{"report_id":"6a8b9668-94be-4c8d-b3dd-2b08ceb35599","version":6,"status":"done","tags":[],"date":"2025-12-18T04:34:38Z","url":{"schema":"http","addr":"rankjerryrounion.com/16f68668-e941-4297-9460-debcc6429d76/2?Zoneid=1093516\u0026feedId=197\u0026category=Unknown\u0026cost=0.001000\u0026click_id=GMUBOKugAWjQ-0dw8d7hAegBjN9CgALMh8DIvaSUlAM","fqdn":"rankjerryrounion.com","domain":"rankjerryrounion.com","tld":"com"},"ip":{"addr":"108.157.229.77","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"title":"H5-MCWK","dom":{"size":20364,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12161)","md5":"499d22dfa2f7c5ff1887f306cc4264c7","sha1":"c7813f6b6bffb04a3efbec1b7531bd723d3ff6a2","sha256":"f2f46b2ee197ba4ea316516c6169287b8e4a5f2c63111a6483d51d3dd62a1488","sha512":"eac39f5cdf1bcef6c7a730845ff126d86f4ca7740438c439d474bffe0beaa4991176c4258a4856af2ba4be4ef406a6f338a367f2f925de328d8090a1d40af9e1","ssdeep":"384:6jXRpXPTzTLHyVOwFmeDgmiIebZ/H2lkW20x:Jbzkbd6","tlshash":"7892cfb48f24dd5f07829ace88167f55424fce66e042529e2396dc9e4bc1ff98c8932c","dom_hash":"domhash6dcf20a2a103c58d4741926f17fb2e93","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rankjerryrounion.com/16f68668-e941-4297-9460-debcc6429d76/2?Zoneid=1093516\u0026feedId=197\u0026category=Unknown\u0026cost=0.001000\u0026click_id=GMUBOKugAWjQ-0dw8d7hAegBjN9CgALMh8DIvaSUlAM","fqdn":"rankjerryrounion.com","domain":"rankjerryrounion.com","tld":"com"},"ip":{"addr":"108.157.229.77","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-22T04:34:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"rankjerryrounion.com","ip":{"addr":"54.240.174.121","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2023-02-10","domain_rank":183023,"first_seen":"2023-02-21T05:25:30Z","last_seen":"2025-12-17T20:36:16.708016Z","alert_count":0,"request_count":1,"received_data":20706,"sent_data":637,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mcwkr88.net","ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-11","domain_rank":0,"first_seen":"2025-11-14T07:07:46.068434Z","last_seen":"2025-12-12T05:09:37.563454Z","alert_count":7,"request_count":7,"received_data":1296153,"sent_data":4940,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"img.m167cw.com","ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2023-03-20","domain_rank":1613941,"first_seen":"2023-04-01T22:03:51Z","last_seen":"2025-12-10T20:43:27.783518Z","alert_count":0,"request_count":5,"received_data":1816031,"sent_data":2210,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-14T22:13:59.416786Z","alert_count":0,"request_count":3,"received_data":82233,"sent_data":1572,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-14T22:17:06.291076Z","alert_count":0,"request_count":1,"received_data":7286,"sent_data":446,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/main.e16eb273f957a362.js?v=1766024140179","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1c387aaf5c1ffd8ed82a3b4fe80d52b6","sha1":"843b16bbeb0732b9e78d3a3530e0fab263c2c155","sha256":"3446c8b14215991859238d526ba9299f7d7fc20b011db2b51399daef90884c5a","sha512":"4f55f4d74f8237fe6084dde9fd37faba5866f45e245784ef3e12663ce199fb1132a69f876058b332bfe3db5a24c56854a315510b111842962fa6ec3df750f1e3","ssdeep":"24576:i4pQlMc1Mw1H12F1IhmP1BNNEKzDGlJnW:i4pQlMc1Mw1V81IhmP1BNN5mlJnW","tlshash":"2c854c857151b0e547a620f890774942f22e2d48754884acf2bcdcde7aead8d227bf7c","size":1759245,"data":"","first_seen":"2025-12-18T04:34:42.506857Z","last_seen":"2025-12-21T09:43:30.337457Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/8405.0c2e87b766384190.js","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce4d01d046c453c68a4d03d4bd94e6fe","sha1":"022853ab6055853ce601f93a7acbedf55c0d2e83","sha256":"4745b210335f6bab3e0274d1ef5ac51c1358b0b94773005383bae1686feecd82","sha512":"45eb5e495842631bc832ec5d561717b3176016802038e32314ed12be21026068a1baf17790c25095c3abfbfcc3c481d73e74d925904b7c780da5b001b6d2f312","ssdeep":"","tlshash":"614186d0339aac7d65d9d7f3622d4700990734c3f00d4cac3564cee25924e8a02afeb4","size":2317,"data":"","first_seen":"2024-06-07T08:57:51Z","last_seen":"2026-03-01T06:11:28.78854Z","times_seen":75,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"43e28c5553d54ed2964bd5147521769b","sha1":"0a2b8c3db330a47aa7b9195e6dfdf944adb9240d","sha256":"d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23","sha512":"6dda085e4196167cf64287cb675c05b09bdaa291decebd1bea2b52ccdbd380de5875dc233fa3d439559413693f1e7974f485d60a2c1541bf62a8887bf5ff9811","ssdeep":"","tlshash":"1b80000c0a20c0882a00af00e000c202a0c2200f0220238ce823bce2a83c888808fea0","size":38,"data":"","first_seen":"2023-04-10T16:02:06Z","last_seen":"2026-06-10T02:15:19.94892Z","times_seen":166105,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/runtime.eb2dedae6145b336.js?v=1766024140179","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e303e30547daf7c1a7d513b5b111fa7d","sha1":"a3b7da66c3688df6be2597e972754c0fb1c19f62","sha256":"6cc7103ec6ac048d96c8d458bc7e6d1c5a606850cf1743c1c613c09c14532a35","sha512":"b2469a1c1431a8d8169ef0bbba65a5f74982b82fe81db9d9299cc3994ea6ec544790738a1e2c23793b9b00a237362cdccb5d0ec29dacf331a86d1e176ad8e3ab","ssdeep":"96:AK2T5iNma8ZHJU5gPgZZUt2Jhka5HsZluCIK8+urEIAvNkkoQDVlVVMr+SdIsUpL:At8NsbUMt28a5MZluC1NrTvNkyDXAiDt","tlshash":"02c12bab7734ecf62d71a5c25c7aa9a0b90c7076350b58e0a79ed92d2105ef41713ea0","size":5732,"data":"","first_seen":"2025-12-18T04:34:42.504274Z","last_seen":"2026-01-03T05:36:41.504933Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/polyfills.8cffb59170402c19.js?v=1766024140179","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7be2de85f9cc7c352378f20d74f865b","sha1":"9ae1f12746a920be6cc093c91d1cf472c3590d6c","sha256":"d0cf0917739d9804df2d439bb737b39acf2db79db339a55331bb2f71ce22880a","sha512":"1c117012bfd87902fc4d6a63174f57770851fb77239164cc4821e2aa39a14432b5fd377ebddd85c715d3c25f3524d86b06fb384c1cf663e5b4b67b2662980cdd","ssdeep":"768:tex+qRHr9QkUFRQCGWpxPD+op7MZ9AD+7tzKN1pr7mneRYEPOyEoOfUAGM6miD1p:teTW9cdqEfAqok4tiTOj","tlshash":"8af219d67392b0b687f619b5913f8507e73625a4784c88e8f00d99da3c3700ae5a6f3d","size":34432,"data":"","first_seen":"2024-06-07T08:57:50Z","last_seen":"2026-03-01T06:11:28.958733Z","times_seen":75,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"rankjerryrounion.com/16f68668-e941-4297-9460-debcc6429d76/2?Zoneid=1093516\u0026feedId=197\u0026category=Unknown\u0026cost=0.001000\u0026click_id=GMUBOKugAWjQ-0dw8d7hAegBjN9CgALMh8DIvaSUlAM","fqdn":"rankjerryrounion.com","domain":"rankjerryrounion.com","tld":"com"},"ip":{"addr":"54.240.174.121","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T04:34:15.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rankjerryrounion.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 14 Dec 2025 00:00:00 GMT","end":"Tue, 12 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"AC:93:1D:12:F3:3A:83:98:AB:F0:23:0D:A6:3E:51:FF:30:F2:A6:FD","sha256":"BD:C3:8A:7A:7F:5A:2E:26:59:AB:22:28:99:E5:85:4A:FE:BB:D9:D7:E1:B6:F4:52:E6:64:FB:0B:7D:0A:B4:4F"}}},"request":{"raw":"GET /16f68668-e941-4297-9460-debcc6429d76/2?Zoneid=1093516\u0026feedId=197\u0026category=Unknown\u0026cost=0.001000\u0026click_id=GMUBOKugAWjQ-0dw8d7hAegBjN9CgALMh8DIvaSUlAM HTTP/1.1\r\nHost: rankjerryrounion.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-length: 0\r\nlocation: https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed\r\ndate: Thu, 18 Dec 2025 04:34:15 GMT\r\nserver: nginx\r\ncache-control: no-store, no-cache, pre-check=0, post-check=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nset-cookie: 16f68668-e941-4297-9460-debcc6429d76-v4=QCwDDxjUCQSHehAzjK_rpiza5xzD8YSi-RWTcEypKCA; Max-Age=86400; Expires=Fri, 19 Dec 2025 04:34:15 GMT; Domain=rankjerryrounion.com; Path=/; Secure; HttpOnly; SameSite=None\ncc-v4=ZalTch6Tdw52ff2fuC17ggc5894pq06BHVlvN28tObM4SWZUUNpcdd6OpHbyjpccvgsnYREIPS6%2B5FJwE706UuXhRWxriZ7ln6Bf%2Br5mC3YU3sJxgpAZStEAQ%2Bs7G59voRjLbYLZlxAD%2BV2Mn3ZG%2Fg%3D%3D; Max-Age=31536000; Expires=Fri, 18 Dec 2026 04:34:15 GMT; Domain=rankjerryrounion.com; Path=/; Secure; HttpOnly; SameSite=None\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: uXQuOVVTW3q_29WLoT0vfjiysqpMuP7ACRa2vkDBN_pVdqz0Nb9tuA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19623,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":668,"timings":{"blocked":318,"dns":26,"connect":7,"send":0,"wait":32,"receive":0,"ssl":282},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T04:34:15.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcwkr88.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 03:08:43 GMT","end":"Thu, 05 Feb 2026 04:08:36 GMT"},"fingerprint":{"sha1":"D6:D1:B0:FF:25:2B:E0:1A:E4:B3:1D:22:32:48:7C:B1:8F:00:A6:53","sha256":"EA:D4:4A:AD:81:3D:9F:FE:CD:71:4C:29:FF:C7:6F:F1:D4:51:55:69:EE:C2:8F:7E:71:8B:44:3C:CA:13:C6:1C"}}},"request":{"raw":"GET /af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed HTTP/1.1\r\nHost: mcwkr88.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 04:34:15 GMT\r\ncontent-type: text/html\r\ncontent-encoding: gzip\r\nset-cookie: JSESSIONID=7EDCDA920F91DAC3FD9C6B129CAF0FEE; Path=/; HttpOnly\nroute=inhouseweb07; Path=/\n__cflb=02DiuFwPNmzVWpLerEWed13famD3tAxGw1g8YsiwrzPJU; SameSite=None; Secure; path=/; expires=Fri, 19-Dec-25 03:34:15 GMT; HttpOnly\n_cfuvid=m.w62t4FWlgSV3qpHrYOZoNXwqZg361eDLdOvcy5R5c-1766032455720-0.0.1.1-604800000; path=/; domain=.mcwkr88.net; HttpOnly; Secure; SameSite=None\r\ncontent-disposition: inline; filename=\"index.html\"\r\nvary: Accept-encoding\r\ncf-cache-status: DYNAMIC\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\ncf-ray: 9afbf25e9ae3b1b8-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":19623,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (11597)","md5":"72ecc131bbe043a5bab454fdc41a6bf6","sha1":"e9bf8df6452bdab0336372e761b00c9f7f92f94b","sha256":"e5ceacd5c0034609590cf5af544c49dac3bbe9143b820f1638b46e581b51ba29","sha512":"9313661d1550c79fd495ff6bcdd85626f5efc931c0b6a5eb5122cf134f8094e41f688abe95f54cf8f0140b79d0a9aa781a33f5109941a64b4c72877993e60f83","ssdeep":"192:7jXR3ZXOSTzTLHyjaJMqL9XoEwF89VeuW+c3E6X5GF1lIReB0vZyFCV7pybTH8I3:7jXRpXPTzTLHyTOwFmeDkWgy+BnkW20x","tlshash":"a592dff09f24cd6f5b82da8e48167f19418fce56e442525e23829c9e87c2bf99c8d31d","first_seen":"2025-12-18T04:34:42.494748Z","last_seen":"2025-12-18T04:35:26.557446Z","times_seen":2,"resource_available":false,"data":null}},"time_used":408,"timings":{"blocked":73,"dns":56,"connect":1,"send":0,"wait":262,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/polyfills.8cffb59170402c19.js?v=1766024140179","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:15.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.m167cw.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 24 Jan 2025 00:00:00 GMT","end":"Mon, 23 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CC:AB:D2:B5:42:9D:EC:CF:15:BD:F9:7A:4E:F9:8D:49:01:A9:9C:B4","sha256":"77:BD:59:88:C5:59:8D:EE:1E:2F:D2:BA:5D:B1:3D:73:F4:56:5E:EB:07:62:40:E4:CF:C2:43:87:FC:3B:32:BA"}}},"request":{"raw":"GET /mcwk/h5/polyfills.8cffb59170402c19.js?v=1766024140179 HTTP/1.1\r\nHost: img.m167cw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mcwkr88.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Thu, 18 Dec 2025 04:34:17 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, PUT, POST\r\nlast-modified: Thu, 18 Dec 2025 03:06:29 GMT\r\ncontent-encoding: br\r\nserver: AmazonS3\r\netag: W/\"f7be2de85f9cc7c352378f20d74f865b\"\r\nvary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 1b7f8001b2b06f9624559a35b6822156.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: HJSEXih-BDsqr-kk6YUDwHiCSLVT8qWckUiuwt0PKteBfn-iORV2gA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":34432,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (34432), with no line terminators","md5":"f7be2de85f9cc7c352378f20d74f865b","sha1":"9ae1f12746a920be6cc093c91d1cf472c3590d6c","sha256":"d0cf0917739d9804df2d439bb737b39acf2db79db339a55331bb2f71ce22880a","sha512":"1c117012bfd87902fc4d6a63174f57770851fb77239164cc4821e2aa39a14432b5fd377ebddd85c715d3c25f3524d86b06fb384c1cf663e5b4b67b2662980cdd","ssdeep":"768:tex+qRHr9QkUFRQCGWpxPD+op7MZ9AD+7tzKN1pr7mneRYEPOyEoOfUAGM6miD1p:teTW9cdqEfAqok4tiTOj","tlshash":"8af219d67392b0b687f619b5913f8507e73625a4784c88e8f00d99da3c3700ae5a6f3d","first_seen":"2024-06-07T08:57:50Z","last_seen":"2026-03-01T06:11:28.958733Z","times_seen":75,"resource_available":true,"data":null}},"time_used":820,"timings":{"blocked":296,"dns":21,"connect":10,"send":0,"wait":219,"receive":0,"ssl":266},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/assets/images/icon-set/base/announcement-icon.svg","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcwkr88.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 03:08:43 GMT","end":"Thu, 05 Feb 2026 04:08:36 GMT"},"fingerprint":{"sha1":"D6:D1:B0:FF:25:2B:E0:1A:E4:B3:1D:22:32:48:7C:B1:8F:00:A6:53","sha256":"EA:D4:4A:AD:81:3D:9F:FE:CD:71:4C:29:FF:C7:6F:F1:D4:51:55:69:EE:C2:8F:7E:71:8B:44:3C:CA:13:C6:1C"}}},"request":{"raw":"GET /assets/images/icon-set/base/announcement-icon.svg HTTP/1.1\r\nHost: mcwkr88.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mcwkr88.net/standard-mobile.css?v=1766024140179\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=7EDCDA920F91DAC3FD9C6B129CAF0FEE; route=inhouseweb07; __cflb=02DiuFwPNmzVWpLerEWed13famD3tAxGw1g8YsiwrzPJU; _cfuvid=m.w62t4FWlgSV3qpHrYOZoNXwqZg361eDLdOvcy5R5c-1766032455720-0.0.1.1-604800000\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 04:34:16 GMT\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\ncontent-disposition: inline; filename=\"announcement-icon.svg\"\r\nlast-modified: Thu, 18 Dec 2025 04:34:16 GMT\r\ncf-cache-status: HIT\r\nage: 0\r\nexpires: Thu, 01 Jan 2026 04:34:16 GMT\r\ncache-control: public, max-age=1209600\r\nvary: Accept-Encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\ncf-ray: 9afbf2633fc3b1b8-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3665,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"228a8800ed5200a360852d0177590e8c","sha1":"935a73f4846cb78c01e8a7be4d38c1af2c5a1352","sha256":"e1b39492f34f7a0553ab1140ee4d219c4ec6a5fe4f1aa9d969d3c1c0b9df106f","sha512":"694de38eb51052ac4d945d068644860ea52af5b9c3c1e287141e72fc74a3dc748bfb0be45ba9129aa5e38aecd2063e23664bddfba141addc2add6552583ff71e","ssdeep":"","tlshash":"fa715360c67abaa19219caee131310b3e4b21cdc6f83d75161cf4f416f100f64ba69f9","first_seen":"2023-08-07T05:36:38Z","last_seen":"2026-05-29T05:41:44.064549Z","times_seen":567,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":319,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/jost/v20/92zatBhPNqw73oTd4g.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"FF:92:1F:D0:E9:98:18:CB:FA:1B:90:BE:3E:B9:41:44:DE:05:28:15","sha256":"0C:A2:FB:F0:F6:40:B0:82:E4:FB:1A:51:96:48:D8:22:C9:05:C4:41:67:1F:41:D4:8C:F2:B6:85:A4:D2:3A:AF"}}},"request":{"raw":"GET /s/jost/v20/92zatBhPNqw73oTd4g.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mcwkr88.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26576\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 15 Dec 2025 16:19:16 GMT\r\nexpires: Tue, 15 Dec 2026 16:19:16 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:31:07 GMT\r\ncontent-type: font/woff2\r\nage: 216900\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26576,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26576, version 1.0","md5":"928f4210aa4859fcfdb853d2c6329589","sha1":"d3fc5b412c86d44da139622eb1712e22c3c510e0","sha256":"7726a5cd6f3c0e876c028ea2a643d45f7aad4b0f164b70966c669f4a4668f4b9","sha512":"41af246a04d784717cf33d2b4d03aaf639f37e4b1fa71694efeb65cc17369b4634ba6f51c202411b566c1f14f20cb69aba3f60a76ee740365fa9b135a51e878d","ssdeep":"768:c/bdLR0K3WlvjqHiGVNQsbQbVBjDcOrMNZYYH4V+:wTzW7qHijHVBjRrM3BY4","tlshash":"dac2e0c934e88a02d2cce133115e65511f98e170ba4e55aed5efe1dfcd98b403d88e86","first_seen":"2024-09-30T20:29:44Z","last_seen":"2026-06-10T01:04:20.648771Z","times_seen":22624,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":65,"dns":0,"connect":7,"send":0,"wait":8,"receive":7,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/8405.0c2e87b766384190.js","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.m167cw.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 24 Jan 2025 00:00:00 GMT","end":"Mon, 23 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CC:AB:D2:B5:42:9D:EC:CF:15:BD:F9:7A:4E:F9:8D:49:01:A9:9C:B4","sha256":"77:BD:59:88:C5:59:8D:EE:1E:2F:D2:BA:5D:B1:3D:73:F4:56:5E:EB:07:62:40:E4:CF:C2:43:87:FC:3B:32:BA"}}},"request":{"raw":"GET /mcwk/h5/8405.0c2e87b766384190.js HTTP/1.1\r\nHost: img.m167cw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mcwkr88.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Thu, 18 Dec 2025 03:46:09 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, PUT, POST\r\nlast-modified: Thu, 18 Dec 2025 03:05:22 GMT\r\ncontent-encoding: br\r\nserver: AmazonS3\r\netag: W/\"ce4d01d046c453c68a4d03d4bd94e6fe\"\r\nvary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 1b7f8001b2b06f9624559a35b6822156.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: QTBjyWkhr6wQb8igfgi4okdBJ0PZJ2vcJVjk-XvOG6T91268SZMZsQ==\r\nage: 2888\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":2317,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2317), with no line terminators","md5":"ce4d01d046c453c68a4d03d4bd94e6fe","sha1":"022853ab6055853ce601f93a7acbedf55c0d2e83","sha256":"4745b210335f6bab3e0274d1ef5ac51c1358b0b94773005383bae1686feecd82","sha512":"45eb5e495842631bc832ec5d561717b3176016802038e32314ed12be21026068a1baf17790c25095c3abfbfcc3c481d73e74d925904b7c780da5b001b6d2f312","ssdeep":"","tlshash":"614186d0339aac7d65d9d7f3622d4700990734c3f00d4cac3564cee25924e8a02afeb4","first_seen":"2024-06-07T08:57:51Z","last_seen":"2026-03-01T06:11:28.78854Z","times_seen":75,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/standard-desktop.css?v=1766024140179","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcwkr88.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 03:08:43 GMT","end":"Thu, 05 Feb 2026 04:08:36 GMT"},"fingerprint":{"sha1":"D6:D1:B0:FF:25:2B:E0:1A:E4:B3:1D:22:32:48:7C:B1:8F:00:A6:53","sha256":"EA:D4:4A:AD:81:3D:9F:FE:CD:71:4C:29:FF:C7:6F:F1:D4:51:55:69:EE:C2:8F:7E:71:8B:44:3C:CA:13:C6:1C"}}},"request":{"raw":"GET /standard-desktop.css?v=1766024140179 HTTP/1.1\r\nHost: mcwkr88.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=7EDCDA920F91DAC3FD9C6B129CAF0FEE; route=inhouseweb07; __cflb=02DiuFwPNmzVWpLerEWed13famD3tAxGw1g8YsiwrzPJU; _cfuvid=m.w62t4FWlgSV3qpHrYOZoNXwqZg361eDLdOvcy5R5c-1766032455720-0.0.1.1-604800000\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 04:34:16 GMT\r\ncontent-type: text/css\r\ncf-ray: 9afbf2664b53b1b8-OSL\r\ncontent-disposition: inline; filename=\"standard-desktop.css\"\r\ncontent-encoding: gzip\r\nvary: Accept-encoding\r\nlast-modified: Thu, 18 Dec 2025 03:46:09 GMT\r\ncf-cache-status: HIT\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":647476,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4ef8c69e961362cd4785de99469d0caf","sha1":"daaa4696ee03a38e3fa5f1ca2e0fd6468e237a87","sha256":"afe4210b8ecccb888ede1f8474c709a33e4bab900d8a2186ac8c139e0e3b2129","sha512":"c216b91ddc085c1fc52a67c5b1040fa2499f00d0904755091c313f29fa2bf04a577b4af2d2641c292149b93b9435c8f721b8f9c6244fcd399fb4af0e495ad621","ssdeep":"12288:zCX8rVp1vfXRXeXaXDjqzzm4FoxnGrCgmDmPmwmNmnmFmQxmQImvmwmQFmQNmQKV:3rVp1vfXRXeXaXDjqzzm4FoorCgmDmPB","tlshash":"43d4c869e404103dac2793977ee8aa8c5538e442fd53cd9cb213adb457cf6eb05b260b","first_seen":"2025-12-18T04:34:42.498096Z","last_seen":"2026-01-07T17:39:26.023763Z","times_seen":31,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Jost:wght@300;400;500;600;700;900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:15.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"DF:9F:85:F6:4A:53:64:E2:D3:A4:9C:9B:0A:4D:88:F2:DD:8C:92:6C","sha256":"99:65:94:2E:11:0B:3A:F6:B6:E7:38:F9:58:D0:01:2A:B6:CA:D4:2D:38:BB:87:ED:72:23:CA:63:32:85:95:35"}}},"request":{"raw":"GET /css2?family=Jost:wght@300;400;500;600;700;900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 18 Dec 2025 04:34:16 GMT\r\ndate: Thu, 18 Dec 2025 04:34:16 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6600,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"2cce683bafe05b99c21728d4798266e8","sha1":"1f1ec73c7438af8c9c7ac49fe2e0fbee4ee6ebeb","sha256":"7778af1d2dea8ddbe08ce3996b231e224d4f1a38afabc85f97053aa27f2dc05f","sha512":"e5c3ab212d6b1f2006e73ba5b15e8e56dbd1bd45a4393108e84c09d451f36e600bae20c046d5e935d49c3830ac0db9a0595edd954f2b52f2d0c70cc6d668a808","ssdeep":"96:JCO1amFZvO1avJc+uhO1aDNMCOEamFZvOEavJc+uhOEaDNMCOXamFZvOXavJc+u9:Jo6ryGVbrTG20rMGz9r1Gs+rWGaIrwy","tlshash":"e3d1b091042be900eb931cc277cebe379e0f61556844c5398efd04d8ec9ed69436170d","first_seen":"2025-09-11T05:34:44.192195Z","last_seen":"2026-05-29T05:41:44.224584Z","times_seen":360,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":138,"dns":1,"connect":7,"send":0,"wait":19,"receive":0,"ssl":131},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/standard-mobile.css?v=1766024140179","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:15.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcwkr88.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 03:08:43 GMT","end":"Thu, 05 Feb 2026 04:08:36 GMT"},"fingerprint":{"sha1":"D6:D1:B0:FF:25:2B:E0:1A:E4:B3:1D:22:32:48:7C:B1:8F:00:A6:53","sha256":"EA:D4:4A:AD:81:3D:9F:FE:CD:71:4C:29:FF:C7:6F:F1:D4:51:55:69:EE:C2:8F:7E:71:8B:44:3C:CA:13:C6:1C"}}},"request":{"raw":"GET /standard-mobile.css?v=1766024140179 HTTP/1.1\r\nHost: mcwkr88.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=7EDCDA920F91DAC3FD9C6B129CAF0FEE; route=inhouseweb07; __cflb=02DiuFwPNmzVWpLerEWed13famD3tAxGw1g8YsiwrzPJU; _cfuvid=m.w62t4FWlgSV3qpHrYOZoNXwqZg361eDLdOvcy5R5c-1766032455720-0.0.1.1-604800000\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 04:34:16 GMT\r\ncontent-type: text/css\r\ncf-ray: 9afbf2619dcfb1b8-OSL\r\ncontent-disposition: inline; filename=\"standard-mobile.css\"\r\ncontent-encoding: gzip\r\nvary: Accept-encoding\r\nlast-modified: Thu, 18 Dec 2025 03:46:05 GMT\r\ncf-cache-status: HIT\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":600280,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"55e87f8ac20a338098ba83b34ba2f4ae","sha1":"7850da24b8b8f16243404bbe47a98ac0f2ce9ec1","sha256":"2ba1c57afc6c5d1b1f903b6f2548003fb156301ad5c65a496e2e4467827c3c81","sha512":"7be3fdaadb208fa36c3d5361f61fa906202cdd24c0039653a7e4a26fa5b309cb2408c5e6852355734f1808ed461c289b5349c184182e39370535415dbcf69ac5","ssdeep":"12288:ZGt4kVz2vsXGXKXaXDkYzzm4FOWVGfCKmDmPmwmXmnmGmQxmQImvm1mQFmQNmQKQ:RkVz2vsXGXKXaXDkYzzm4FOTfCKmDmP2","tlshash":"2ad4c7719600203d9c2b935b79e4ea5c553de403fe63ceadb302ad7547cb5ea12b260b","first_seen":"2025-12-18T04:34:42.499626Z","last_seen":"2026-01-07T17:39:26.009715Z","times_seen":31,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/assets/images/dark/logo.webp?v=1766024140179","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcwkr88.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 03:08:43 GMT","end":"Thu, 05 Feb 2026 04:08:36 GMT"},"fingerprint":{"sha1":"D6:D1:B0:FF:25:2B:E0:1A:E4:B3:1D:22:32:48:7C:B1:8F:00:A6:53","sha256":"EA:D4:4A:AD:81:3D:9F:FE:CD:71:4C:29:FF:C7:6F:F1:D4:51:55:69:EE:C2:8F:7E:71:8B:44:3C:CA:13:C6:1C"}}},"request":{"raw":"GET /assets/images/dark/logo.webp?v=1766024140179 HTTP/1.1\r\nHost: mcwkr88.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=7EDCDA920F91DAC3FD9C6B129CAF0FEE; route=inhouseweb07; __cflb=02DiuFwPNmzVWpLerEWed13famD3tAxGw1g8YsiwrzPJU; _cfuvid=m.w62t4FWlgSV3qpHrYOZoNXwqZg361eDLdOvcy5R5c-1766032455720-0.0.1.1-604800000\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 04:34:16 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11686\r\ncf-ray: 9afbf2633fc1b1b8-OSL\r\ncontent-disposition: inline; filename=\"logo.webp\"\r\ncache-control: public, max-age=1209600\r\naccept-ranges: bytes\r\nlast-modified: Thu, 18 Dec 2025 03:46:08 GMT\r\nexpires: Thu, 01 Jan 2026 04:34:16 GMT\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11686,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cfb28736f353ea784c3d9557a097e475","sha1":"34d024f386026c8b8acff6ed7c3e303dd6288143","sha256":"cba09f717d87692cdb5aaae5c7805aaa774ece6540f463acf44c784b26c7038d","sha512":"93c8003285ffb14fb45e2437f9c71514de17a3bd6b1b1c00649d4dd0c681399fdbcb69e23718e1e2de018224840ed835a1e386c63280e3431295e9b2bd602809","ssdeep":"192:uksRJPEoHNtAfq8JBOzynqkxWUCmuvxsMdZRYcgGst+HtwKaEKPTcHq8L/lB:tsfPEoHwJYzGsNmMdn/yKv1Hr","tlshash":"6732b0cfa741138b41888ff90669b43e0a6f9b0e8f57158b0fa09b5d7875c6441ae1b4","first_seen":"2025-12-03T04:35:03.928919Z","last_seen":"2026-05-29T05:41:43.989724Z","times_seen":112,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/jost/v20/92zatBhPNqw73oTd4g.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"FF:92:1F:D0:E9:98:18:CB:FA:1B:90:BE:3E:B9:41:44:DE:05:28:15","sha256":"0C:A2:FB:F0:F6:40:B0:82:E4:FB:1A:51:96:48:D8:22:C9:05:C4:41:67:1F:41:D4:8C:F2:B6:85:A4:D2:3A:AF"}}},"request":{"raw":"GET /s/jost/v20/92zatBhPNqw73oTd4g.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mcwkr88.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26576\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 15 Dec 2025 16:19:16 GMT\r\nexpires: Tue, 15 Dec 2026 16:19:16 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:31:07 GMT\r\ncontent-type: font/woff2\r\nage: 216900\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26576,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26576, version 1.0","md5":"928f4210aa4859fcfdb853d2c6329589","sha1":"d3fc5b412c86d44da139622eb1712e22c3c510e0","sha256":"7726a5cd6f3c0e876c028ea2a643d45f7aad4b0f164b70966c669f4a4668f4b9","sha512":"41af246a04d784717cf33d2b4d03aaf639f37e4b1fa71694efeb65cc17369b4634ba6f51c202411b566c1f14f20cb69aba3f60a76ee740365fa9b135a51e878d","ssdeep":"768:c/bdLR0K3WlvjqHiGVNQsbQbVBjDcOrMNZYYH4V+:wTzW7qHijHVBjRrM3BY4","tlshash":"dac2e0c934e88a02d2cce133115e65511f98e170ba4e55aed5efe1dfcd98b403d88e86","first_seen":"2024-09-30T20:29:44Z","last_seen":"2026-06-10T01:04:20.648771Z","times_seen":22624,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":99,"dns":0,"connect":23,"send":0,"wait":8,"receive":3,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/assets/images/icons/PWAicon-512px.png?v=1766024140179","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.m167cw.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 24 Jan 2025 00:00:00 GMT","end":"Mon, 23 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CC:AB:D2:B5:42:9D:EC:CF:15:BD:F9:7A:4E:F9:8D:49:01:A9:9C:B4","sha256":"77:BD:59:88:C5:59:8D:EE:1E:2F:D2:BA:5D:B1:3D:73:F4:56:5E:EB:07:62:40:E4:CF:C2:43:87:FC:3B:32:BA"}}},"request":{"raw":"GET /mcwk/h5/assets/images/icons/PWAicon-512px.png?v=1766024140179 HTTP/1.1\r\nHost: img.m167cw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 11395\r\ndate: Thu, 18 Dec 2025 04:34:17 GMT\r\nlast-modified: Thu, 18 Dec 2025 03:06:09 GMT\r\netag: \"6bb4b3d7094a121902fa955fd405817c\"\r\nserver: AmazonS3\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 1b7f8001b2b06f9624559a35b6822156.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: ekuiaHf_NXubDZda4GduvBtLJ8w04ijaTRFdlNOxPQ2TWjj-7kY0fQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":11395,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit colormap, non-interlaced","md5":"6bb4b3d7094a121902fa955fd405817c","sha1":"e6411474c6fd87f2884aa8c0e99cebfde49a971d","sha256":"64ff3b4e172dc5ba42e73a4372df6a6639b6db8db9fb53d56a48b766cdad9dc5","sha512":"ca15b5828fbe9fde3f9029a76f5c5dbaeb1e686006f09be241759bd7625a48071108b03bf6bcb0f55aec6f5640324c55af0677f3ae17747762a1a99b789cdf26","ssdeep":"192:1coPrOMeEFJ/odCgAY9GVqnxRmquHoLkeLBiUdIQLAgysOyCb14V4:djelXUqxwquHyBiBJJyqc4","tlshash":"f032c0469883bcbcd1dabefd06912780fcc198f9e91084e52fa0179c1a5db5f4c82ed8","first_seen":"2024-05-10T14:53:52Z","last_seen":"2026-05-29T05:41:44.117013Z","times_seen":303,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":406,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/assets/images/favicon.png","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcwkr88.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 03:08:43 GMT","end":"Thu, 05 Feb 2026 04:08:36 GMT"},"fingerprint":{"sha1":"D6:D1:B0:FF:25:2B:E0:1A:E4:B3:1D:22:32:48:7C:B1:8F:00:A6:53","sha256":"EA:D4:4A:AD:81:3D:9F:FE:CD:71:4C:29:FF:C7:6F:F1:D4:51:55:69:EE:C2:8F:7E:71:8B:44:3C:CA:13:C6:1C"}}},"request":{"raw":"GET /assets/images/favicon.png HTTP/1.1\r\nHost: mcwkr88.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=7EDCDA920F91DAC3FD9C6B129CAF0FEE; route=inhouseweb07; __cflb=02DiuFwPNmzVWpLerEWed13famD3tAxGw1g8YsiwrzPJU; _cfuvid=m.w62t4FWlgSV3qpHrYOZoNXwqZg361eDLdOvcy5R5c-1766032455720-0.0.1.1-604800000\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 04:34:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 1018\r\ncf-ray: 9afbf265aa95b1b8-OSL\r\ncontent-disposition: inline; filename=\"favicon.png\"\r\ncache-control: public, max-age=1209600\r\naccept-ranges: bytes\r\nlast-modified: Mon, 15 Dec 2025 11:39:45 GMT\r\nexpires: Thu, 01 Jan 2026 04:34:16 GMT\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1018,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 40, 8-bit colormap, non-interlaced","md5":"1ad2783a047fad14f2350b053512a1d2","sha1":"b64975c56b5c01d13da2bda1c6f0eb2eddd3ae0c","sha256":"6090c483fc5ae494228f08bba3bdae6bc5df03961f5c3ef6fd977b6492b9efc1","sha512":"416868f130112a37f6ba717bdd9eb5d8b667de904b6034ea1e87c79d44ad7fa5a96d0948bda8d05c1b3c5a97895f59e2f03ed39b2afd534972834f9d5386b5fa","ssdeep":"","tlshash":"0b11d861bc807be86e5b6b31efd044f1ea1f3c45370047a9410d482091607135df8a5f","first_seen":"2024-05-10T14:53:52Z","last_seen":"2026-05-29T05:41:44.118481Z","times_seen":301,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/jost/v20/92zatBhPNqw73oTd4g.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"FF:92:1F:D0:E9:98:18:CB:FA:1B:90:BE:3E:B9:41:44:DE:05:28:15","sha256":"0C:A2:FB:F0:F6:40:B0:82:E4:FB:1A:51:96:48:D8:22:C9:05:C4:41:67:1F:41:D4:8C:F2:B6:85:A4:D2:3A:AF"}}},"request":{"raw":"GET /s/jost/v20/92zatBhPNqw73oTd4g.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mcwkr88.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26576\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 15 Dec 2025 16:19:16 GMT\r\nexpires: Tue, 15 Dec 2026 16:19:16 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:31:07 GMT\r\ncontent-type: font/woff2\r\nage: 216900\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26576,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26576, version 1.0","md5":"928f4210aa4859fcfdb853d2c6329589","sha1":"d3fc5b412c86d44da139622eb1712e22c3c510e0","sha256":"7726a5cd6f3c0e876c028ea2a643d45f7aad4b0f164b70966c669f4a4668f4b9","sha512":"41af246a04d784717cf33d2b4d03aaf639f37e4b1fa71694efeb65cc17369b4634ba6f51c202411b566c1f14f20cb69aba3f60a76ee740365fa9b135a51e878d","ssdeep":"768:c/bdLR0K3WlvjqHiGVNQsbQbVBjDcOrMNZYYH4V+:wTzW7qHijHVBjRrM3BY4","tlshash":"dac2e0c934e88a02d2cce133115e65511f98e170ba4e55aed5efe1dfcd98b403d88e86","first_seen":"2024-09-30T20:29:44Z","last_seen":"2026-06-10T01:04:20.648771Z","times_seen":22624,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":103,"dns":1,"connect":20,"send":0,"wait":8,"receive":3,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcwkr88.net/api/bt/v1/setting/getCurrencyMapping","fqdn":"mcwkr88.net","domain":"mcwkr88.net","tld":"net"},"ip":{"addr":"104.18.23.103","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:16.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcwkr88.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 03:08:43 GMT","end":"Thu, 05 Feb 2026 04:08:36 GMT"},"fingerprint":{"sha1":"D6:D1:B0:FF:25:2B:E0:1A:E4:B3:1D:22:32:48:7C:B1:8F:00:A6:53","sha256":"EA:D4:4A:AD:81:3D:9F:FE:CD:71:4C:29:FF:C7:6F:F1:D4:51:55:69:EE:C2:8F:7E:71:8B:44:3C:CA:13:C6:1C"}}},"request":{"raw":"GET /api/bt/v1/setting/getCurrencyMapping HTTP/1.1\r\nHost: mcwkr88.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: JSESSIONID=7EDCDA920F91DAC3FD9C6B129CAF0FEE; route=inhouseweb07; __cflb=02DiuFwPNmzVWpLerEWed13famD3tAxGw1g8YsiwrzPJU; _cfuvid=m.w62t4FWlgSV3qpHrYOZoNXwqZg361eDLdOvcy5R5c-1766032455720-0.0.1.1-604800000\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Thu, 18 Dec 2025 04:34:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncf-mitigated: challenge\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nserver-timing: chlray;desc=\"9afbf265eadbb1b8\"\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nvary: Accept-Encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\ncf-ray: 9afbf265eadbb1b8-OSL\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7288,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (7288), with no line terminators","md5":"c358acc99ee110752fcda19ee9de927c","sha1":"5d978e13cd8523d71f0154513e65bb198de040c0","sha256":"f3f9e2e3ecd0cff0a881144609411e816bea544011fcfc5957e81bd3c89b01f9","sha512":"d971290aaa883bc9714c996f493ed09a9f5226bbf206170d152df8ca1474da7fa803da76e5325df4a6e9aa5a5fcfb397aa9f6507e8316bcd84ba6a1d013a6f1b","ssdeep":"192:PNadBpOwyFux9/f3CJd1IjgiFkpsnTayew:01lyFub6JagiFlT0w","tlshash":"fae17ca79e725477d37e1ae1c4bbb3842316a550930ac026f2d1ee8c85cff4f419e646","first_seen":"2025-12-18T04:34:42.503262Z","last_seen":"2025-12-18T04:34:42.503262Z","times_seen":1,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"mcwkr88.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/runtime.eb2dedae6145b336.js?v=1766024140179","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:15.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.m167cw.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 24 Jan 2025 00:00:00 GMT","end":"Mon, 23 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CC:AB:D2:B5:42:9D:EC:CF:15:BD:F9:7A:4E:F9:8D:49:01:A9:9C:B4","sha256":"77:BD:59:88:C5:59:8D:EE:1E:2F:D2:BA:5D:B1:3D:73:F4:56:5E:EB:07:62:40:E4:CF:C2:43:87:FC:3B:32:BA"}}},"request":{"raw":"GET /mcwk/h5/runtime.eb2dedae6145b336.js?v=1766024140179 HTTP/1.1\r\nHost: img.m167cw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mcwkr88.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Thu, 18 Dec 2025 03:45:40 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, PUT, POST\r\nlast-modified: Thu, 18 Dec 2025 03:06:29 GMT\r\ncontent-encoding: br\r\nserver: AmazonS3\r\netag: W/\"e303e30547daf7c1a7d513b5b111fa7d\"\r\nvary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 1b7f8001b2b06f9624559a35b6822156.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: kHeROWh2V4pVukRt8bZm_dPurO3Ifsp9szcaYsL7xOSYpzeHz_P-Kg==\r\nage: 2917\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5732,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5732), with no line terminators","md5":"e303e30547daf7c1a7d513b5b111fa7d","sha1":"a3b7da66c3688df6be2597e972754c0fb1c19f62","sha256":"6cc7103ec6ac048d96c8d458bc7e6d1c5a606850cf1743c1c613c09c14532a35","sha512":"b2469a1c1431a8d8169ef0bbba65a5f74982b82fe81db9d9299cc3994ea6ec544790738a1e2c23793b9b00a237362cdccb5d0ec29dacf331a86d1e176ad8e3ab","ssdeep":"96:AK2T5iNma8ZHJU5gPgZZUt2Jhka5HsZluCIK8+urEIAvNkkoQDVlVVMr+SdIsUpL:At8NsbUMt28a5MZluC1NrTvNkyDXAiDt","tlshash":"02c12bab7734ecf62d71a5c25c7aa9a0b90c7076350b58e0a79ed92d2105ef41713ea0","first_seen":"2025-12-18T04:34:42.504274Z","last_seen":"2026-01-03T05:36:41.504933Z","times_seen":5,"resource_available":true,"data":null}},"time_used":621,"timings":{"blocked":291,"dns":22,"connect":8,"send":0,"wait":31,"receive":0,"ssl":264},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.m167cw.com/mcwk/h5/main.e16eb273f957a362.js?v=1766024140179","fqdn":"img.m167cw.com","domain":"m167cw.com","tld":"com"},"ip":{"addr":"3.167.2.110","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mcwkr88.net/af/Xj9AgKFs/rllrdskrpu?cid=wusai3ccssdnmkue3p3emua0\u0026utm_campaign=paidmed","date":"2025-12-18T04:34:15.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.m167cw.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 24 Jan 2025 00:00:00 GMT","end":"Mon, 23 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CC:AB:D2:B5:42:9D:EC:CF:15:BD:F9:7A:4E:F9:8D:49:01:A9:9C:B4","sha256":"77:BD:59:88:C5:59:8D:EE:1E:2F:D2:BA:5D:B1:3D:73:F4:56:5E:EB:07:62:40:E4:CF:C2:43:87:FC:3B:32:BA"}}},"request":{"raw":"GET /mcwk/h5/main.e16eb273f957a362.js?v=1766024140179 HTTP/1.1\r\nHost: img.m167cw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mcwkr88.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Thu, 18 Dec 2025 03:45:40 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, PUT, POST\r\nlast-modified: Thu, 18 Dec 2025 03:06:29 GMT\r\ncontent-encoding: br\r\nserver: AmazonS3\r\netag: W/\"1c387aaf5c1ffd8ed82a3b4fe80d52b6\"\r\nvary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 1b7f8001b2b06f9624559a35b6822156.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: W_Oz2wscXYo0IdoPKuiSJ64CwojLetSQMyzgA9XI_Ps7xM2p_gHMew==\r\nage: 2916\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":1759245,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"827710e7fa6fa2216e25abf194788d5b","sha1":"69b8fa2bc0873e881235140eb18ed940d6b906b2","sha256":"e8a41475e3e513e748edf8be9af9f8b5283a901e6e522f0c527d7f1a34b17484","sha512":"9b41963112a22ebb48b8f9ffd17c29a74c7314b1b57dc867842cfd8c39c74fbb84972c432388078eeba7f4ce4d2d3528f59dbb79921adcdb857fe439b41053d3","ssdeep":"6144:t4TcT1kCBf7bRHLoAoXiSdgPZ70dgPZ7FPQfZlDiNWyBXj3/T5HVnW/1nH6sTDIN:t4bCBf7b9LZo0QlTDsc17Aw1H12F1Hom","tlshash":"6d255d857551a1f947a620f8a02b4901f12e2e58754c806cf3bc9cea76ead8d177bf3c","first_seen":"2025-12-18T04:34:42.505221Z","last_seen":"2025-12-21T09:43:30.100054Z","times_seen":3,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":132,"dns":20,"connect":7,"send":0,"wait":31,"receive":0,"ssl":112},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}