b2a05e2","sha512":"612eb966b9409ee719588a9f82170d4d6c9b5c075b85981a1ac0dc0fb8119997de7f6a139ba2908d7ccfe0ab342f452e39ca15ec3d9fafdc1c2a7d36cda06d87","ssdeep":"3072:Hbyz4KjrqQmINGbpJGDc0Lf1c/X6Rpbdt0myoQj7sOU1IMi9wD5yojt:HijOQmINGbpJGDc0Lf1c/qD0erI5BEt","tlshash":"295419597254343805c540a9906f094bf736292e246ac49cb36cf4efa8bdecd31beb79","first_seen":"2025-07-19T01:07:13.417114Z","last_seen":"2026-05-23T15:36:04.89238Z","times_seen":13182,"resource_available":true,"data":null}},"time_used":442,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":317,"receive":125,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/82849-380dffdc0dc4ddd0.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/82849-380dffdc0dc4ddd0.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yhSrFz2HM6F7FO9eG2NRN3mLKAUQl6tm0tSewBVaio2gSoju5A%2F08pENmoW9fvf9VWLY00hNYPkvlYF7TLx9PVT%2Fec%2FpkRRz\"}]}\r\ncf-ray: 99f030f99d7656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":178013,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8b2dd0a100347fd3f84d241021cdd6e0","sha1":"52683de19b9bddf38b646469032b1ed204fd633c","sha256":"ead8fc5762bf83c3e5cfa97570dde8bfc968a4f3b34eb45f22b063d00e408a1c","sha512":"5bb93fd32f7c31627654dcc091b930d97b69eaaf3664d0d84f6a2d01c6695bf0492cff6639f69af8d9d79ea2e51650a242e9646457b5920a45ebc40a78e67bf6","ssdeep":"1536:4UcXlryCtX55mQPVpmsuIurLJmvU340MLsUDG3BZN2EaZxVcGR5c7dhP3Whj21m9:3+v","tlshash":"6604d5debba0a2f4f005e7f8d7125468366b39fe6e52ca68c3a91d14e90108cdd59dc3","first_seen":"2025-10-16T05:32:37.319774Z","last_seen":"2025-11-16T01:25:44.555828Z","times_seen":423,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":119,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/free_reward.webp","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/free_reward.webp HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/_next/static/css/a0b6481c832f0cd1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/webp\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NFxnXIeCuSmQThLneNs%2B7M0buAUcO3vhRqlTXFZl5YxT0ZIoYfV%2Br2N%2Fam05P6H3HWBCMpqJsFs5dX0%2FToRqLphc%2B6tff66V\"}]}\r\ncf-ray: 99f03103ade256be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9602,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 390x108, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9ff1da902b946265f24272fc301815b3","sha1":"395daddb9c99b6f15b2651985a115e6395128db6","sha256":"67f87d0d17d6c7549cb8dfca755651258f123d24bd28e67bf90a6d1777831edc","sha512":"3e60ab0677a151c7eee4111c0269503dad38b9e36e9a7d52e540968d642612aeecaab21091a3c3795943bfcd701b51efc87ffd283a8273a4159484de4a362e29","ssdeep":"192:AXpAE6uvkjO9qzNScQt9EXi9N6y7D+AKbr2i5+q1Hj70rl7zkmt:AXX6s/9qzNIjr7cbiIRjorhJ","tlshash":"35129e54b67eeac19fa7c5ef26f093931236a77d11b1e8c3087d1ca64464930f384a1e","first_seen":"2025-09-28T21:41:24.335314Z","last_seen":"2026-05-23T15:36:04.906565Z","times_seen":3697,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-15T16:40:35.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 15 Nov 2025 16:40:35 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, Origin\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m1ZuyoQki7d5cx%2F9MoG4ohC6DdEgjSkjyEBmZw7Vutig6WUJFq0GEU%2FSu5wQJZxSTk5A4kRcwGGGpdRI4u6P50nbjPkmVowC\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 99f030f71c4a56c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13724,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (13724), with no line terminators","md5":"0eb1ac3186273594489e241547c555f5","sha1":"43726ede186ddb029aa785c94b51c31d87b0533c","sha256":"9b8decb7f47e919584f6b8217a320b2e32db3689c2c6b6ec8e0db2add8fbf68e","sha512":"2654f608b9d2e54efa4154f61296987317edf11216b26e6266313ecefd3655ce7a20a146bc89b83b329f7cca7ecdaca7744f5721fb0ecb08f8cba88d9ebaaaeb","ssdeep":"192:a5BcBvB2B4UOA21RWK60hnvefSpGB913MCzqS6bHEbC6B6bg69Doy0/t:a7UJu5OAgRWKHvuAbHEbC6sbg6J0/t","tlshash":"5e52111fac05cd069c37ad5d413f9e3a90cdcd378a38d9b8a18cce5d16529ba1bd9c81","first_seen":"2025-11-15T16:41:08.358118Z","last_seen":"2025-11-15T16:41:08.358118Z","times_seen":1,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":70,"dns":45,"connect":1,"send":0,"wait":157,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IaCWMp5uHHMXw%2FbMR130NERMcNqmortcusfewYDjSe5yOEM%2FOtBESoXdrFEXgqqlMnq2aAzdRuTQntPxwZb2%2Bpzp2UJDyIcq\"}]}\r\ncf-ray: 99f030f97d6356be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168420,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"15510eac41ab1d5ef4d07adf66470336","sha1":"af7eb0a2168918b5999e83b71a10ba52809f38df","sha256":"e5b9e2570593ab1e59ae6a397baec8491e4c3d5e4628aa1439940ac0e2aee2fe","sha512":"116e3ef82cb1608f729f9731bf3ba61a1a75624fec0adf57d0536e5f7e1abae6c939e93af5bbde399079cc1634b5ffda250a76f08571d2e30c88eceecd05b22a","ssdeep":"3072:btfjLiM+NFCC4YQbCCAaI/02UHCgwLRE4:btfj2ld4Y40fUHQRE4","tlshash":"0df3f7e83d99e2116eb342a7109f2803737c262b240d4c60a615fd9db5b845bb17bfde","first_seen":"2025-06-09T17:09:55.347659Z","last_seen":"2026-05-23T15:36:04.89081Z","times_seen":13199,"resource_available":true,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":126,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/73345-b438bcc17722696d.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/73345-b438bcc17722696d.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4zXPMMIPBU5M5yHoBuszg08GAD4FfDgRp%2BZJSSKS3L4lQY%2FmmWlloYOcio5F%2BB%2FvArure8lq6m3djQ%2BnN%2F%2BDj5fU3O62oqWi\"}]}\r\ncf-ray: 99f030f98d6b56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":325834,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"eb597de485c3029dc93b6f3225acc0d7","sha1":"d3a6bc9d6749ea9f0ddd1b1862c90303f3ec3254","sha256":"3513d69dd757c29044eb92ab6a908ba6755e0845c38105ab2e196b0c75b96583","sha512":"1420716788ac11ed76547147942bdf2329c1bcfe8770745c3bbce32f99ca5c5866e20253ced9e0ebc4597003f7404825de2b601f8d24b5c2fce1125eadf0ad63","ssdeep":"6144:bV5sFqdfuGDdF0pL8sS65eILs3QKQmiOB0lDz:bispi9mVB0lP","tlshash":"ef644a9c7682b474939b016a807f0107f37e2d57240e4824f270d9ee7975e99a2b7fb8","first_seen":"2025-10-16T04:05:32.880573Z","last_seen":"2026-05-23T15:36:04.913036Z","times_seen":13090,"resource_available":true,"data":null}},"time_used":440,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":184,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/4533-d42ff445e36846e9.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/4533-d42ff445e36846e9.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FAk5qnpVPUzKxsZby99QmtVbKjljkRtolDPxtkSXzvP%2BdlozfbFyWpNJqKJYNmq%2Bg9KID7bWFTjelXIsYCMvwKJMBkVCCQBw\"}]}\r\ncf-ray: 99f030f98d6d56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":950239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65352), with no line terminators","md5":"5ab80a8e4f4e9832ecee51c63731d21f","sha1":"039da105e045b2f02a0c011a42154823dc9a9587","sha256":"95dbbc5ccb76349ba9de76d0ebfc23b5de82e1fbb9f0885e5af3b8bbca6e9a81","sha512":"978812b7099d1ce5531cdd4ea836029f40f787d60c1fb24b3c36b34425ac0a4dd5225d988be4091978ca7b38e64aea36a07285632bde1f98438805406ef55e8b","ssdeep":"6144:+w/lsfDuv+PunKOuelr8jbdfjuNxPacdwqw7Wu58wMQTMnTI8HJbt4KOHC5VdgNn:rhnKOPR2IScXFuVMcsJlVdJds","tlshash":"3b35c936844517ba2bf3319469e677caa18e9208c3d4fbdff1e5b119118f8d4902daec","first_seen":"2025-11-15T16:41:08.360188Z","last_seen":"2025-11-15T16:41:08.360188Z","times_seen":1,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":226,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/95064-8ece3d2817a292cc.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/95064-8ece3d2817a292cc.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D2Jlg%2BrGLRrdpV8OhBRIkRgcSIATmfIhNMbZdB1GbQhBvCfI2jLiQRXaS%2B%2B103SaNli%2F24cBVJ7bM%2B5xyC8KecNuHIFQpMIZ\"}]}\r\ncf-ray: 99f030f99d7756be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15030,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15030), with no line terminators","md5":"1820ac6716b4d7fabd4dc1c1f875bf6b","sha1":"572e78286fc5400c9ae75eaf833f43b33d7374f2","sha256":"e10d260450467cac4102b28d0e25aff8e28aaf534178f2db835f27ffbf2e2dd1","sha512":"52e76827863a4baf602a24c2413c48cf40f80113c3d950c2f2ade8e9c77497de7207a1ce270d6467f01cb439d622efb0c06dff646581c420547ef8bbda8f43c6","ssdeep":"384:mTEzSMQjeMy1BHBB7V0BvDrXIwXJ+ba2YUSTNN8txdOTTpPNUp0icpUAHEvDBUgx:wEzSMEeMIvp0h08J+G2YnT76WM+HTY","tlshash":"0662a42e9175adf4f2526c689faea40c719f958a4b1648bd777cbd3000894ec3b137ca","first_seen":"2025-09-13T11:18:31.957785Z","last_seen":"2025-11-27T20:26:36.441914Z","times_seen":547,"resource_available":true,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":175,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/53069-c58f8f632eda4cdb.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/53069-c58f8f632eda4cdb.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TfziRW3etGCk92IXITAlL0VU%2BjuKeb6BdKpGkwmAmMSmf%2FiyLSlbXGw6TcL42KZs9%2BUQzaRvnr0MQtGm%2Fa4%2FYKlylndlb5Wl\"}]}\r\ncf-ray: 99f030f99d7956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15859,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15859), with no line terminators","md5":"da17cad8d521aded130ecf6e4281f047","sha1":"00d75b30a6986d64f8a8ed731ef76480b061d93b","sha256":"abc0e12aaa96d7f95084c61c15d77a04b9eda96dd5a611b1e9a405fe48de45a5","sha512":"2bd6306ac6bcf07f3d8bf0b56c3ebea800aeca4d170fbc0a932d379ba5d38fe2d4f74512ce255eac02202d528b39e04fc7c6ec08854a2a015e1409491ab9529a","ssdeep":"384:G9+QZybNhuWIpYh1IWtfmg2Lr4i4ysxQVv839TORERMR4e8TefNxBc:25kNhlIpYPIWtfmgcr4lysxQRkT+4Q47","tlshash":"72620888a399a6e0f6819bf8970f611db57f32a08a49c8a4f3707d3060854ed7e55fc3","first_seen":"2025-10-15T03:22:35.364489Z","last_seen":"2025-12-12T08:06:26.80288Z","times_seen":294,"resource_available":true,"data":null}},"time_used":193,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/fonts/proxima_nova/stylesheet.css","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/fonts/proxima_nova/stylesheet.css HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/_next/static/css/dc249df9fc15b505.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8EeLKQgEBwUBjgedNZ4fhvqpjfIRZcv%2BBTEZetRoV0b2kZtTdBGBiRhNRAjsgprSfxhpo9%2B8ZWks3h2yQkkLjJadtx5pIyus\"}]}\r\ncf-ray: 99f030fa6d9256be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16610,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"673fa97a88bfa20fe973f673a53b3eb3","sha1":"76e3dba5dcfc59e2743f9e311f00af3713558911","sha256":"c95004c3ccd349ab98e3399fc906b32ff9175ada6c1f8c96eaa33e2f11cd1a6d","sha512":"c50ee40dd523a9d412e32e2fd7dead904f4db96155ccdf0966b597f4c5b58040616fbe64f27a5a525761d3221bfd8a8a77e7512e793991ccd6ba803c8f966aa4","ssdeep":"192:Yz6b6dlmqgqYGVNCGAcCh2H5vwCGmhRgSem0pBjqkCY9WTpnOPx/OSW9r0tZxjyL:0aG7KUC4ZYCrz2muZHCfWctAH/uNB22","tlshash":"e0724942cccdbc624aa6148077fe6ff60b4e28559079ad57ff3c38389d115adc68472a","first_seen":"2025-06-28T14:48:13.079962Z","last_seen":"2026-05-22T13:02:33.778388Z","times_seen":6966,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/main-app-fef4a8898ec7782a.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/main-app-fef4a8898ec7782a.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LSj4BFJ0cQ7sPVogFFa%2Boa60tksMuZjWuWwFqsQ5zyAFA2ggsOXUvuGIa31C%2BlPSrfCq3fOUZeqcP1Br80yAnaeyRYmiVure\"}]}\r\ncf-ray: 99f030f97d6656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":537,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (537), with no line terminators","md5":"c06acc17c28c2888a1a2466b0a0d12d8","sha1":"63d7278ad805cf6b27e6fb76daee100f7cc61afc","sha256":"90a949795e63ad10200d2f57df2706979fd66bd412caea2130a9c707e21c5d5b","sha512":"745f5cba8c1f8c006b2d9a1f8ec15fe3e66d7909766f446755243e1b63aa4d611233d9fa175bc9001bcbce4a4a782e79feb80846ba96f394b38c1ed2b1f3c2bc","ssdeep":"","tlshash":"f5f0fba55f0df42f5d266e74fd97ace2184f4275206b4e647d01dda23c67b6cd260408","first_seen":"2025-09-13T11:18:32.65005Z","last_seen":"2026-05-23T15:36:04.933295Z","times_seen":13173,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/24464-a28857939df965be.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/24464-a28857939df965be.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CzROxichZ9ti820DteTtRuSmRR%2F%2BvKsjhUkjP%2BzPeg88pqA5d2FHjE0lcBQgI42xPB9CR61V5PEjzRtGDrNRePLeuih4BPXj\"}]}\r\ncf-ray: 99f030f99d7856be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2704987,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65481), with no line terminators","md5":"8808228e4e570f7bf5da81252ca4d80b","sha1":"e4a45394f880bbd21f30269030e7d1fd8b7bb331","sha256":"908dcadffd4879c666c96b4fc6b92222a45cc91e0e6f4a3be819d681a68a889c","sha512":"52ae288e157dd164a89f0798a739dd85f600b2a22dfb7472a130a4f982dad3b3e16bd8ebb82cc493982e8fd5e4c0c68094bdf930c9ac7e55981950387c3984b3","ssdeep":"12288:6Je2e02xEzaIGTBrfzLd91WJ24cvYkjZli4CnLPwGDkiqCCE+WTjjXHPxy0D8eUH:M/cpQlKxZNgvIh/VAK","tlshash":"c8259319ca6602fd7f586c81ca4774698ee282436fd789fcdaba7e1447b0adf0301e51","first_seen":"2025-10-16T14:33:44.870431Z","last_seen":"2025-11-16T01:25:44.565435Z","times_seen":418,"resource_available":false,"data":null}},"time_used":635,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":311,"receive":324,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/it.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/it.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wAH8DAaV8IcvjvA5OfsHxbst8J5SpF%2FPJ0kltWMwmiXZRyTPq%2BFV%2FFqiWFwIDPAU4gm2hX0Mfwypm2wt11lzXJViy4ezAeSC\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031044df256be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":270,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"4d4f20f2f1c88447480002bbf675404a","sha1":"e4a918db17e02d130c9733d7457211389b459535","sha256":"41b974254f3dd5b0853af7585c0417998a1ffa52e97e000fe2af3eee2c916d57","sha512":"04e180d7684ab9fefd920a74433c7fdea73380c5ec2588d6174ea6c14a20bdf1ebaf250158977863fd79051cc5012e5da4b9453f88998262b5cdc1672810ad79","ssdeep":"","tlshash":"e7d02b9dd07de0c448229bb03e9e31c142962327364500daf04b271861cc3ef7e41f04","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-05-23T15:36:04.940238Z","times_seen":5821,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/preloader.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/preloader.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/_next/static/css/dc249df9fc15b505.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5PNw8q9dH8v7shPtPnbZAQ3Jeh4Ui7LgzezWNQDuYVK5IhwvuO%2F0PFFLa%2FbA9IIDr9QjRwGymwSNrzeZBcWKwdGjhncj8KiW\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f030fc3d9c56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1652,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"d4cf0d8e07d5ff0a22dde176b5e6926c","sha1":"bb3f41bbc80202459f3bd9a27054f855523f8ea7","sha256":"caa934ceb360955e8ef4eae0984d9ee475137fa2eee2b013586e25461bc1703d","sha512":"03fa93b18e1610abefaaeee02782234d164bd6de0d27aff61c5aa02e260d50e0b69233306e46bcabac18c6de2ce085a5859bd4ee71c2480acb0e4a719a3c5123","ssdeep":"","tlshash":"703122c04abc425cf604a6a9cf122875be1a64ce578564baf3ce9d06935805b8e0299b","first_seen":"2025-09-13T11:18:32.012309Z","last_seen":"2026-05-23T15:36:04.911953Z","times_seen":11106,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/31684-b8837a619f76486e.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/31684-b8837a619f76486e.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N%2BHLC%2FkhcC6YBK4QVffz8mAK%2FFtZX8KFeJ4UYh%2FNjwXvkTv%2FC7cggFVMwmX6cqaEOcvQDrgj5OMi37URKOugXBy7OZFlWbLh\"}]}\r\ncf-ray: 99f030f97d6456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":176018,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8c9e1f9e9713d9d76f976369dac25760","sha1":"1d7cfa0fb89dd89210e337557ab9af8fcb9e7e17","sha256":"07adc3c304cb5798f2e26622c0215307b7b65a7f8bbb87a32f44832f781b75f4","sha512":"a34dc478e1f217f0cf2d8a2c291b933dfeb5121fd41a2f08f2ec3a5b526ca55babffd1358cf0b55ad15009821510b7f6ca9a66793931023d3910d85938ff1b0b","ssdeep":"1536:3Hk+1qVc+dJWgclHHlU0Zb8OeM8aZLoEAEuRaQ3aTcXH10nZAEUOW/oM+G6GZVsT:VqW+dJW9xAMiEuV36XZNGZm01A","tlshash":"5704b8b676d0f89107a780d5843b400af3395c3b146f74a0a3e6cce975645dea1b3faa","first_seen":"2025-09-13T11:18:32.512742Z","last_seen":"2025-12-06T23:52:39.117547Z","times_seen":597,"resource_available":true,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":90,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/landing_block2_semi.webp","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/landing_block2_semi.webp HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/_next/static/css/f0cd90a8557dd1ec.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/webp\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T8o7JzgkQ3kB284xiVKmY6xECaACy5%2B3V3jgaevPu9by9xqn5Lqe1H%2FCYgB9CYsvloGJ1kJmWm2CxJwA70r%2F8IrNP5QtwIu3\"}]}\r\ncf-ray: 99f03103bde856be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24676,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"47d74556b89c1c11a21aa2b58bc110f5","sha1":"a3d1d4247a04deaadb8174be4004a5a04da6c357","sha256":"e171b6c43373ca9288990a9541f4dd9d3c427c240403935c00efcfd01c66cf9d","sha512":"23f0e2921c40d067c4d4df15fee5571b954b7f4a02e219b27eb1329c0dd838fd2f74a092a28c5f1a66123c5e0f723cca0ea6b86a41d94043707bd95c2ad015e6","ssdeep":"384:278MCounIgHtN2T0f7Za2YL1waqJnmLZfZy83USSxlxohMbH0hWm6AbJ0Q+m6RkJ:CijNZfm1Q6lZysUnxwiHRAyXW/N51ijQ","tlshash":"f8b2d0d39f4e2fc47d34dfe6e56db1de1adba31116f552803a161603803fa5e9878029","first_seen":"2025-09-28T21:41:24.519831Z","last_seen":"2026-02-05T15:53:50.628717Z","times_seen":1112,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/53090-941dd81da5fa3210.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/53090-941dd81da5fa3210.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BTAbnqXOJHctf%2BmVrRpgsYP3NS7EEZyc0unKD3fzEU%2FoyJpWsIMCABqVxUmZlEh%2BwtP%2BeGaJz2PJ3OBPDvNkgmGhKJ9wA1PB\"}]}\r\ncf-ray: 99f030f98d6e56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15666,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15666), with no line terminators","md5":"15925877203605d5f2355beb36d57347","sha1":"17da103edacb7e181adbf9304938d039a200c1d7","sha256":"a986f72fb7dc330235296b864ba0f244f1126b2eff777b8a13ae36875dc96157","sha512":"ad516778c2e0dcaa482b03f5ab7a44fea87ce340ae85aba921277db245d9e6c5a49f70a27eeb99b6bef662c873647590edc83e75c63116c4e456045245b91568","ssdeep":"384:hC/SLOZgztFl6pfisYkxdZEAXtwdt4DvWmV9PvTLsb6r7/:Y/SCZ4Fl6pfisYyZEhdt4yIWbU/","tlshash":"0862c6e0d362fad8ed6785d5f12ea906b11f2f988b19c074f6b85c2053181c4ba27b9d","first_seen":"2025-10-16T04:05:32.826709Z","last_seen":"2026-05-23T15:36:04.940848Z","times_seen":10988,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/css/a0b6481c832f0cd1.css","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/css/a0b6481c832f0cd1.css HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ppq19OOa7aalEx93GkLfbJvMfZJIfvByT63PGbF9%2FuNki7wEMAxs1Ub6gLo7VrXUHYVZwVtth3NRd0XgRFkORGsGDRjPyI8d\"}]}\r\ncf-ray: 99f030f97d5f56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72510,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"f943c828316d861c0e170671ba597068","sha1":"c2b2e4ae7b688fe40e84dadbd75bc63a8bfb2b34","sha256":"c632b180f549b7e88c9ab2db5769ad5264b7dc2b43c07c9ad8c70aba5c122a06","sha512":"e1467d85dbdbca91b2c6644b36086cc9074cf8c4467b96edd1b8faa208c319f48b214e64144de6a5d41e185f00d9ec4709a6f2cd38cd1c8a1cb5232770c6a052","ssdeep":"1536:khldf4YFN6JUZqCJIbidBz9XMli9PozWNw9cXMomUgefzXu7Z:+36B","tlshash":"c163a8315238f53cb977a81371905acf7068d503e5736aeef964b93a80c76a33a2234d","first_seen":"2025-10-16T14:33:44.874398Z","last_seen":"2026-01-30T14:20:26.864524Z","times_seen":430,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/(auth)/layout-21ec38ef81635840.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/app/(auth)/layout-21ec38ef81635840.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PuJp7AXeGiyUB3DD1G5OZu1ERtx%2BqjXlbYxYF1Eqht8t2C4gzdZ5swC0aki9V%2FhKt8jwdBSTb9pqjz9R08fJM5f0BwKFi5kg\"}]}\r\ncf-ray: 99f030f98d7156be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5634,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5634), with no line terminators","md5":"eeb148fc570d2378a9f4fb4cef9277e8","sha1":"f15bcc479e6192f1c27e2c50e9957c34d69e1dc6","sha256":"28e0352c26286fc5b9430539a76f6e36d0f8ade3679fef2b830ed3805fb8b690","sha512":"0d5e4e9dc24973836af109e4586ee36dfa759ed54863e94049c0c21323043a57cc61354a7d5016b098e269eaabf1fe4be8e76ac9b487c6fe54177f0e396d92c5","ssdeep":"96:XZ8Q2TeV9GCuyzz3qZqCLXx29Hn5G9UV3aQ+7XCrUBTCUBTVy19GCOsY89GC4b6:p8Q2TeCtiz3Xqx29o92d+7XCrUIUvV3g","tlshash":"70c1a5b7b6c5fdb2565688d088378207ba503d37205fb480a7facce53169dca44d1f8a","first_seen":"2025-09-26T22:32:24.049018Z","last_seen":"2026-05-23T15:36:04.904069Z","times_seen":13127,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/mix/landing_girl.jpg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_girl.jpg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T17:07:55.698935Z","times_seen":15618608,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/mix/landing_girl.jpg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_girl.jpg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 45775\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=awRotvhljQoyjG9kagSHqfjIU1L5N8U9y2tLMWDv7LjFfTJ%2F6bAw1kOxzS7NsonjRoW4pZvQI%2BrH9RPhhmDoyfOlMaB4jQo7\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031020dcd56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45775,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1184x514, components 3","md5":"e3369807688282f5f8f0e0674433e94a","sha1":"659fba13047b8945efbfa245eaf83c2fc8c60c17","sha256":"cf3dbae20a4ebd218ba2c24706405f94a717ad219f54e3e46722f2cfd6994449","sha512":"f651d12914cc1f77f3a4031ebc614acce4e0ebcdee1a48f05199095a97563ce150a9b860ff646abe87ea5903caa7c37d56f6f73ccd98cd7e6b44bbf8035bd92f","ssdeep":"768:/8jBOVR1XMbPWCn0+xiR5MgLGrwFgbBdSsHVijJilM40aVFxb22/9KTLci8FhvY6:/8YYN0+xiCwcB71ijJ2MCsu9KTLROYEx","tlshash":"d123f117c7f9d135c4a185368886aa8fe96da2f80527a14b4764ef1e3483ff8bb9401c","first_seen":"2025-09-28T21:41:24.696394Z","last_seen":"2026-02-05T15:53:50.631174Z","times_seen":1112,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":173,"receive":110,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/de.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/de.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:38 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JTJfcxbtimYGQWz818r%2FKYmwPqeVvCEqyGOu4aguGAzmjU4%2BjjQTSMBOcivNjpyPGO%2Fz%2F6yl%2BprtGnZTzET4xgDMPOmTRCq0\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:38 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031044df056be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":271,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"939afd91bea7074f84f4a328ca095295","sha1":"1a8edb7520cb812fd35996134ae823fe8ade03d9","sha256":"8e3c8f938c6fc4fc97c81f398a71d0d789b44b6be458469d7056372a2c05837a","sha512":"a3922e78b9ac5209cabea2c0945d474d24035a4e78297b3105779cea945b931ae83a59ffbf73e2877f2da42e0ff7fb5f23c297c1d7f7d09da3644ed63d82ef6c","ssdeep":"","tlshash":"c7d02bd8506ae8c04d16c7603e6c32c1288a6259238800dff0835338a6cb7ceb745f50","first_seen":"2023-07-03T07:07:12Z","last_seen":"2026-05-23T15:36:04.936611Z","times_seen":5810,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/49080-2901843180fabd12.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/49080-2901843180fabd12.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NhbGwZ21RIYq2JNCxlnKW25z9UJmYaUjrAmUjwD1hcNHUto%2BcuFpJdSMV8u3LrLqGOstCq2TKDyS%2FVySJ5DIcOs%2BLUwSaOlj\"}]}\r\ncf-ray: 99f030f98d6956be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15261,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15261), with no line terminators","md5":"69b80d969aaad07036978bda468796f5","sha1":"e06516d12bff2faa89329f83289d27d4ac369917","sha256":"5f09712195529d437bc348578aca6c679da21c9bab03b7d1012f70a672a5e017","sha512":"bb02ebc1b0fecb6ec0cde686fa78655706bf3f50939f8e7b52347e7aa9811af62fd5e477fda50bd35febb5fab3c591e88fdcac416da22b22d3c1b90f3d9220d6","ssdeep":"384:OQLgSjUuqTsJIMnocJPYVrBNfF17KGYJy/t3F:mSjUsIXcuzcpy/tV","tlshash":"a96209a0b580bd360367499180ff4706b335593a5c1f9498b7b8ccd562b4ece41eaf8e","first_seen":"2025-10-16T04:05:32.818988Z","last_seen":"2026-04-12T21:07:55.02759Z","times_seen":6851,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/30731-19de50721de60a13.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/30731-19de50721de60a13.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p8gstySk5TItEumRQ8nbrqeMyIsuQLnKfdSsPyTap%2BZFCuMnMVQSAxdUpeR81q2uK6JDlWD2VqjjTbDAnAwcY5SOIlNqrdzm\"}]}\r\ncf-ray: 99f030f98d6f56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":910744,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"0a6f403b4f59187fb0a165c9821ac3fc","sha1":"d6ce18fdade2a25f708897c701ff2f11c6b6937d","sha256":"6e6fb1f3038f822ca348ea62ee3c31370dc9532cb4c315a3d0724e3c2b473563","sha512":"64a67dfb42b4390435192862c524cfb6f5c0cbadafa3469a133def471589a44c01a5062ac61e337eff6570591bee8fb87d1b129e5a441f486604b7971830c312","ssdeep":"3072:9dHg+1uKewJ0Byiw1QRi8B6a3bmicWAM7c3jiPYFEcFBKKMhEmDwlQx:9dHxQRB0Dz7vMKmDwQx","tlshash":"a515b5985bb553fcf405f7f48a2ba4b43f6a38f67a42c4b8c3a91c15d4520ad89a5cc3","first_seen":"2025-10-16T04:05:32.777392Z","last_seen":"2025-11-16T01:25:44.554929Z","times_seen":431,"resource_available":true,"data":null}},"time_used":639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":382,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/58172-2e2ad5efca352ade.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/58172-2e2ad5efca352ade.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Oms2DJ9ScwzP4fZeTlLKHNUYjIr7UCACL0dbxhPrYBwxc2Dck3%2FdkECezSDXpVMrBadr6DHI%2B22rc3yyfB8Dykg5u7MR%2BJnp\"}]}\r\ncf-ray: 99f030f99d7356be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15156,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15156), with no line terminators","md5":"a9784916761bd2bbc76012952021d42d","sha1":"253cf85cec6b9a53b449d758e2d542a9a182bc23","sha256":"c0b7563919543117a0168d95e03a8812821df1f79a8bf094dadda24536660d92","sha512":"54d0abe66c6ec80868c406f1838ff8760bcae6758bd406c57e29d3ae842812ffb81cb315706c46e5d6a26e8bb80c7b1fc2787d02e360d635ebf22aad6c3c7431","ssdeep":"384:H74ml/FeOUGcg70p+tlof7VCEv/f2rVdVOmo778U/eWJV+o6:b4mldXUGZ0p+tl8VCEv32rVPOmg8UWWo","tlshash":"cb62a6d12b10495d3583ce7aca363929f2ef69ba393d57401168cb3cfd18ad4e6361e8","first_seen":"2025-09-13T11:18:32.621492Z","last_seen":"2026-05-23T15:36:04.894597Z","times_seen":13121,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/53331-b84ec44a66d742c9.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/53331-b84ec44a66d742c9.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FjJ0gcUug%2BCD7TONM0eByxRGev%2FmJScQ9rW7vMkAuJMmcjGzBGjC8ebGw55bV%2FXtWV7xfA2PsGTgJnFT7BcTF%2B4C5KOTbND2\"}]}\r\ncf-ray: 99f030f99d7a56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23606,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23606), with no line terminators","md5":"ffc2a9646f640ee24bec96371d8896d5","sha1":"43fb84011d63dd3ee53c4c5a6ed7bee651bc780b","sha256":"ee75b3f83f6bb1fe59b15f18a040463973036c403110a597b3e77b659b240fc9","sha512":"19765f02ce6babd708e5a582fce2a697188168486b56c78f66d75c7ad4d29e02371f839d2b967fa8094e949f2fa6de2e478d24e24b3150f0eb404dcef6fe63f6","ssdeep":"384:/bEM6MGSQhbWOoOSQ6b82p7X4WsIBcf9CkSfA9CM3ORBq5T25iaTuJ8jFNDtv/LO:/L67hSOoe6h7X4WsIBu9CkoA9CM3OTq1","tlshash":"63b2d7e993f4b6e0a006e3f8d607a8793a6e19fd7b32c95893d95c20c5910dc266ddc3","first_seen":"2025-09-13T11:18:32.113392Z","last_seen":"2026-05-23T15:36:04.918685Z","times_seen":13108,"resource_available":true,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/api/extra/promoIp","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /api/extra/promoIp HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://winzzo.vip/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KOpS%2BkZEFlUd9KLUVC%2BV79XOjNTABczF67fAG2whwiQ4FHlKBMXvrX%2FXu7oiVAmT8xZl37hM6v1LKdMLQg4FjVi%2BZDXH%2BHC%2F\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031009db856be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7363e85fe9edee6f053a4b319588c086","sha1":"a15e2127145548437173fc17f3e980e3f3dee2d0","sha256":"c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97","sha512":"a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85","ssdeep":"","tlshash":"f0600003000000a2c000220002382e202080002280000008800c20088a20000208300a","first_seen":"2023-04-05T04:17:27Z","last_seen":"2026-05-23T17:07:48.636514Z","times_seen":143477,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/mix/landing_zeus.jpg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_zeus.jpg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 83969\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WkaUVd2GiPTuxTsWq06p9Z8%2FIq%2FsmzUBpFY%2B8IHXV16wf56rMX6QDtyeDNJbZ9WZ63srodB5SA7wwsO0crAIU7D%2B3tArxrqF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f03102ddd756be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":83969,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2368x1028, components 3","md5":"83ec1ea64ab4794c804fe2f0ab1a3fa6","sha1":"67ed7e35a0495f05f884cc1bc8a67fc94d1e92ea","sha256":"f9c06cf1dc1c7333cd51fd41fc8c76769d11af5972cecdc4f51f0a5f4d261762","sha512":"30cecfb7a17c1c8429faa60edf6ebba0c86697ce85ebffb34e779c48a8aefaa51a2d94a7a6c7e2d99c381e92fc7d64405e37a655286894eea032e8d3581b280d","ssdeep":"1536:j2imp411U3xRic+oIoJr0MsYSfdvyeeJKHomJVeTVvnADAX6Jj/:j2imx/il1oJC5vye9H3yTVaAX6Jj/","tlshash":"6783029e934411dfc9f957304347626437ee936ef62842c7ba2c5e50baf4b942d13788","first_seen":"2025-09-28T21:41:24.142956Z","last_seen":"2026-02-05T15:53:50.637753Z","times_seen":1112,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":116,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/bg/stat3.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat3.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gGALapOy5kGvnxcvDkZX8H4GiRGKdOBgjEnOtRGKkMPKMVy2o28a5aRcIefARF79p%2F%2F73sBQjYl0oVO%2FZcxB%2BfIbuFDmK2wN\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:37 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f03103ade656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3827,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"1b07edac84752d7c56e382e1f7656115","sha1":"1ab72bc6895070dc7d55c8d87d4f4f907c19c019","sha256":"979df951bda3030c2abf6f6508fa7d5914c95535e4c0ed1f20a836cf2857bcbe","sha512":"97c1a7ff703378b6ae5555c686ab628ac9387b52614d1144beb72d575391ae717a0e25c981a4de8366948338760c57c8a8c19913f1d8b37661a2e96c1496af66","ssdeep":"","tlshash":"9a81b4ef5fd402b4d889d3e7ee3214993e4360fa5a8a0d04f36cae89575585cdd1a8c3","first_seen":"2025-09-28T21:41:24.193021Z","last_seen":"2026-05-23T15:36:04.926931Z","times_seen":4893,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/countries/in.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/countries/in.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:38 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oY9xvTxHVO4tvfQXAI0WKgEQ6557C7bnn9I%2FIVL0iUDane5nbf0HGPsVimVUdjoaO9pE63yNHe2P9mHc1meF95uU84tDOuAr\"}]}\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:38 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f031045df456be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2301,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"f0c892dde95804d59b20416b8db9fcbe","sha1":"41f09b07a8c26144aff93575ba4a07a0122bdae6","sha256":"aa82222076d0dd86dc6f37947faf10333212886549a33c4fcf6b44141b702018","sha512":"8eadf55e31f49edebffdb864eeec76900caf6f5163d2e3cf1988757271bb7c5e2c26c3986b4fe5b2f8953e733ea0c4bf4fb3cce0ec4d1010e20f5125abde3ac7","ssdeep":"","tlshash":"2e4165a9717df8cd9b01c6fda63bb9f1b00f50496b12d3a9b55b0f0a481a4fbb0056e0","first_seen":"2023-06-13T16:46:48Z","last_seen":"2026-05-23T16:14:08.326464Z","times_seen":5445,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/favicons/greenColorDSGN.svg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/favicons/greenColorDSGN.svg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wNHQnBtI20YtucBHIVq6c0F7uJZqRT1mvdt%2BcY1N9xeAe9ukONbtwrBOdsTzYi4iqZm9VSGfNOHqtCxCqSs1bQ0VqiX6oE%2F%2F\"}]}\r\npriority: u=6,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f030fdfda856be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1468,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"50679c0c5e3ed56d05c1d0ed312419a7","sha1":"f9ea27ac71a78da2d61e14b84ea77ce447920d9d","sha256":"c164e1ea36438d14fea9b88996d154275a4c92fd80bfa082c7e00a343f241147","sha512":"163d4097d60ecdcf58cd01ea828e74491b0e27fcf3d40a2e7c56e6c90042d6d9a9b6cb18825052caf8799836ad35a44c1c88ffd2c35ce5d888d23716c27dd0f4","ssdeep":"","tlshash":"a4312e9e77fea185f448e7f8023999b932d36cd33a04d8282bc00c02e98091e9c9588b","first_seen":"2025-09-26T11:40:39.971586Z","last_seen":"2026-05-23T15:36:04.942424Z","times_seen":11113,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/greenColorDSGN/mix/landing_zeus.jpg","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:37.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_zeus.jpg HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T17:07:55.698935Z","times_seen":15618608,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/css/15eaa3abd2a4520f.css","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/css/15eaa3abd2a4520f.css HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c%2FQkmgIQmfYpcp7fF%2BBiAWUPd%2FykqlewZpAyNdkHdWksbzuPuau2tDRDGTbsjENY%2Bq68djx%2Be4EkLKHOvLh7DIMI3bf17xB3\"}]}\r\ncf-ray: 99f030f97d6056be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65589,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"44bfd0e7977587f5d9af865d32b8ff03","sha1":"793a112962d1173f91fe1d0075e83bc5008f5f02","sha256":"5f9e7efd4c4c2838ec615b8068201d4418260e8ba2df5299651f5dd6cb5bdc32","sha512":"9b7b6838e5904f01af71f98c0210c3dde167de2a94d9e7302c2b7d3af9baa289a6676041a5a1ac7864b378757d3d96c73dd709440cd9327cc02be850f3b05d1f","ssdeep":"384:nRJwjZNm4DaM3A9ql/ekkfBFiDsyoVaJHn4wjdOjDl9qOujkem0SgnFMUPIZWqIp:nRaDadggpfBFiDsyoio5Xem0tTQoAna","tlshash":"d353d9324235643cb5a7d422b6d456ce7139ca47aa331aedf45db92a81c32933b7378c","first_seen":"2025-11-09T13:38:48.708329Z","last_seen":"2025-11-16T01:25:44.572059Z","times_seen":304,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/56060-8656721e7f9c8859.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/56060-8656721e7f9c8859.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kELmCQeMqQTde0cXUdzNKFWIDfn5PDIuIRMOhK0u7o3X6aN6Vkj4Khf8I4cgT0mDKbOooEy9CaTQeS9OKuif2CIPwQeLK8Gh\"}]}\r\ncf-ray: 99f030f98d6c56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10031,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10031), with no line terminators","md5":"6685f1c3cdf6f0d1227ab2b5af23a056","sha1":"491d91380ba5da6dcd5027bd954e6fe11103b18b","sha256":"237ff25124f0ca73e06c9e1d59caadd016273fa9b5b6bf211c991cc8d34d1b92","sha512":"6667f2ba323afce441aa6e23fdcb8504dfeda05286da37d594827c605042ba88ddd7bc5c6ec9565109d4a0ad4ddc9f8cdde4ca22cbb9eb8122b85ba04bf1d0b2","ssdeep":"192:/ztywjuim2pZQizyySL4tLg6SpiQhQ+YmzSRAz21OfsuAAuaSXCfb+e:/z9juim2xWySL4W6STYmzSRA61gEC5","tlshash":"4622ea847260793e1547866fd1be5516f27a292e382ed25433b9c83cfd21ac85336bec","first_seen":"2025-10-16T04:05:32.850927Z","last_seen":"2026-05-23T15:36:04.933982Z","times_seen":13094,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/58211-c087ffe3e38101f6.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/58211-c087ffe3e38101f6.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aJIUrUAgqWNeIM1tll9hptIY22SlITycb5vmGggwGR8fQ4ftzMOiTDryRaICvdhCl5o5f4CoD%2FrbU42dffSZ7vEnMbZDmWup\"}]}\r\ncf-ray: 99f030f98d7256be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39725,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39725), with no line terminators","md5":"f7d84948f8ca0ff495e7533d0969b670","sha1":"3330c776cfbb7ea04d30b89a9686eaea35f24747","sha256":"2180eecb87df810a0f91771ce87e9c4f6e185e9011d00147eef0ca9c7ed750c1","sha512":"04a5f0711a52dd8bcfe0ea6d66662ed5e0a8610c8caffe461a8c8178f8f40e55b4c40c7ea11716a7dce1631534f5e22f9c5d86393e31835bcc686e4aa6254c85","ssdeep":"768:01KE8vZ7HInPlFvvb5AvexGRrxVP1fr4UK1fWbqYsCL1fZnK+jBV9YCO:0voWV","tlshash":"f20399866740a83d2587c16fd63a6415f3bf14ebb92f9390219aca3cf506dc0f5365e8","first_seen":"2025-10-16T04:05:32.927959Z","last_seen":"2026-05-23T15:36:04.908314Z","times_seen":13052,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/app/global-error-84c26475654e8359.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/app/global-error-84c26475654e8359.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T4pESxgwqwSP%2B4Cw28vqOBeJEFrKAZkX5niN9HPmND7zkLDm1FZ8PWgCb%2FLAB8iBsKlL65l3zXd0j0UJAifIdawlbN9Os0pu\"}]}\r\ncf-ray: 99f030f9ad7d56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":258,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"86a0c59c18713dec34f72247f6404b91","sha1":"98f942f10f3985863957d5d9cd2abb5b24db53a2","sha256":"8ad3f0d37edae87defbd4bd0b5ad2ea68249e18b9a2e234e47528e91b7dce82f","sha512":"5546453fe918ab9bce3efc59242685291314a053c461bebd4d77f0b37d17bfc60ebf3d4bb03a9e808934fa0a31d566362831059a26704f5ecb09cca33b9ca1e9","ssdeep":"","tlshash":"bed0ebc202407cac74160b6c00b0d830300800b77018c8dee323ae2008624e00381c0c","first_seen":"2025-10-16T04:05:32.905383Z","last_seen":"2025-12-04T17:28:23.099055Z","times_seen":502,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/twq.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/twq.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3xbNpjon6xQJdikNui3WSeoAmCCXJ4%2Fczwl%2F%2FjeBVYbOabLJzD3HDG03ZVAXRuk5MbVP4974Xf%2BuFaNC%2F5m0R8mndbraJuVh\"}]}\r\ncf-ray: 99f030f9ad7f56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":308,"size_decoded":0,"mime_type":"application/javascript","magic":"CSV ASCII text","md5":"7f4d9e824f13f7d27acdc868f36f7208","sha1":"125a712d37aefe5d3e52ce2ae8986e109eb473de","sha256":"d6768cdba372d919e6d9322bf3cf3a0dfe427d86293aaf16f23d096028a00a1a","sha512":"d6395459961f34c3efc4c55ffa6bd873fbf20cf9aab17d31ec926d7ff645cfb9ae0cfea469b98e0604c5de162b60eb1bfc7b06a6fe91e3497f3a4fb32d29c20a","ssdeep":"","tlshash":"66e0e7f12d093d631fa11374117f931f3143210575595b91d59cd540376249f8037b8c","first_seen":"2025-03-19T10:41:28.935479Z","last_seen":"2026-05-23T15:36:04.893139Z","times_seen":15053,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/global/fonts/proxima_nova/ProximaNova-Bold.woff","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /global/fonts/proxima_nova/ProximaNova-Bold.woff HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/global/fonts/proxima_nova/stylesheet.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: font/woff\r\ncontent-length: 52068\r\npriority: u=4,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JHTxxgjHOpC7aMqxBQvt2Sp2wrdcMo%2BU82jeJ10BmVkY%2B8s2lCydfJG1oaUrhoV0gDiHORR%2BdMhvpxrbnamU3qit%2BFHUCfxd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99f030fc3d9d56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52068,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 52068, version 2.3","md5":"e2cf3dc2f079bf3d5185a02552f153c4","sha1":"9e900ba7e0890a12a5697fc7ce86c058b145d215","sha256":"99a24fdd4e16d8dd4fdd79a5dd2dd7b71c2c68473fd6b3cb4eca4fa3f33d9ac1","sha512":"1043f0d116fcda17bd933ff2594b7c79a1fd41259f28aa8283d90e1a56eb6b8830861f109f9eeb3b81d79408e8a6a3648d973ee8a42fb5c096b0f84138392935","ssdeep":"768:gUZ1BWLCju+iIoHoWcknJh+7x77rai9YTRPxnE6eWPeLJWPznTdpjXeE8vFmdn:fX6Cjuct8QxDai9YLE6eWGYfbX98vMd","tlshash":"2433f1a524350e2797b7f4fa349d0665cfc6024db42b55faa4cbca019a5bff8b530823","first_seen":"2023-04-07T12:58:50Z","last_seen":"2026-05-23T15:36:04.914062Z","times_seen":14180,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":90,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/css/aa3ab376f6f7b9cb.css","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/css/aa3ab376f6f7b9cb.css HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5pmyDKqX1oQseePBwJHN24LFZSlzsQBofmk2QCEGtsHjJgNMjanXcLEVLPIUxZXn1dDSPPQ2e%2FLLtsz6oAad0nmYsH%2FABlPq\"}]}\r\ncf-ray: 99f030f97d6156be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32336,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (32336), with no line terminators","md5":"4fad67bce627ad1aa3f857c06baea444","sha1":"a7224717ec5e0dc50977a9c2f4f56ad9751cd8f9","sha256":"3c4497f15eaf24083e5b6c10a35f842e01622c930a1d2c6ed53a03fcb0bc60a3","sha512":"be1b7e89e6e9d3a7bca9f216597619ebcc71c3a95be3d5c110558cdd19d4627b41342ffac751d2b22d314862217e6e024a11a29b9a01eae2ab719b15495cb303","ssdeep":"384:jjG5yVATipbkxh6X31is4c2khffIg+YpXWeMoo7lsH2wVZO3z2IgMrLA+kt8/mDS:vG5c5P4NVuvSOIcqH","tlshash":"c0e264629338f13cb477a94635816ede30648f17963396fae453a43dc0c7a9227a778c","first_seen":"2025-11-09T13:38:48.713499Z","last_seen":"2025-11-16T01:25:44.572533Z","times_seen":304,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winzzo.vip/_next/static/chunks/92148-f4aaff0397544571.js","fqdn":"winzzo.vip","domain":"winzzo.vip","tld":"vip"},"ip":{"addr":"104.21.82.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winzzo.vip/","date":"2025-11-15T16:40:36.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winzzo.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 11:14:55 GMT","end":"Mon, 09 Feb 2026 12:14:40 GMT"},"fingerprint":{"sha1":"65:19:79:D0:4C:E4:66:BF:97:10:E2:90:D0:9F:B6:F9:86:D1:67:34","sha256":"FF:A5:EA:87:0B:17:5D:83:B5:9F:B6:C5:75:D6:DA:D3:88:F4:5F:62:29:EC:CF:B8:04:1F:A8:0C:13:DC:12:6C"}}},"request":{"raw":"GET /_next/static/chunks/92148-f4aaff0397544571.js HTTP/1.1\r\nHost: winzzo.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winzzo.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 15 Nov 2025 16:40:36 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Origin, accept-encoding\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 15 Nov 2025 16:40:36 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xY7E59Nj%2F4czIfhId59s8PrEfEhE1x5J0Xmu%2BnzFbVdBorP6%2FTpvOPPWBPVDlaPEFfaDoVtjcYGByDz%2B2bCjZwb6JgE7wAHt\"}]}\r\ncf-ray: 99f030f99d7556be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16657,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16657), with no line terminators","md5":"e5a9fd6c13384f417dca9b4c6a264114","sha1":"af973071192ef3c9c7303f8bf652433313df5cd1","sha256":"1c118c9909b4025458035a8429166655f856ff6fe8e876f8473c864fc8b7e395","sha512":"e718174294504f8b2477aa8d18a04c1b8a41fefc2edcc184ca7e165d05a8ec0ba1f5cf02ee1a047aec26d1552f21baf7c5353f9515444a157aac1db75d0d4c6e","ssdeep":"384:DLtQxW+19Vd6J4FU0Zs1Th/ndpRqgG4gjbI3/ovs2GK/sYp3wm7GjUWybgAKJ7d2:dQE+buJZ0y15dpRk4y+gt7/sml7GAFs+","tlshash":"3472d95da3e6a5e8f503e3f8835bd8353aa72df56912cc246bf56c25d50008cb8a5cc7","first_seen":"2025-10-16T04:05:32.855496Z","last_seen":"2025-11-16T01:25:44.551607Z","times_seen":426,"resource_available":true,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-15","alert":"Phishing Block","trigger":"winzzo.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-15","alert":"Sinkholed","trigger":"winzzo.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}