{"report_id":"708a0edf-caf7-40e8-a9e3-49c8cdb82cf7","version":6,"status":"done","tags":[],"date":"2026-01-04T22:38:48Z","url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"104.21.49.73","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"title":"Just a moment...","dom":{"size":16025,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (16025), with no line terminators","md5":"ceba849ab5579e008076d1d328e8a3fe","sha1":"4fd934255828b567d3627702e76a7c232336d6eb","sha256":"0a6dbf8bd2038b2d42e12f7e7102a9c6eb72fa6d22df0c0a99af719e7314be30","sha512":"094bb1b40d464048161ebf75e073362162c2bb51077b0911bbd48f42f03870892249383fe3f8849dfc758527c11d99d141198c35afa7745a90655bac36e95224","ssdeep":"192:jNa+X9yIPl2boVmJkEqnWfBOaIBFp9t0t2uDgAysXW:g+Xcq4brJkxnWYFJg2uDgMG","tlshash":"06722a374946202bb17b0fe76165f7248120f284e30297aef4b39f58d7d991f66623e8","dom_hash":"domhashccb96f13b4f18ff01522913b8b0dc3f7","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"104.21.49.73","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-08T22:38:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"rutor.dirproxy.me","ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-02-15","domain_rank":0,"first_seen":"2026-01-04T22:38:54.080105Z","last_seen":"2026-01-04T22:38:54.080105Z","alert_count":84,"request_count":21,"received_data":518524,"sent_data":11202,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":11393,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2026-01-04T22:38:35.302055Z","alert_count":0,"request_count":4,"received_data":202626,"sent_data":1896,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"fddcc1f9153b183c96d4a3b9bba18b39","sha1":"290e98cb7283ecc3e0f3ff81005734e9e2314097","sha256":"0e775caf26d017c27e812deb486dc801a4d9c676dcd905646ff840c3ddfdeb0b","sha512":"e2bef1e8de167f2c1db1cddbef84134c4825c95b507bd26bc50a7d14d39c565fc3a8e0eec931816876b39aefab7d9f795df6acf96c4d5293169751b7e6d39073","ssdeep":"3:N/BKL1XQ7Sn:eL1ln","tlshash":"335504d0744174710c10cc40d1701457510d44005d174c05745d05f437304000050540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.373429Z","last_seen":"2026-01-04T22:39:06.373429Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"e87510bcd58891445217de08b314efcc","sha1":"20c1af649f07c0d13e8f67167e40df94882a8722","sha256":"5f08b200e2c84a4b8129909cc4cd4eb85043f7dfb134635473523e7cac01136b","sha512":"35810e67746549c83b60c5f54a37df6be4061aff7f3da5c6fe34c21db54abcd820fcb0919fa2192543a8b9f122449e63f6d89e5223c930bd1fd14b91db3d8d07","ssdeep":"3:N/BKL1XQ6n:eL1h","tlshash":"6c5504c0744174700c14cc10d1701415511d440450174c05745d05f477300010150544","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.375399Z","last_seen":"2026-01-04T22:39:06.375399Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c5679e3e4c46f1ae5f7abc7580d34d6a","sha1":"5562bf16d4ef31bbc33f9a0ecc0c922d82506de1","sha256":"a6da991a6feaba94a40511aa85668dc13f8cc47ee343027919ef820f98c78592","sha512":"0ef7680f3b0c7a427bd24e048e19911f05ccbc2ffcda0e539621a864121cc32eb6b5bde2f9b60f23c27d51718edad25cab4e6d17b6729554c2d3dcab5e6ba786","ssdeep":"3:N/BKL1XQnS:eL19","tlshash":"d95504c074417c710c50cc40d1501415510d740050174c15745d15f437300010050540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.376913Z","last_seen":"2026-01-04T22:39:06.376913Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6b88f35e164c7b6c689f7a64b01af4f2","sha1":"99bb44009a20d5d9ae996bb765feb1e3e851488b","sha256":"d22fa45f249d07f6eae54c986a7b91915434fc25bba36da93c278d76d559f1b7","sha512":"bb9ccff38c2de02b999378644dbad66c96d59d307231b52290a6255a3243dd1f9b610bf29c148278c6cecd1f3a70a31332011e8a3659dc4408f497822f9fcd7d","ssdeep":"3:N/BKL1XQYU:eL1hU","tlshash":"fc5504d0f44174700410cc00d1501c1f500d4500d0174c05745d05f437301040110540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.381587Z","last_seen":"2026-01-04T22:39:06.381587Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"0c51f8ed666d2a8d7fabb5c01309fd00","sha1":"1fbcead0265cbe28f0724f705676b3521487e2de","sha256":"00a8267f6412b6a2160bfd3d4e9d7a9130d043d297b23ad4c646266bd4b20bb7","sha512":"f75369779a7a87487acd21a4a07772c001e45b39967aea9bf0618ac89a39993f0f525e68dc8311546ad9d46c54147f67ab305eb6dc8618ddf2c4f2bf02d47a92","ssdeep":"3:N/BKL1XQVn:eL1S","tlshash":"f95504c0744174700410cc01f350141f500f441050174c07745d05f437300100410544","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.384823Z","last_seen":"2026-01-04T22:39:06.384823Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e3a119fa335a6","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"97affa698dadc62e219326890e9a828c","sha1":"aafc150f6664c8f613504b943fd27ef9b652e8dc","sha256":"45d263b30745e564e5d3ba6e75862f3b56a173b9a11850683dcfc82b344ef983","sha512":"169fa9253c46ab3eb20abf68a379e1587cb189b0378f2bd12a13185b3b46803678189d183d0f40cb4ed665c51fd5f6b8572944e119fddd5eab27a46c9bd9e4c4","ssdeep":"1536:iD5j3Od1s5SfvF57kZ826WmaFmZDGFIZCKhT6TiQI9/kxRahZu99XBJkr:iD5jOfs5SH7yjkEFIZ/QYWahs9u","tlshash":"38b3fa8d75de7455827a70a500ab7aca23bd6c8430188d2cf71395e43cd4778b7abeb8","size":115671,"data":"","first_seen":"2026-01-04T22:39:06.370433Z","last_seen":"2026-01-04T22:39:06.370433Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c494fc7dd72e38d6931542e46e7e756a","sha1":"20470e91360f3536cdf306a836044eb188dd58ca","sha256":"6d6afcc29280805ea2750f1bbad202a9f42b5d74a894b10364b3caa2a0df0b49","sha512":"875573f9fca7df0e5f26b89f4add995f7ff061e9a7de19ef36b209841760852a5b5c8303c51af60fdeb5f6620defa957a65ee971dbce153b286b87ef4902d4c1","ssdeep":"3:N/BKL1XQC:eL1x","tlshash":"3d5504c0744175701c14dc00d1507415500d444050174c05745d05f437314004050545","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.386486Z","last_seen":"2026-01-04T22:39:06.386486Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a4938f38b2358569f5d2fb2368df128b","sha1":"31838c57061dbff4ad5c2e3e73192ccdad2ddb6e","sha256":"e46aed636ae41b461d3365732374bbb93793412b8d5108545fa056def07ee1cf","sha512":"8ba1c953323f6881856261371a6a6d6e74be8365244ca517b85d0e8392deaa8cf682e3d2a41b17261ffc771da880a23f327088fd7246287fcba6f765f5c49834","ssdeep":"","tlshash":"356119ebfa834551c79513028da76748233a06238b6250e92cd8de1dff7ff4ba2685c1","size":3358,"data":"","first_seen":"2026-01-04T22:39:06.387982Z","last_seen":"2026-01-04T22:39:06.387982Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","size":50001,"data":"","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4bd042e19776c432fef714fdb72ea21f","sha1":"b384acf2f3251a1b30c6fbcfaca7507a4c1bdc66","sha256":"975c728c70124a109ce2884b1fe3369090ce139361a4009aee6dac86947464b6","sha512":"fa13a0b73869de2b92675049dae681724b3c686af45663485787a47cb5e65afe2c06b42bf061869ee4569f3e1ecde2294f3bd8ec45eb503c8f6ad00ce7d923d4","ssdeep":"3:N/BKL1XQdn:eL1qn","tlshash":"5d5504d0745174700410cd40d1501c1f700d440074174c05745d05f4373000000107c0","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.389644Z","last_seen":"2026-01-04T22:39:06.389644Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"993cd32a1266a0f5b5e18c4eeddd18af","sha1":"58e6508891659959fdacf5c65265f03e578e21d9","sha256":"878ceefd8ace58a99c36639ec0bbd539758ee2f7b71e5e12317b2cf1e80718a2","sha512":"36b8ae38e08d94ce0eedc70f08fca3e186f97aec3c1a6147633da0c4f889538ce31676efd6695cfb1dc35f65cbb8da29a5212de6216594099db410b7d85f0fff","ssdeep":"3:N/BKL1XQCc:eL18","tlshash":"675504f4744175710410cc41d1501c1f501d441050174c47745d05f437304000010540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.391379Z","last_seen":"2026-01-04T22:39:06.391379Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7789ac4ffd92a131db156abf08f0ce0f","sha1":"be2323ba43d32127fc78a4ca0c30218ea279de6d","sha256":"a89fa37cbee30a99b3015c0540e31752084313f7182a53d52734d3eac7ef3809","sha512":"139b769165cf9c24df0bdfb9f61a143c11dce66a29902b8548d524c911db8759a8937600ddab151b1e48dd8e5e746599e262886ae13fd38a9454506e87fb2a75","ssdeep":"3:N/BKL1XQMiY:eL16Y","tlshash":"ca5504d0d44171740510cc01d1501455501d4c01701fdc15705d05d4373001005145c1","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.392967Z","last_seen":"2026-01-04T22:39:06.392967Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"647d69c84781419db3e4692178ffd6ff","sha1":"24076170e6e40fc1727fe578e4fe605d654f4e45","sha256":"5fee30935e6058aded24e1e1abe792896570a27f954429a5510a7a7554d41ff9","sha512":"b2ca62252a6994156e54810480e26590f68f8420c6d3dc923a6d2b8676a738697c7e321efcfc41c82e0a50d5345c289400f33bcc53bfc6e01dcd2910b84f4c0e","ssdeep":"3:N/BKL1XQMlVcn:eL1s","tlshash":"225504d0d44170740510cc01d1701415505f4c10711fcc15705d07d437300300110541","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.394553Z","last_seen":"2026-01-04T22:39:06.394553Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"69ae4acfb1c7414f0425dc0490ea79f2","sha1":"61cfd637b157d5a2d630c98b3201f4b8db0dfa81","sha256":"3711b37e88cb22b61d84e2fc78477458e507f4ed390da9a713828e43d9352b24","sha512":"1b6db068d7a2c0958f372b336a949b13a6f8db3062a643af10ff9c723c1a576f033abd9f4f741f129bb5a6395bd48ed9c570248b2d5994ae86e5a9a06ad2c32a","ssdeep":"3:N/BKL1XQ0y:eL1Py","tlshash":"e55504c0744174f00c10cc00f1541517504d4d0050174c05745d0dfc37710001550540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.3961Z","last_seen":"2026-01-04T22:39:06.3961Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6b0786fbe95927ed0c67e2e84fb85309","sha1":"7294511c26422d073372e981e17015d3c1e3c335","sha256":"310928f28a7cbafdb7beeff2487e805bd8db60338f5aa47d5f1c378cb8ed51ea","sha512":"59ed1b31c6a652bf8ab5ac3b22fda31ee29665558fb16f76900514d12249e59f6169271fb9b87a7d60921e2b323cba950b2da8d8bbed6e0a9ed43e00504175bf","ssdeep":"3:N/BKL1XQ/M:eL1j","tlshash":"755504c0744174f00c50cc00d3501415500d450050574c07745d05f437300001050540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.397659Z","last_seen":"2026-01-04T22:39:06.397659Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39dc4cd923eb","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"90873a559235ea4347148ec07a459130","sha1":"8e38ef05c158d14cfa9960f81f9e538419ee52a8","sha256":"233f05bbd0649c28224351f6b07f0bce2c91d044314604bdbb82360bc97f75d4","sha512":"404cf0d023d66560586b6a944c562714d362729819bf45e1aa6b591fc4b4669d2e6f062b071e8f5e8b8576c134ca09ffc7723aad8e45f7a82483391951ee1141","ssdeep":"1536:iB5RGlj2LlTVDXXeSaVYFqjXxEy1jZj2SCtk/mOglJkOxxvxgdv:iB58j2LR5XhaVh1jZjpCtlOg6","tlshash":"92b3d8ceb9db7455437970a600ab79ca63ee6c8420188e1df31295d07ce0768ba67f7c","size":117290,"data":"","first_seen":"2026-01-04T22:39:06.367764Z","last_seen":"2026-01-04T22:39:06.367764Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"18514dffafdbc316ae87879719ae86f1","sha1":"74d9aa305d9f245feaca5d96f935d2f4a4026f18","sha256":"a73187ff66e93d2592ca061c309d77a41604564860b846c6ef7e688c68ef4364","sha512":"afcdda079f330e2ac5fae75d96f97b134516b80dd16e74112bd68b18f4538a346793eabde74c22a6ab76dc6958817ed545e526e9104ff5f654f4f648f0e6d918","ssdeep":"3:N/BKL1XQM:eL1X","tlshash":"735504d0744174710c10cc00d3501d55500d440070174d05745d05f437300000174740","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.399255Z","last_seen":"2026-01-04T22:39:06.399255Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"33de6154238baf5bf80c15a37329e52b","sha1":"2dca6745f49b3b4742f247dbf976e91afe39775f","sha256":"0a9aa441a593e86a515583714705c101084117ed910cbafaa7f6ba9c42af44b2","sha512":"c57f4bf11e1ac66de3ce2f8b827510ea6f9003f4793851f5aca01abeceb686cc5882b29dea1c4997de15c4bf766199da154edcaf51a14d53e4eabf256b3d8aac","ssdeep":"3:N/BKL1XQn:eL1s","tlshash":"665504c0744174700c11cc00d1501415504d54005017cd0575dd05f577300000050540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.400881Z","last_seen":"2026-01-04T22:39:06.400881Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"cfb0fb95cec1c053ca840129b3ee4536","sha1":"f985a8261759ffbf61cdc4dade06d5c33455f44e","sha256":"1fb72f1284aa2e7e311244cceec93815ba2039c0a1b956132378a606a15db230","sha512":"14536940be3d9d7679b0aebbab2e1bbdc0592cab968c5f6397f5df429882efa93a75224052ee90e17a678c92c35c7c44d3d048069fdcdefa8f772e5fae24de45","ssdeep":"3:N/BKL1XQcn:eL1X","tlshash":"4a5500c0b882b8b00820cc00e2e0282fa00f8a00a02b8c0ab8ae0ef83b3e0000230ec0","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.402625Z","last_seen":"2026-01-04T22:39:06.402625Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9f0b7c4d72bf74d2e62e19b9a9d9f446","sha1":"b888b9e183884fe86d494980572bab97c15fb79f","sha256":"4191efe5ab52f7bb04a47a3cb7209575daf6601eae2a0b224c5e147eb90e1263","sha512":"329074edd9c1bb618d74175ed1c3e55262c95fe99370a924cd07a6ca32955c43f8ec678264aaacf1ea734d35d240a2caa67caf6fd92ac537439e6baddf4804ce","ssdeep":"3:N/BKL1XQH:eL1c","tlshash":"035500e0b882b8b008a0cc00e2e02c2fe00e8a00a02b8c0ab8ae0af83f300000020a80","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.405237Z","last_seen":"2026-01-04T22:39:06.405237Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"93a2cee8371809c32b6f34d6560effae","sha1":"f7584f37998e408812873f8c4de85b15d40b0820","sha256":"dbce3d4574f9180bb603720c681bec3376effac2ee315104b66fc6d15099db7a","sha512":"75dbcb2b0c37db9e7da7d95184960580ccb824dc59d0bd5ae86f0763ed40f992e6b1f01683a4512a9d9917734022e34f9e23439d341c7de14b9bfe5dc273cc83","ssdeep":"3:N/BKL1XQZe:eL1/","tlshash":"cd5504d474417c710c10cc00d350151f500d440050174c0574dd07f53f304000050744","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.407006Z","last_seen":"2026-01-04T22:39:06.407006Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","size":50001,"data":"","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"42295af1195b0201fffd9235e0396119","sha1":"c4536ec9adac8e8f3fc9eec8b32e2d6a3ec7a8af","sha256":"8abc82ad971887582e4500c041d2ab2cf89eda825fd8bcf14055a6db7e378d0d","sha512":"1dcdc9b7fd0cfba58a65c23ec6c09c7f8b6cae82754d97afc3e74bcbc515e117a68b3e5fb6f37a2b004f6d4af5bee38e0a6f06403ddc580e4ab9fff6f642f605","ssdeep":"3:N/BKL1XQQQ:eL1nQ","tlshash":"965504c07cc174700c10cc01d1501415504f4c1051174c05745d05f43f300001450544","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.408656Z","last_seen":"2026-01-04T22:39:06.408656Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/?__cf_chl_rt_tk=iLgC.jhQbvhYTlQIb9WNgiwahwrLcZuZ5XQFz2FFDvs-1767566297-1.0.1.1-XC_ua9TK51n84e2xeWvgs3UDUsX7_geqVDMb0p5moTE","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-05T11:44:44.588622Z","times_seen":666931,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"72f09dc5b7ade781e45b5f9e979274fd","sha1":"2f952ef8253c522acded670a2426213f4102172f","sha256":"7dca32fb93823ea25f480a9fb2749a8f01b0be5ee23bdc9cda99ab6d08505839","sha512":"35e17b33bdb7c1aea3204e1f8c96f158b56018cd19eaedf12c06746357999181d929ffec520cf6aa63dfdf6a5b08abe6667ef588baf34a6a62148693845a2050","ssdeep":"3:N/BKL1XQMn:eL1P","tlshash":"205504d0547170700710cc01d5511415501f4c01501fcc55745d05d437300500014541","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.41159Z","last_seen":"2026-01-04T22:39:06.41159Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","size":50001,"data":"","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/?__cf_chl_rt_tk=WLxpVkS_nXlQNlScpyxBXXuWMLatVSJZ.hKO3OY9Qyc-1767566300-1.0.1.1-lqKxHuJxk2r4Mj.N7CronAFOu.03_E0k6zsTm4VMZ6g","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-05T11:44:44.588622Z","times_seen":666931,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39c09cf6b4eb","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a691fed9a41dccf09908d7afd1f5abde","sha1":"30489801cfa594a98e7081f2b1fe4c750548f451","sha256":"7f191f4007a93803fdb00f3669a47c6c9b77cc0e4629748eace8379a0f08dcce","sha512":"7c0c64c83eabd82e5fc4434a200f085a7bbecba24d9b1ed0dbd0aa4bba86994f36ffeeb5330c96c24896e7df786cf7ceba80e9b1fd93fc1ed639e70ec16b58de","ssdeep":"1536:i7mC9S48qIvOu1JkofwPav7u+KjPpu9EPTF/LCYaDxQO/z0HzCJUIleQYGJc+RE5:if9sOe0+RKTpYYwPmF","tlshash":"26b3ea8e799e7464832a70f610a779da63be6c843018892cf703d6d03cd476876b7e79","size":115127,"data":"","first_seen":"2026-01-04T22:39:06.358904Z","last_seen":"2026-01-04T22:39:06.358904Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"16da65701f1988606a26980943931f0d","sha1":"0a4c5ec9a1dff5d314af084937253b515868d222","sha256":"9fe9e3f56ef25843f36ee8cd0c1b6f44f2ee331596adfc64be4e9bac7f9c3fb7","sha512":"efa9f03c4406786f842d2c89cd617feb3a77eaa68231b9fa486dde38eaaaf70771689f2ad4a76c74bd9d9b03913c4871b73ebdc44ce5eac52240fb53814c34de","ssdeep":"3:N/BKL1XQhdQn:eL1eQ","tlshash":"c65504c0744774714c11cc00d5d05415500d444050174c0d745d05f4377100000507c0","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.41395Z","last_seen":"2026-01-04T22:39:06.41395Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"55632058f7c4e7184189540057f4cd6e","sha1":"2c49c1e71b4b2bad56c1fb35d30f2d7d5437cae8","sha256":"64789790addb136687d838087e6109cafc63f7588649d8544ea0cbe4eef3c173","sha512":"ba9633ddf94a73438af530894eef3c464e1698c8c4cbb9f2e9e04ebc046023bf1fc81cf98e5540aa973ec95cd21b6cadd5845932279f358a598d56bf45149fb0","ssdeep":"3:N/BKL1XQcWdn:eL17Wd","tlshash":"8b5504d074c374700c10cc00d3705415504f440050174c0d755d05f437300000050744","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.415789Z","last_seen":"2026-01-04T22:39:06.415789Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"21f7d88bd394c0d8fbb9db8e4ed4d022","sha1":"e92e17110de9b627d46d6a31a7fea9477c8aa49b","sha256":"264ee28f9abeb87dc37f3647865e6cc8b3b0ecab48ee16d9b678ad6b3dda9fc1","sha512":"cfccca0d827ef034156681fba8b9b69aad3cf3c7e955510a5254859c5868fc0d48005bd8a183cc9b65758ab2b08d55389352f390bc1eec6d025864e6627bd246","ssdeep":"3:N/BKL1XQmn:eL15n","tlshash":"d25504c074417d701c10cc00d1d0541d504d540050174c05745d05f437300004050540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.417698Z","last_seen":"2026-01-04T22:39:06.417698Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/?__cf_chl_rt_tk=TadEUiK_rcGDpHe7HeVUyqRP2sbo3.sD1PinQZ0vKe8-1767566304-1.0.1.1-6SJEv8t2anyb623jsPEZwTZErX.sGknkKySiBLrhoc0","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-05T11:44:44.588622Z","times_seen":666931,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"82b79d13ff908b5b485a6af970b5f8c8","sha1":"7651710ea345aa32abf03c691e8c86242488acc0","sha256":"b11345ea33918fc0d2b3c383d8f407c17025c7db5005d233ac102c0270b4eabf","sha512":"e75e6c7f8574079fd819996dfc5970f1ca270462e0267541f78058b8a2de374a3089d79ca2fe7d55ea00b85c9f2474cb26eacb61085b8136d176fa09fe614f62","ssdeep":"3:N/BKL1XQYRVn:eL1rzn","tlshash":"c05504c0744574700c50cc00d1501415504d440050174d05747d05fc37311000450550","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.419681Z","last_seen":"2026-01-04T22:39:06.419681Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"568aabe9a7e39a12ba185ebe2fb4907a","sha1":"5dea7d2d8413c1878fd3658d0c191ee8e4adfd46","sha256":"1a3e9a23218614f684dd6ec3c2807d77e03a27f6a1127e0c15554aede033ff96","sha512":"7820f31cdab6221cf34969d81cea460159f1b5e78fa63fb90a263cc4fda4414ce06aee6a5929332a4c5fa1e34e204d66bba6e31633d8be7750cf1e046f0af687","ssdeep":"3:N/BKL1XQv:eL10","tlshash":"8b5504c0f44174f10c10cc00d5501415700d444050175d0d755d45fc77300050050d40","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.421699Z","last_seen":"2026-01-04T22:39:06.421699Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","size":50001,"data":"","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"28775c21f999ecbe1d394df33ef7d19e","sha1":"697314ffc684335fc30725010330cc76d633b9b7","sha256":"f3c2118ceb05c61732d6ece1ea33e0cb97589c8702fd3c66b7b35771870b1416","sha512":"a61254de260e8adf56ae71ce67b64c1515786e71e32d6b072321478e1d4a743528a0a5ba3874b2e9d8425c40548ef54a407447f278dee8f673e7cd5b0c78711a","ssdeep":"3:N/BKL1XQrWT:eL1H","tlshash":"9e5504c0744174700c10cc10d1501415500d440050174c05745d05f437710000050dc4","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.423021Z","last_seen":"2026-01-04T22:39:06.423021Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"016e38901909afd780323687653cf419","sha1":"ddc0176deb46817290a33bee27c60890b09656e9","sha256":"551b6f689ea145ade136c8e0257bec385f83c420793d4067a72a2f225756cbae","sha512":"db9b5ed365d4e69603c6add787eb7954cc49e7b30d8df836ab6084c75d13534945f76846412c71c111e37692dbf439fa375a8577b6982e26af0e861cd82e62d4","ssdeep":"3:N/BKL1XQVdR:eL1+R","tlshash":"4a5504c474417d750c10cc01d1501415540d441050174d0574dd07fc3f300000450540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.425076Z","last_seen":"2026-01-04T22:39:06.425076Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9235b5f1e213d332adf729c299dfc359","sha1":"50d2ab36c4e53c7321f8469214cf1b2021c2a0ed","sha256":"93e133c6efc73facd7e28e45013eeb2671a6460c4096162b14e2c627bd2e5fdf","sha512":"7ac73765d4f8ae207f011feb4121859fba82d6665be998c096d6397d3f3ea27e476bd92cf752bc3df2c0be8ca1fc6840f35b7254a134a80b41f24fa06b377749","ssdeep":"3:N/BKL1XQdm:eL1b","tlshash":"925504c0754174700c10dc00d1501415500d440450174c05745f05f43f301000070540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.426954Z","last_seen":"2026-01-04T22:39:06.426954Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"30718e0347ae2ccf634ed4c28f3260ea","sha1":"6586aa2b1a1b958ff6f2e13dcda2956b54efb45b","sha256":"c82429d10c3459df815748371133a3dd98b3e4ad9d8d267a19ed32a7f194b1ef","sha512":"374f28c9154edb319f3ac6cfec87ad90b8064f8a9b55875eb0bcb6c0f4dbdb72619560574f285c59dcb764465da69320a737d788d05df223e378be333b441d85","ssdeep":"3:N/BKL1XQgdn:eL1f","tlshash":"805504c074417c740410cc00d350141f500d5410d0174c05745d05fc77704000c10540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.428097Z","last_seen":"2026-01-04T22:39:06.428097Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/?__cf_chl_rt_tk=DbwHRd4n9tFuRafK9QCKElFdlv4I_g5GIAFa88AMPjk-1767566313-1.0.1.1-CLLUojgZY.4Kli4AcxnujLS6fXO2PdyldnTqSI8c4VQ","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-05T11:44:44.588622Z","times_seen":666931,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"2863cdd11f30d6345368886987922289","sha1":"3e284781058d0389075776c549f9176c16659963","sha256":"3246b0a8c8fdba8533164e0ba0b368dcbbce65bd105e3b10432f8d0402b0f419","sha512":"00716b49fdce70be1d1427c3353098c32192cdb82a460162b48e762b37dbfe547c64002f8cb56d5ace9a59f9be20f22bccbbb65df6d8a81b1026cb621bdb2e72","ssdeep":"3:N/BKL1XQD:eL1U","tlshash":"be5504c4744174705410cc00d1501c1f500d540050174c05745d05f437340104010540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.429419Z","last_seen":"2026-01-04T22:39:06.429419Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"b45a38b33c74f114a28b54efbc4fb3fa","sha1":"4932a3574764dbd27d41759f13ada4b2be3b2807","sha256":"e4684350624f580fce441d87b8cc02183c52bb0854f1341afbf5cbbf8186512e","sha512":"5fa0d2c8b38a3dd2cced969befcd34a437d4dcbb8078e2bfee6337b091eb53fed24d5fa7e08087059cd1ef78d3c3f8627abb6d6e006a4da185b7a846e31f138b","ssdeep":"3:N/BKL1XQI:eL1r","tlshash":"355504c07c5174701410cc00d170341f500d540050174c057c5d05f437340004010540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.430801Z","last_seen":"2026-01-04T22:39:06.430801Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"678d176caf11ba96c591a0a4990bcd09","sha1":"d9a26c4d0c71403237addef457c7dc58a66271ee","sha256":"bbbb640e0c4e1fc8594e5bce440e8d4a319ddeb8c616cd8f23c52931e6544c72","sha512":"7ec5728100eb1c0680cf32f572853c73a96c4071d342c31114613a2d4a053c6aecc6b5df0aa238ff6ec7c385207f0a6bbc676252c6f5a4a0d15bc8611646354b","ssdeep":"3:N/BKL1XQX:eL10","tlshash":"d65500c0b882b8b00820ce00e2a0282fa00e8808e82b8c0abaae0bf83b300000020a80","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.4324Z","last_seen":"2026-01-04T22:39:06.4324Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a9cf6b225de7a44a56adcae26f1c42b2","sha1":"55d4bb78ae47aebd53ab58d318ed2f26f262654e","sha256":"fa3ecdbacface07f276bb7782f1abebd53739bd34826697aea4fa089b2873904","sha512":"ff66ee9d19044cbb600a64181de8c65c797b249d67a066ece02652a00bc5051ada24e329805ab1424f1f294acc223c1c904b8b59c9b0d9ed98b85fb4425f605d","ssdeep":"3:N/BKL1XQh:eL1i","tlshash":"e55504d074417c700410cd00d1d0151f500d5c0071174d05745d05f4373000000107c0","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.434636Z","last_seen":"2026-01-04T22:39:06.434636Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ed0a50f1509adcb3469e28d7b3629293","sha1":"26dc3e35caa4e111e0f64ce4356b0f745998ec6a","sha256":"99c7aaab1959ee2036eb6ec14d3e75cf86ce269eb695db3802eff68a598358f1","sha512":"453aab683eb3c28b48e5c6dcbb717048537d1d457e229c98dbdccadb0c39858055be084532a7b70326ff285cef1872e4b399c9ea371bb90bd7c43545a28bf38b","ssdeep":"3:N/BKL1XQ8V:eL1P","tlshash":"465504d0744174700411cc41d150141f501d445150174c05f45d15f437300000014550","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.43559Z","last_seen":"2026-01-04T22:39:06.43559Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"5fe2834d7d394caff0ddfe5c2f6dff4f","sha1":"b146cc02b55e7eac9e0670258735dc926509eee7","sha256":"c322d5b77b6478b391e5435b6a0821857f957e139b59595d63837687fca69659","sha512":"87734cac095f53636f4c380eed86f7d4d882c684c7baca6acf479242b1456f76a6d1879da41181b82c74fd3b95a626a76b35ac4643a391f9db17e1fd507a047c","ssdeep":"3:N/BKL1XQvUn:eL1/","tlshash":"655504c0744174700410cd00d3501c1f531dcd005017cc05745d05f437300010030540","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.436739Z","last_seen":"2026-01-04T22:39:06.436739Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39b088a9a0f0","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c58f0f799b94752d37d11c294aa84d5f","sha1":"fdf4989f0dcd8a64c0d1fb6b168efb1a1de85a3f","sha256":"787c356c2fc4aa857b975f56f904aaceb12f47606606ad2ee7e266da8e6b8af7","sha512":"88f1f5e91c9f13c63224f1f82e4279f9d975ef164a57292ace901ac6f894d3096c49f5ffc47717474874dcb6fba4972e1c1e5bdd5a05d43eaafdb5e34a562553","ssdeep":"1536:iMcTAQ0sqgnrRdd5cSQRfdilEBhY9uACwNiZXGDO6JktAvonW1D3VIYtZ5mMfPJD:iMcUjs1ndPa2y7Adl3xnecdqo","tlshash":"dec3e88eb5da74955269b0b140ab79ca637e6c4430188d6df313d9e03ce4328b6b7e7c","size":118479,"data":"","first_seen":"2026-01-04T22:39:06.366538Z","last_seen":"2026-01-04T22:39:06.366538Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"f40e6957cc70c48d1a39acc790f3d21c","sha1":"84324e264d7451c4b27135f440c89ec9a8a8f848","sha256":"9fcf415280d803c7f9fb111b5dbc4fae3c2eaeacedc79899d7b227648f294557","sha512":"062353b0f8b83187fa3ee951f58c76b3e61eb576382407ddf23a39fff0ec267373d13f9b8b9c9bc44129f65ca1445ec21b0f3bdc60c60814cd15aa5183e47dbe","ssdeep":"3:N/BKL1XQMgn:eL1I","tlshash":"7f5504d0544170700510cc01f1501415541d4c00501fdc55705d15d43f300d00050541","size":1337359,"data":"","first_seen":"2026-01-04T22:39:06.438398Z","last_seen":"2026-01-04T22:39:06.438398Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e39c09cf6b4eb/_RMZwA902kO8cRJ0seFT0lscbwqm0z_GaU7lAghADvQ-1767566300-1.2.1.1-OR1iPayROtWr5Lthq7UsFvgahwBCIL2dY1uaCXNMRu_uaY6.WnZIxhKK0bpI4IHK","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:20.643Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e39c09cf6b4eb/_RMZwA902kO8cRJ0seFT0lscbwqm0z_GaU7lAghADvQ-1767566300-1.2.1.1-OR1iPayROtWr5Lthq7UsFvgahwBCIL2dY1uaCXNMRu_uaY6.WnZIxhKK0bpI4IHK HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\ncf-chl: _RMZwA902kO8cRJ0seFT0lscbwqm0z_GaU7lAghADvQ-1767566300-1.2.1.1-OR1iPayROtWr5Lthq7UsFvgahwBCIL2dY1uaCXNMRu_uaY6.WnZIxhKK0bpI4IHK\r\ncf-chl-ra: 0\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1964\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1964,"data":"66rwdlQ4mb00C98+YfZO16dZgFScxhIEQLwguXWMJ-ZTifU3vLG3ryUNuhaIyCsZf2Syww7uExUDXJ0eNmndULLbO2ZNuitn781$7hvCfURzJ8vpcWOdgjbJM6+ht$q-WXoOxtOHUFwbiEd7$RcQ26u2p2ppYP2iiS6fRXMZqWRp+RHgTL+NQznqyA6UGyyQdKNtCWbQajKm79nQ4Nd8lKO6kHoj9aQqoYp0wXJfYLIK1cqaChRjYMd8k+0gdt265ZlrJMvEHgeD7tK-cec5SUD679zu+uG1UGRxMOKuTJ58K8JZWHik3DVoXnI6aq-c7iS8jAjgeg3Jr4gKGs+EA$qOnc+ViUR2yVZfG7G2+OOb7z0mM7uur3tDuxF1H5$XbNo05Gjlv5nbHbTTI$m9W01smGJWER9NoismUqIdj-CSm1z1GjlDqhp21UnpPS7RrW5qak$gC-FdVavwlYGIKvq7DOPg5qu0yTnoVUxwYxM0SELJTKQnMC4mza9OmqXt4VnUiD3lj3a7ASmsQP6eIUzX9tbr8GzxgWzJug9YFfqrwM0fzl$Id7zILWj3OjZvKl-tajAcUUWafFk2XyzQKUxlwx+h0gWYcYn8GV8uUYu$TXFEiyUmtJReSQxifuvz$-9r-yNIL1Cufw7bLOyGFTCgpnq2KzPnul$d$lP7O1qGcJ+-bzxoUP30zDZa+l3l9R$h2gs+2aDLh$e8k71firSW0IH$Y6r8TDWWgj$jTC4DbDz3ca7GDgYGJ$TgJFApHJm8zwS7cxZ5mxRYd-lePErEv-0ORmw7+fe9gz7wJAwIa94O1CAzwH7hAuqJn5GYkpyOrRsVIoNoTnoVOUwRgmkIp9Pl95oV3nCiw15Ep7TdJ6A9koHORO+KYgOms-ke3Ot+jwtGush9Eli3IKROjuwsu-+Sltn8pjTGz$pbn7FRsbWYz0zP-NKyzf$MPYfuK3aDpQ-HcujDITGUJk1126fSuUshz-LyAMpX4-w2iSVMXVO-F+6jAXfiSatFQULI+oElFIO4W5Yf27X3JGiyiL$6qPoi2Wmfn3viwHwIJlgh5IHW+3buCRKmujpeNEzSmQgE4IkwKN7sUq4NXLXRhXEYQndn+lv5boiheFx1GIfU0EOkYs1kTR1cGkyjRolJdNsopX6isIwopRcKqfy$jH6adl8zhwN1tb+b4hKuD5iGWwkFQXHaPTUi-K4IIVDRqOEH7-GYY4r-m7lkpOu0yh2qhjN5gV3QkH6ww10R6$-lvJnUhX09Uup8LY$rPfJC$hSoiceUJEZMM-ZLAklZRLxRIsj9xrOgqr6qjuC0MemEvzzxGa1pNZvZfwlF09McnmX7lzxEzaG33cf6HEuOXy27M5P+Rtyqv4gZQJRcW5pJXNxnNmnqkS+P61au-DTLo$UUww2AMYkrrupvUN+IHHiw3QYf4lYkO3ss326m1233Uoe5XWm8zt7NhJ4JqN7LXz9WSi7t3Uyq5PITDewvDjT9YidzcytT$67UdS4q+btqrdHuzbCZwkGNbT6NQ3ee4-xSWDA7WgUzKWsr6H-gj65XJWCDRRuW9ncXs5h3tCF3RF+TOP2cQ0sFIWsmLJc7zf6c5ozJKyIfMdJtQPSrp4rd-qmDSQSkAId2lEhLsLXaqO3duo-2VqQZG2LSskeZ0OPRa8VOOh2W$0jxbhwRvz+FvHi0XOdSK3o87I4ctYsPlrx4QiMkjpTb7G3Ot-6oIO-$Nu5Or0N1cIvuucwd6-x4YHDH31pS1Ef+svN5nG1ntntymcwY$3x3jZi7uY+1gx+0-gYKrAKKuIdxSIbpZyyzTLtrLAGrfq$YSnGUiRa+qpohxq0-C8jk452sNIqZQ3-cbroLrgPtACNxILIHwUoWEyYqe7VNejKa4mzb6GzzIdD+rf766ZlIXxNYf6GNEVmM5DhMCSzGHoYi96VX2X6r4sWNolRtmXh901QHTZOj"}},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nDate: Sun, 04 Jan 2026 22:38:20 GMT\r\nContent-Type: application/json\r\nContent-Length: 14\r\nConnection: keep-alive\r\nCF-RAY: 9b8e39c30b3523eb-OSL\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncf-chl-out: wHv4fq6pqJxtAonvpLX//+T3QXPl7bL3tCpHaRGVQMxUqdgQH2POgD0jP5w2YkRe5ucUMgRxyh8K2pcSgRWvZQ==$HZIo31Km8+McOrBTmXqThA==\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=IC7zmhGs%2F3NoYwdhZUz7Ci8IrCdRTpfg9dqmn4k%2FaIK5Ff7PFDQUoa3XiRgAzwQXKwmuWF%2FtKVxawHgl7pnkgzByrHLkS9TaL%2BeWmlBoQHs4gGsUwxFOBCd7aXYQuF7NF1B8LA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=7364\u0026min_rtt=469\u0026rtt_var=9934\u0026sent=40\u0026recv=32\u0026lost=0\u0026retrans=0\u0026sent_bytes=48338\u0026recv_bytes=4606\u0026delivery_rate=39831715\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c388aee5b895e903e82a624bb011e200","sha1":"35f272c9e20b19d540385f51d8e6a3d0f3ae5131","sha256":"3a77ba941559f70e32300f869db092307592a75e6733693e985ce002239814a9","sha512":"486ad8f4e805a2547f544cdfea1eb9362a0e7721d90c01e9c03f0bd84cccfd69b4999f1096e3d68895e2e48f0a96212c9a38cf93d5afee760e3d9bbce7c05fc9","ssdeep":"","tlshash":"90600000f3f0000c00c0000c300c000c0300c0c300f300003300030c0030f00c000000","first_seen":"2024-10-11T08:37:20.57558Z","last_seen":"2026-03-15T07:01:33.819158Z","times_seen":8854,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:24.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Dec 2025 19:12:58 GMT","end":"Sat, 21 Mar 2026 20:12:54 GMT"},"fingerprint":{"sha1":"DA:45:58:DD:B7:34:05:65:E2:26:69:9C:69:2A:91:C3:DB:C6:80:5E","sha256":"BE:E0:7F:BA:DB:DB:66:EA:EC:1A:A8:D1:E5:7F:8C:DE:5B:EF:55:8F:52:90:0D:D5:42:CE:5D:A6:B4:21:39:FB"}}},"request":{"raw":"GET /turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 04 Jan 2026 22:38:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\nlast-modified: Fri, 12 Dec 2025 11:56:37 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\nset-cookie: _cfuvid=fwKI6es25wZX8k00kWOmNR32vwILEYtmOa_a6zixcKg-1767566304926-0.0.1.1-604800000; path=/; domain=.challenges.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 9b8e39ddba0f1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50001,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (50000)","md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:24.926Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:24 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAge: 6\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=azk4B6S500WtxcFmiY5bbYuRD%2BrAPhTL4XXpAPCSkbfLij6RngJg4d43Lxf%2B3uuIFVs6U6HaizuBSuPag74H7DQ709fSNGAjKp4yRnhR9PCc\"}]}\r\nCF-RAY: 9b8e39ddbc3935a6-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T22:38:33.219Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=3\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 04 Jan 2026 22:38:33 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncf-mitigated: challenge\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=onqrPYI7FrT7g8rEFzvUtvQQf2rZR6drZCLlJvYyrH9ozo%2F0nAElootYNMqKYBAPDzmdS3mZNliXWMXemlK3oqiMxK9O9qcmcrKFUjB7%2Bqez%2Bg48KXAP0AFv%2FPOi%2FZZS8US0HA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e3a119fa335a6-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: chlray;desc=\"9b8e3a119fa335a6\", cfL4;desc=\"?proto=TCP\u0026rtt=5096\u0026min_rtt=494\u0026rtt_var=7807\u0026sent=41\u0026recv=30\u0026lost=0\u0026retrans=0\u0026sent_bytes=49894\u0026recv_bytes=4684\u0026delivery_rate=34499659\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5339,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (5339), with no line terminators","md5":"c020feb1f734ff81a3c816cb70036b07","sha1":"b67fcf12f3aad1ee69d5334b9913944ba5a9828a","sha256":"140a5118c1f7ed915691695326783081969e1137dbdad29c9a75affae1ed205c","sha512":"b180d83ba6b6274a6598594faccd00533e06f371419fe5cdc4b1ed1887cf4ebed86bb1626ed636befa561792bb95e2a89d04f177f821ebcd15699efb16d5d7ec","ssdeep":"96:PNybXZtIEb0EFW87InaIBxXpOFkf9X8O0t9EbomNdkDgvYzueh8zmw:PNadBOaIBFp9t0t2uDgAysw","tlshash":"aab12ba756572033f3bb1bb28173b3286231f09293055859f8f0db9ce5fde4ad269290","first_seen":"2026-01-04T22:39:06.357013Z","last_seen":"2026-01-04T22:39:06.357013Z","times_seen":1,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:18.012Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=iLgC.jhQbvhYTlQIb9WNgiwahwrLcZuZ5XQFz2FFDvs-1767566297-1.0.1.1-XC_ua9TK51n84e2xeWvgs3UDUsX7_geqVDMb0p5moTE\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ni8cXj1NyqKE4q25HxWS9IuQW6K3kqi4EL0iNsnHs0rOmk3Yzsls6ZZAMJHx%2FNbMDBvtm0ESnUbGP1Fwb4T0K8y%2F%2BIcA3zwmkcNLTw10CA%3D%3D\"}]}\r\nCF-RAY: 9b8e39b22fdbb4eb-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:18.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Dec 2025 19:12:58 GMT","end":"Sat, 21 Mar 2026 20:12:54 GMT"},"fingerprint":{"sha1":"DA:45:58:DD:B7:34:05:65:E2:26:69:9C:69:2A:91:C3:DB:C6:80:5E","sha256":"BE:E0:7F:BA:DB:DB:66:EA:EC:1A:A8:D1:E5:7F:8C:DE:5B:EF:55:8F:52:90:0D:D5:42:CE:5D:A6:B4:21:39:FB"}}},"request":{"raw":"GET /turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 22:38:18 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\nlast-modified: Fri, 12 Dec 2025 11:56:37 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nset-cookie: _cfuvid=Yf4kMAKjVYZ6xnxuhEGhcO2leQMtjHXXI7p3OOXnKNw-1767566298079-0.0.1.1-604800000; path=/; domain=.challenges.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 9b8e39b2ef24b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50001,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (50000)","md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":26,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e39b088a9a0f0/UZ6kXIEmuBbYmaek.1HweVejWILs_7PHahElwgmW8HI-1767566297-1.2.1.1-1EQf0Ym8sOBS3n1wsV_HsWu2OY6gkTghecPKkH3BJpWYyKm5PBmBc82jj0xXZW_O","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:18.230Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e39b088a9a0f0/UZ6kXIEmuBbYmaek.1HweVejWILs_7PHahElwgmW8HI-1767566297-1.2.1.1-1EQf0Ym8sOBS3n1wsV_HsWu2OY6gkTghecPKkH3BJpWYyKm5PBmBc82jj0xXZW_O HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\ncf-chl: UZ6kXIEmuBbYmaek.1HweVejWILs_7PHahElwgmW8HI-1767566297-1.2.1.1-1EQf0Ym8sOBS3n1wsV_HsWu2OY6gkTghecPKkH3BJpWYyKm5PBmBc82jj0xXZW_O\r\ncf-chl-ra: 0\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2007\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2007,"data":"ZP5otFDWz32nSHbtxwSAW97A+Ip$3xiaqOICyL7qsoHhEsNhJAPcKijxtctYn4t48kMsFWZ2ui5-awKqSNoOk+IRtdSf4xpEqKYZhcimi4wT96Z2CgFQzg7JK5jeaJtR915K5yQF3ZmAvgGXk0NMpHWfGjnPJOQ3XGho3KG0-5eoLrppKmjcKNvKuGbSONbFrAfn5WJEfORxMtUb6qohX33nemqUl48O8w-RojcIvOvUh2WIP13oe6eY4zNJ4tlukkuyWpPiRwoW9VK4EWYG+OgD+dhK4+MdUYEQ9tC1MS7+0VOpx6IZYKzk62uY$ssX7jQ3HgV6aUJTUbVyZoFejo0nMus3Kv637zQgxvwuzudzpJO+0CgHAeg7z5Q$zWbm3dYHOzesHY3lzDRP7SzmSeSrn9jj5UhsySsis2JQVhZYqQMmfJenv-TggMbQasNiik1P8bLcHPGdGaOuT4XU5vCtSXoujrCkp6b99EckGdJrZaZcnHkWqgwt9ihYan4s$E5Riu94A0gH3MJebChKp5EhEvb0AD4X+93zwYJG1-DEz99hwq3y5u$qSnC3RgASE$oqz8bcgGAI1p7p4KfqIAU5JzVSo14TDSUIn$CwQC-QqbAA$NySCunAViVPTxpzELjsr+urYRPOQ4uh$uE-8ksusKchql5yfbYzD+2GZiQwbbv9GmuaRLOZZCuqUEw4jSaEKpjG0G2xacaA4iH2qQO-4OdCf6oWyqtak837zYNAwTYH5ZqSKmSz-yqDTDDr$POxJAl$V59k6rh9JWXsVq+ADqR30LRfWylJ6+zrUppuAfNs33Z1s$yXLhwCjqK8pvuu9OIjAYyHf$FoMt3lizb1fAARfajreRPN3uwzqsysqRxO9PYGkW5h$HcsTMkphUqUVfy4eEDDW-YCTUl7pcG5KUa8A$xkNky-7h37ArGKDXJ9KFaVHyJoXDJNw4b4-UMo1j2Gwr5JcXbX-pqIpCbmjfV1bFpiboYhNp6DIPlGJq9k5qTGRkKi2fxeA4l0rr-kSbcb3mbnn+UPVnyrKi6iX25FLFLOAn1Xavs0cgodqgsNYPd9aK3Wg8hbOMbVgEMHpZejHLAzSAuyH6N+nW3hmYqLkDdoEN4VDX+Jyf5wF-Gtf8lwbp$5JJ57XSrASdx5eIiM29Vz7f-IczA5vYGrAOpc7JdYH5WOOFrift5n7TYI329TYKoOXG26nvWOg0GRnaqLL7U1xsc7XPeDP4AcJpmw1UwkydMmI3kTtMPREvWy4cegt4pK1bJX4rC9ha+$iLnZNYzM7+nx-vg$GSHYmAD1gFDsLh$lZy7XdFyEaHNQ$kTFmXhq6yo+-q6ONa5pNUQrXOFzXLPMg6RvaGbc8SK0lHOh0G1nv0kq$RfW3hMhX-4MjM9rDRg+cCmEprsPA83HZg7tU2Q51jzRX$bkm-FSQUE$jI-gKId6aIFUFXmbgTvCJYk6z+PgbOQiOG15sOr07$noZ-drTp-TtA2gD4DkMePqMlHe1OcRCTfPQ8hotq5IpWrlSR8jZJUcCNU1ZLIKr-oTtpS4jha+P$q0dKmLro5pR7$xw+RyG7VTtqAxC-64juxNbkhPD0Q$DqzEs8RoTY1OifaFoJ0563mRdUIsdCncbRoAUml5ZTiwgyv2SREcCAg$7+deS69MjDyJCSXicsNC5-AZMriqNcqQQVRx6G1Z450lll+c8VwX5CQtsycJmqTi4WTE1GSFOYsk0-aQiT87bO2oVyA2$U-+r9cz$p9UoF+Cmt6v+ZLOJpSe7ihbjdGIuZsOhHmFSQyNQPr88faJYZd7kuDsF-qQ3EnKN+iSsF4gSeFpgzxN1vAzAGLbKFiu7Fm45PAFz-nkD$tA7Iylp8F7TvRDX4zpkQOJgx8JWI9CFuxdU9zTd$TTxFLhOrr7gnNs1JNox5dAHV$tvGUm3$q57-02toAufV-Fj0yykoWAJsYSMnu37TA4343iu1wESTWJ00DnCM1g1w5gXTSFh9JLLIJ+0q9"}},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nDate: Sun, 04 Jan 2026 22:38:18 GMT\r\nContent-Type: application/json\r\nContent-Length: 14\r\nConnection: keep-alive\r\nCF-RAY: 9b8e39b3e98fb4eb-OSL\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncf-chl-out: lbqRv9GM0jfjsxN1hVKEaq7Z8jUfF/YIOXROnlOdFvZ6+/7d7P3ip3O1St8TlbpOTCsP2VMNg2d2oL0PP7vz8g==$oDH9dq61topZNfUyHGES2g==\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2FckbeZsd2gBrvfVuhc9PQHVuBn3%2BA%2FyD%2FqmCCHF3NaTl53RN%2B0fJB4RiKQ0NJbPH3XBZ2M3fMdyZBscIiREKsN4oHhFsn%2BSZwih%2F1wsjmZKVBRjXoZBjmcWTGhaAgL8Qcmx9OQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=6283\u0026min_rtt=507\u0026rtt_var=10462\u0026sent=41\u0026recv=28\u0026lost=0\u0026retrans=0\u0026sent_bytes=48819\u0026recv_bytes=3835\u0026delivery_rate=36434219\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c388aee5b895e903e82a624bb011e200","sha1":"35f272c9e20b19d540385f51d8e6a3d0f3ae5131","sha256":"3a77ba941559f70e32300f869db092307592a75e6733693e985ce002239814a9","sha512":"486ad8f4e805a2547f544cdfea1eb9362a0e7721d90c01e9c03f0bd84cccfd69b4999f1096e3d68895e2e48f0a96212c9a38cf93d5afee760e3d9bbce7c05fc9","ssdeep":"","tlshash":"90600000f3f0000c00c0000c300c000c0300c0c300f300003300030c0030f00c000000","first_seen":"2024-10-11T08:37:20.57558Z","last_seen":"2026-03-15T07:01:33.819158Z","times_seen":8854,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39c09cf6b4eb","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:20.307Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39c09cf6b4eb HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=WLxpVkS_nXlQNlScpyxBXXuWMLatVSJZ.hKO3OY9Qyc-1767566300-1.0.1.1-lqKxHuJxk2r4Mj.N7CronAFOu.03_E0k6zsTm4VMZ6g\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:20 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=8VuUw9nYYXSj3Q7du0BmcUPYAZ%2FWZTSNAJuzRTWg3Hgz0hVBISsO3TO7WHbSX2aQZ%2BO5e0zl%2FRm4N%2Bw1lm6VGkwtFckqFDg5M%2BjZRIR3R5ro71yPcrjB1cOb39B1t5eFg82MnQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e39c0ee8b23eb-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=4261\u0026min_rtt=2761\u0026rtt_var=4035\u0026sent=2\u0026recv=5\u0026lost=0\u0026retrans=0\u0026sent_bytes=650\u0026recv_bytes=906\u0026delivery_rate=98096\u0026cwnd=250\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":115127,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a691fed9a41dccf09908d7afd1f5abde","sha1":"30489801cfa594a98e7081f2b1fe4c750548f451","sha256":"7f191f4007a93803fdb00f3669a47c6c9b77cc0e4629748eace8379a0f08dcce","sha512":"7c0c64c83eabd82e5fc4434a200f085a7bbecba24d9b1ed0dbd0aa4bba86994f36ffeeb5330c96c24896e7df786cf7ceba80e9b1fd93fc1ed639e70ec16b58de","ssdeep":"1536:i7mC9S48qIvOu1JkofwPav7u+KjPpu9EPTF/LCYaDxQO/z0HzCJUIleQYGJc+RE5:if9sOe0+RKTpYYwPmF","tlshash":"26b3ea8e799e7464832a70f610a779da63be6c843018892cf703d6d03cd476876b7e79","first_seen":"2026-01-04T22:39:06.358904Z","last_seen":"2026-01-04T22:39:06.358904Z","times_seen":1,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T22:38:24.685Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=2\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 04 Jan 2026 22:38:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncf-mitigated: challenge\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=56%2BUE%2BL7Df9FFM6%2BPTIYx1OG0Q8eXEO%2BaOhN4bnPQA67g5brVoxvb0UKgAnr3FcQfZtRNoWLWTMgWGG9KuLhLCs%2BeQZyq%2F0JLoWts0el%2BJCUgQ4%2Bpmu3uSvxJy7SrpL4U0KSvw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e39dc4cd923eb-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: chlray;desc=\"9b8e39dc4cd923eb\", cfL4;desc=\"?proto=TCP\u0026rtt=6523\u0026min_rtt=469\u0026rtt_var=9133\u0026sent=41\u0026recv=34\u0026lost=0\u0026retrans=0\u0026sent_bytes=49345\u0026recv_bytes=5032\u0026delivery_rate=39831715\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5360,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (5360), with no line terminators","md5":"e305c24185309ec6b3573659cafe71fc","sha1":"adf6824cf7c2ba78e2edaa4264c2b59c58ad45c9","sha256":"b92ac840e61f3e00ad6e66ae384214f47d49238336e49ba5a3eb27758ad8d4a5","sha512":"66d1e57cf0a274249ea30a5a92404d07be0d3b8af9e9add378036dd29dcb5be9c15dca2d15884cb40d3172d16bf372e8d959e928b6e740b4f20ffdcdefef26ff","ssdeep":"96:PNybXZtIEb0EFW87InFHH79O+LSdm317hMwg+kS2Yzueh8qRmw:PNadBcRO+GSPMwrkS7yHw","tlshash":"54b13bb7ba42501bd3760b5248b7b34892259215cb0280e9fce4ee1cdbeff0b9165684","first_seen":"2026-01-04T22:39:06.361281Z","last_seen":"2026-01-04T22:39:06.361281Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e39dc4cd923eb/vjuDTKK2d1gZkCMGzU1A39HQzXLOl0aWeJEn5v8MGpc-1767566304-1.2.1.1-EDvlQ8_UfRg4EvUeO54GwJ2Ovw9.s8bom2vR._IBPN8dKjBQuNTQcdG_07bVO08l","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:25.181Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e39dc4cd923eb/vjuDTKK2d1gZkCMGzU1A39HQzXLOl0aWeJEn5v8MGpc-1767566304-1.2.1.1-EDvlQ8_UfRg4EvUeO54GwJ2Ovw9.s8bom2vR._IBPN8dKjBQuNTQcdG_07bVO08l HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\ncf-chl: vjuDTKK2d1gZkCMGzU1A39HQzXLOl0aWeJEn5v8MGpc-1767566304-1.2.1.1-EDvlQ8_UfRg4EvUeO54GwJ2Ovw9.s8bom2vR._IBPN8dKjBQuNTQcdG_07bVO08l\r\ncf-chl-ra: 0\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1975\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1975,"data":"qw0LTzUG$3inD2H$QM9uI061R7+P790CTTXIYfoakz90n1-1-v8KIGV4ArltzsoY282bTAtar80+FhQ$dfxOktVP90UEICa5hPAQzvqsxbzE1msFqrbHRIhY-7OZr3GmGnG8sy6SPKYXm5wNdPTM-zb0IJsayFfvqFV3I0m7fJ+RoqiA5xVE4PIM53A65z-zn$r$fIr8TYgPx-Ihqd5UiJzMOQFIzGcyeD2i1MDKzKdCDO23gLmf5jCqM1JT84RTmF-DvQgfutgKgm9YC+A2L08CAuh8W7--QEH2RbDsPCRGPEyHGR3e4Ifxh4rTiOks38a3SJpkG9WmJpNGvhnLsvewmiP7eancb7n$DomsYCITVKmx8$oHyyCoQb8-egf$Vg$CZ3vdSMyrrSQjoXjP7nZLH6qdI9yOnzAtfTaPcJKrIMOvMk1gFRNEcmT-hFMSMr7F6f-1TweChURpds9nMXdW+zpsQeoCti75QXESRRG+yGo0E+f8cLenLQMZqTWMLeztmpizUepymZvQTDy$Q8rNnfnXNFurGIdkx0whcdLf1gd8JsUJAF6m4hUzRlEv7RmxzSNgm8FlnHuoxGLRsZUqSfV-Q$GJ74J1PSOJS5m-YhOrz$UIDMuoC04msoXudqWvhiDy52nPA-rl4ZitMgYTsMElbyx7S$VSodk1GnHemU1D4q93kK0f80jjwsLJ+xmwGnccm2IeY9zNXdx-CyJE3WP9Uh31TV2RDnFvHXNPtXKm7t-uxGmP44ahnNOmIn-F7s4q-JUrjkCnaKs+j$nRLOX2CRmEm2RJSIn6m3TCnYKIZ-3Tj+ACeGfUgApAbbfqMPDjcESek84Pq99Q1blV3V47EXZxr+lTdb9ubRw6QSQwK-1zm-Wu$h74TpELvf-0z6n2bYG$fSyC+9zpjWV5s2$OKpXciztmviULkwFYucsd1cvMnaIF1yf-NHU2Ps5wIb9ghc7mE0EG2dGh9VXsb9eQyLw6TwTVZfox-zV9i0APCugVrwxU-EtT6b4fJfetRNl8Zzdw$MRx6jzAQ5$HT-vQsz8+wWMM-hxnJqG+gtRrArwKNdIc7EnFGcvf6la+1D2hpCOZjEXCKVG-WFY1+-ExscCJQap648a0sDP5WPmc3WDXJuQcsyyzNuF7A4R-U9jgtUiL$VPOvDsu0nunCbTGMS1Ze17IvdAlqEuob43$TQsFSUwHOVzuk-roJHYtSAwgD5GsYv+LWHZ+9wP85guvxUi8o3RzaXwWmq-HqHYWzGsxWkl-y+MYIsTPzDG$P47ap2Yrhn$a1$FykZuVGkpJrURsfTgf9KJQla+njasd9AJ6ZObAZVSOQVANMA4FDV2ICdKGUw8j6zJ1xI0S5SqhCjLMxztMlijqu+wOZGG8e4f6Cc8vNxVw1659T4zJOCe3Q9JIOeDVR5W7CQQkE+GoIbn9$GphVNIL6UmkWxdTxH6mZRDCbpGp5ihEVTwCiM2$xk$yiJuuju2XpFjbq3SaO9b1DlUz$dxrC6DxHvGPxxW11e75kzOxxEqyr5e9snIojNJlATOGpwdkxZxQTOT9-iKxwW-bFwrVb9d6iRxtqQi$nJNzX-AvUczEH$f+H2hpCeFEnQUIkbhKbKPNuiOoLU0IJ6mhppv8EoW3rCawumQc3wdeVRGNZ19g$8VKSCI-KtGiAOMuZvFji0HZ9+50VZwnx5loOANsG$PJyc2ao3-7nx6-otU2grCULPqJ$0qjt-9wQWZpoWErpI9VMKQSr7fq86FLlxPjnEJ65Je$uL9AGoak4QFjyoEvfnPUNHC$6SLDl9gWTlXxoCWP5GxUN-OjnoTYeJmcS8tIJIW7NClFvnFOR-4L$N7dF6VmuIKaUXj+QamGmoNdR0oKw2xxfd9PbwARp$nzCNbGgEk$XDIS0EOd6TOqZEX$hLK7eNeaV$jhWT2-vRFeOQgEz67MLFySfEWhZFsSiVfrq5W1b9qQadR"}},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nDate: Sun, 04 Jan 2026 22:38:25 GMT\r\nContent-Type: application/json\r\nContent-Length: 14\r\nConnection: keep-alive\r\nCF-RAY: 9b8e39df5f0b35a6-OSL\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncf-chl-out: M94tnmHgdXg56gazog7OHM3s2/8BWB5Ou+obnalP8kmozQSNwYIScHF87Mnne49c16mHNNUIcbRpIvcIVNoRCA==$2c4vq3xMIvL1Z8jHGI232A==\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=M0z0lg7u9%2BB6UEbCzC0RjBwcJVhHnNiTHYhd8b87lhjsGDHsMzNtNtzQUJ6%2BuSPXkSxWuetqfxUiAdSuKdOYIoM5Qebgh5KQ5Rc6vNBYWcRE2K51OPu%2FSTa%2FD3a7M2KsQShCmw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=5461\u0026min_rtt=494\u0026rtt_var=9435\u0026sent=40\u0026recv=28\u0026lost=0\u0026retrans=0\u0026sent_bytes=48887\u0026recv_bytes=4258\u0026delivery_rate=34499659\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c388aee5b895e903e82a624bb011e200","sha1":"35f272c9e20b19d540385f51d8e6a3d0f3ae5131","sha256":"3a77ba941559f70e32300f869db092307592a75e6733693e985ce002239814a9","sha512":"486ad8f4e805a2547f544cdfea1eb9362a0e7721d90c01e9c03f0bd84cccfd69b4999f1096e3d68895e2e48f0a96212c9a38cf93d5afee760e3d9bbce7c05fc9","ssdeep":"","tlshash":"90600000f3f0000c00c0000c300c000c0300c0c300f300003300030c0030f00c000000","first_seen":"2024-10-11T08:37:20.57558Z","last_seen":"2026-03-15T07:01:33.819158Z","times_seen":8854,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:33.351Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=DbwHRd4n9tFuRafK9QCKElFdlv4I_g5GIAFa88AMPjk-1767566313-1.0.1.1-CLLUojgZY.4Kli4AcxnujLS6fXO2PdyldnTqSI8c4VQ\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=3\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:33 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAge: 15\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Uo%2FaU2wVdW%2FB5y%2FX1pGkHyJ7HUWjQBLqaRiznlLvGUWKV%2BJkKfGFFEw27mpto5HGIIrIWYWFZ435PfMZPiah5iEtfQdyUVScNWfYp4qGQPeY\"}]}\r\nCF-RAY: 9b8e3a126900a0f0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e3a119fa335a6/omT1hCXoi63Hbfp2eX7XgSc68J2_WDnYfeXetRxcdo4-1767566313-1.2.1.1-.Vb4.NRm3ZNVHtOL9I0D9cqnaOfQo9EQ7VQcFUtDBH4_8910LU.DKrjSw8jl_on1","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:33.671Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1013922527:1767565390:KASzL-7wUrLU7jsFRlfCxIDJNAyEqE8EzfvB08X7j_0/9b8e3a119fa335a6/omT1hCXoi63Hbfp2eX7XgSc68J2_WDnYfeXetRxcdo4-1767566313-1.2.1.1-.Vb4.NRm3ZNVHtOL9I0D9cqnaOfQo9EQ7VQcFUtDBH4_8910LU.DKrjSw8jl_on1 HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\ncf-chl: omT1hCXoi63Hbfp2eX7XgSc68J2_WDnYfeXetRxcdo4-1767566313-1.2.1.1-.Vb4.NRm3ZNVHtOL9I0D9cqnaOfQo9EQ7VQcFUtDBH4_8910LU.DKrjSw8jl_on1\r\ncf-chl-ra: 0\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1996\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=3\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1996,"data":"IM16ewetncku+iwACR68pkCPhoWW06bzbizVHxrOkRPFeR2H18+RIwa1SfletyhW7cLzaPpWEKAAsgZ$zDyHEXFLzDHwQl3Fgzu7EUNsgHdahnpw48Q0qJjNooeV8FokWw6V6jWA8Wgw12qUvmic0qpKbJPUhutnMAjr5SXUAkeo74LMUIP-OOa0Ei7Hg8tKjUJKsb+LMjfKAn+lxb6E6CuV4CxrQJfeCv4c9py2cQD22$tnKD4AdpOlXtfCgFl5GfOylNSU$aqCDoANqLkE$SVELWu5pC3-iu-fAts79P0ZbzK1taEYTYIWItTSz63f2I0WH2mwLGDVLq8ypRia9ypCxOAOwZA9Qf-Us$$T6jjm3csoVcR0iFPPYEErCq25TelOWKDb8jgGSxItIPbL+WauRESEyPDTiaA6f-KIpj-K11CgeA4dx1DvQqWFWbErngPLsLZGkw4hmGajjR6hT86R6IthgOyyjeqKsRqXrAJbthJLM-doAp4nXCMcVw1NJVghY5N4w$9vFH8YiMlHLw3GJWvLm-8I3oq2zKcMw$5-PrmIJ6ok7RyDQjj9atCDMf+WktnglKuKfDjhEZDIF$Ppbtue3WtHVqdFWCQnnDUDQK7adEfc61Pbthx5xZAMr6FFlyIQy+eQd2N5e9C1z-xEatH3XU4ilCXFQ6VVzmhX1RCRPoHdVKh4IqTfdMvNm1bl$cJbD7ECFImw2li3MrW$RPLEUg6Lfq1m$kcVr2h4QaMIES7KFqZ06IaAQ7mAzVMPrlt3TbjNSWW6R8L1-WRowt+1MSV-$2X1qEpJ8eaY5QsIe2MRuJdFv5mftsQbSyy8lWTV7sGpbQ4tC6jq4xXN-juQNKzA6Eu0wvCm8rxm7Pjmxm5Rret$SNDMHd5ey0Ed83HU89YD$TmpWxR$V61WS6sdcj1DFe+QCVGHR0trtNfXXtmWfr+uDLuRJ$hgCLzAG2IOu3UnWrlFxAzJs9M5f+wYhslD7Q9aRwAs161g21yVgLy7A670u0owlTaPiLtGDeJphHycgjXWH7FdMQJH5dV$KCG6F7lRQ42JCJ-lW4nyiejlk2OWfZFzDnbxu4Jk4swmqTJPA$uZ-4ALZjcD-+pRuGGyHbcgtYVdS-IIM+2Rq5Ei6hr5m+GUXYC21hFmh9LzkU64Ten8DD2txHJF3cqQblQuryrpC9UN2i7JzRQ0wYHH5bqw7$0NoN$IrQJSQZ6h8ie0Dhr3o$dXROk6Eh+zFS5ze2uFktLSG-encRH6+Nc7zW5CK666AkD0lhXfbSal1pOV4lj0H60Km2rR6UHEdv$us8zPFZWtG$6Sv2f-jqiKcZ5WoYcJ0YOmoDbXhGWzGEP03Zr-MqUcRGTemGf48D+PU27NK-DWk0evh1LL7PejlL6NvHhanjIazo6fDDqY18nAjgxEzDop63+Tj9WuA6x5krp2tWmIay+9rHWoTe0$TtOiYhVms$2kpErKhH1DaXih9MhN2Jm9jbj3NJvy4$3kQDpxbRnt$Plw5w-XpoIHc269K5eLM+R-9$RDCXLls0hRx+KSe3yEQPmTMe8Z09c2gaaOivd3R5IWEiu4LXFczkoHvoR0Eyz74iyLPNvMzLWXIc-GPI+S6i1SJ2qFJ7cml+v5rqddf0w03W2lx6$mP4NPZJckJLMf9GueEGL8U72ppK5osNuQu1cApKxS-G4tWC3OZxdKcVHo7DGkIVyzgeCXqHrxHAjDoTUPXiw77aG5nGrCy4ZeYwp9yRKAzI5+X$7wqQ9jIxsz+K67hr-GiHXIbHQpkS-bmx-xtM0Xe0M1OTe4h47yywZHPILe8rT7Hd50ApIj9Q86VSt5ZN+R5ZbFH2C54Zaj37Vka+4PqzfAfRripE-NtY+zCZ76FApGCjUAdbUF+Hqsgm0dPJF-qI1XAJd0hjkeQcUle9tFeKeLfftSMPduLSVjYd$xXeEqfIL6kgWnI5zlVR3zCcufHLoAke4gvgtb0zZhN2IF2MHR"}},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nDate: Sun, 04 Jan 2026 22:38:33 GMT\r\nContent-Type: application/json\r\nContent-Length: 14\r\nConnection: keep-alive\r\nCF-RAY: 9b8e3a146d22a0f0-OSL\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncf-chl-out: jPz8Kjyn8QW1xgHm2eZF+Fi6jQuRJmusIGl35kwbmVXZBF1VLYg+cFRc4pGeR/OVTDOmz4GYXIkc/+250GsIQw==$g0F++JcOcIk0G53+EeUM/w==\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=JzPdoz5WRQCSuwnHC0L%2F7zScXHx%2F0gske2qtb8cVg2ruR2AeuQ2Y9XiN99vlPdiI07rJzAy3cY6IOU7PL5tabJ1antvGrv7rBA4HCycdBwkk0xzPwBTn%2FBok9nZDWmBy5RhDcQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=11182\u0026min_rtt=546\u0026rtt_var=18121\u0026sent=37\u0026recv=26\u0026lost=0\u0026retrans=0\u0026sent_bytes=48321\u0026recv_bytes=4279\u0026delivery_rate=33049928\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c388aee5b895e903e82a624bb011e200","sha1":"35f272c9e20b19d540385f51d8e6a3d0f3ae5131","sha256":"3a77ba941559f70e32300f869db092307592a75e6733693e985ce002239814a9","sha512":"486ad8f4e805a2547f544cdfea1eb9362a0e7721d90c01e9c03f0bd84cccfd69b4999f1096e3d68895e2e48f0a96212c9a38cf93d5afee760e3d9bbce7c05fc9","ssdeep":"","tlshash":"90600000f3f0000c00c0000c300c000c0300c0c300f300003300030c0030f00c000000","first_seen":"2024-10-11T08:37:20.57558Z","last_seen":"2026-03-15T07:01:33.819158Z","times_seen":8854,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"104.21.49.73","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T22:38:17.693Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 04 Jan 2026 22:38:17 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncf-mitigated: challenge\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=mFSaoiFQ9VLFY%2FNGpZBIduW6ovuefcbBa9fwDzfIEYFoUUBX5EeOpJwdS5JVeHuN1v3lQUrP3gPk0nEcod2q0VqaK%2BkoD6EMUgCHIgJu%2B2PNyiMc4sSD7Rl%2FBQPCFxvgpu1p0w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e39b088a9a0f0-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: chlray;desc=\"9b8e39b088a9a0f0\", cfL4;desc=\"?proto=TCP\u0026rtt=572\u0026min_rtt=572\u0026rtt_var=286\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=402\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5318,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (5318), with no line terminators","md5":"5f8f8aa946de276080ebe858911b91e3","sha1":"1d3d6bdfd4e3410e2ff4f7143ad8ded262b3ab38","sha256":"1de8c47b9ebdae21ab8d73e34cf28bddcf27d345748e2996a4a61ef4c817bfc1","sha512":"98466ce3b78154e08bd64874ce3dcf75fdb35b7652558d27fca631d4da708e08e638aab72e30b62929674213dfa2ef276368b4fa5adb62fe0eba82383a3d9661","ssdeep":"96:PNybXZtIEb0EFW87IK6MAp4AYr06FfQhw6yYzueh8jmw:PNadBn6Maur06FQfygw","tlshash":"08b119fbe502a02fa3ba16a3087777544120e9159b0ad168f0e1d95ca7eff2bc900199","first_seen":"2026-01-04T22:39:06.364668Z","last_seen":"2026-01-04T22:39:06.364668Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39b088a9a0f0","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:17.899Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39b088a9a0f0 HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=iLgC.jhQbvhYTlQIb9WNgiwahwrLcZuZ5XQFz2FFDvs-1767566297-1.0.1.1-XC_ua9TK51n84e2xeWvgs3UDUsX7_geqVDMb0p5moTE\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:17 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ykcsl61eH77DEh1M%2Bax525lVenVOwPtzSg3wOncI24T1AeUxolMNz4ajMbnFxEU5uZn25iuDUGaWKmVCEsechKlbCquhrK9vyP9BOBpPjXI2uWC063zclId7JTaDsfT%2F69mHcg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e39b1dfa4b4eb-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=507\u0026min_rtt=507\u0026rtt_var=253\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=523\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":118479,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c58f0f799b94752d37d11c294aa84d5f","sha1":"fdf4989f0dcd8a64c0d1fb6b168efb1a1de85a3f","sha256":"787c356c2fc4aa857b975f56f904aaceb12f47606606ad2ee7e266da8e6b8af7","sha512":"88f1f5e91c9f13c63224f1f82e4279f9d975ef164a57292ace901ac6f894d3096c49f5ffc47717474874dcb6fba4972e1c1e5bdd5a05d43eaafdb5e34a562553","ssdeep":"1536:iMcTAQ0sqgnrRdd5cSQRfdilEBhY9uACwNiZXGDO6JktAvonW1D3VIYtZ5mMfPJD:iMcUjs1ndPa2y7Adl3xnecdqo","tlshash":"dec3e88eb5da74955269b0b140ab79ca637e6c4430188d6df313d9e03ce4328b6b7e7c","first_seen":"2026-01-04T22:39:06.366538Z","last_seen":"2026-01-04T22:39:06.366538Z","times_seen":1,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":30,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:18.052Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAge: 0\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N89dm%2Bxjo1XsCfPHDGPWVQCbO1NAtwjUk8Pp5xOWZcbMA2vRbXDSQuY7XxdTkMyEKtrjZWboIJJ9i%2FwsPdySwP6dlbBOBoa0c2K%2BmdoLem%2FU\"}]}\r\nCF-RAY: 9b8e39b2deb323eb-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":6,"dns":2,"connect":6,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:20.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Dec 2025 19:12:58 GMT","end":"Sat, 21 Mar 2026 20:12:54 GMT"},"fingerprint":{"sha1":"DA:45:58:DD:B7:34:05:65:E2:26:69:9C:69:2A:91:C3:DB:C6:80:5E","sha256":"BE:E0:7F:BA:DB:DB:66:EA:EC:1A:A8:D1:E5:7F:8C:DE:5B:EF:55:8F:52:90:0D:D5:42:CE:5D:A6:B4:21:39:FB"}}},"request":{"raw":"GET /turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 22:38:20 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\nlast-modified: Fri, 12 Dec 2025 11:56:37 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nset-cookie: _cfuvid=RaLLfEQEvGmEPQQfuz0vaa1RkRo.QVI6wZYNELqZHDI-1767566300422-0.0.1.1-604800000; path=/; domain=.challenges.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 9b8e39c19abdb4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50001,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (50000)","md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39dc4cd923eb","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:24.775Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e39dc4cd923eb HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=TadEUiK_rcGDpHe7HeVUyqRP2sbo3.sD1PinQZ0vKe8-1767566304-1.0.1.1-6SJEv8t2anyb623jsPEZwTZErX.sGknkKySiBLrhoc0\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:24 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Rpmu2Y0RhgAPCQku0BnWuACrh00RSNi9HX2OZmQMODDVbeQnI%2BUu6fnMnObllfwGNzfTQGH7NMM2gXCowOuZ0NnFkDVLfxU%2F1nF9HkyOuIfs05SYUr5%2BS2c3RZnGyNBrHDw62g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e39dcdabf35a6-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=595\u0026min_rtt=595\u0026rtt_var=297\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=547\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":117290,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"90873a559235ea4347148ec07a459130","sha1":"8e38ef05c158d14cfa9960f81f9e538419ee52a8","sha256":"233f05bbd0649c28224351f6b07f0bce2c91d044314604bdbb82360bc97f75d4","sha512":"404cf0d023d66560586b6a944c562714d362729819bf45e1aa6b591fc4b4669d2e6f062b071e8f5e8b8576c134ca09ffc7723aad8e45f7a82483391951ee1141","ssdeep":"1536:iB5RGlj2LlTVDXXeSaVYFqjXxEy1jZj2SCtk/mOglJkOxxvxgdv:iB58j2LR5XhaVh1jZjpCtlOg6","tlshash":"92b3d8ceb9db7455437970a600ab79ca63ee6c8420188e1df31295d07ce0768ba67f7c","first_seen":"2026-01-04T22:39:06.367764Z","last_seen":"2026-01-04T22:39:06.367764Z","times_seen":1,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":4,"dns":6,"connect":1,"send":0,"wait":25,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T22:38:20.258Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=1\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 04 Jan 2026 22:38:20 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncf-mitigated: challenge\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Ko6sMVNNDnRWnW8mvCNJYhNPDv6son8eRgiSZK5to3Qb4RLiIGkLnKaHrcvwhIMy07lc6tZko2ZJeXIJ94Kuq4qtH86F5Vecpdfvgq3X%2Br3uAyZ1y80LHySgb1r3PSwtF9kFsg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e39c09cf6b4eb-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: chlray;desc=\"9b8e39c09cf6b4eb\", cfL4;desc=\"?proto=TCP\u0026rtt=5564\u0026min_rtt=507\u0026rtt_var=9285\u0026sent=42\u0026recv=30\u0026lost=0\u0026retrans=0\u0026sent_bytes=49833\u0026recv_bytes=4261\u0026delivery_rate=36434219\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5339,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (5339), with no line terminators","md5":"9d1580aa2896d7f850a550ff586b0868","sha1":"d906939c65b2806d1fafc49b15614c8646301553","sha256":"f7d33fd2aa0e9121e17867b96dc44aea1a3b0696b87fb8391662e6263569eccd","sha512":"91bd66dfac514f66468e15eab24e34513f9fba05affdf0ca83033c4a8a88189123e509792d4cfeddc838b450d5816b947c5bf0f6df81395e1eb175ed8c505092","ssdeep":"96:PNybXZtIEb0EFW87Irf75M8snum2lNz8/Yzueh8tmw:PNadBaf742X8wyOw","tlshash":"cdb13bf7f1031023d3b51bf14037b718a210e691ea0aa554f593edccd2eef2a865958c","first_seen":"2026-01-04T22:39:06.369161Z","last_seen":"2026-01-04T22:39:06.369161Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:20.354Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=WLxpVkS_nXlQNlScpyxBXXuWMLatVSJZ.hKO3OY9Qyc-1767566300-1.0.1.1-lqKxHuJxk2r4Mj.N7CronAFOu.03_E0k6zsTm4VMZ6g\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:20 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAge: 2\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YBma90xFZsW9NgD3FnAM3C4A%2FpF1%2Fukn8nVOJotYTLY458iaHqg%2BrTsV91kKOf0vkiTnfLNNvkMUUGjwoc0UeDt59VLnVn14djQKZHosPi2o\"}]}\r\nCF-RAY: 9b8e39c10ee523eb-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:20.413Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:20 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAge: 2\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N81pHOyUQS0lW11zOwdt%2BK0IoZebNeIZb7AhjENPK0QXnXJymTK7uzAJWYYatJCUPQVBqLbCSWEZYt7W%2B5noObwhutUYjqqXY11vZUKFyuTD\"}]}\r\nCF-RAY: 9b8e39c18fe423eb-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:24.824Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=TadEUiK_rcGDpHe7HeVUyqRP2sbo3.sD1PinQZ0vKe8-1767566304-1.0.1.1-6SJEv8t2anyb623jsPEZwTZErX.sGknkKySiBLrhoc0\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:24 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAge: 6\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7JZ8X9rslAqJMu8bPiIEYIjLaxVDBnAI%2FstFAR5xnflwtTr4PEc4thctyZ4oaNrAkeqjJY2hDNPlfTR71XQAr%2F5DKxcpkwOFo1mOG%2Bl58GRB\"}]}\r\nCF-RAY: 9b8e39dd1b4635a6-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e3a119fa335a6","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:33.307Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9b8e3a119fa335a6 HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/?__cf_chl_rt_tk=DbwHRd4n9tFuRafK9QCKElFdlv4I_g5GIAFa88AMPjk-1767566313-1.0.1.1-CLLUojgZY.4Kli4AcxnujLS6fXO2PdyldnTqSI8c4VQ\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=3\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:33 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=r91T7joajhWorfKQXp3%2BI05TTNIo4jGedB8xm4Am6YxYjitCaFShRgpzEKmUTD2EE5Bc3Zac%2BK1SpduRL1pn7uNrmEj3%2FXmLwQkI1kQLhrssBtFM8gg7PuJLXNkX%2FC5MBlsZMg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b8e3a12287ba0f0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=546\u0026min_rtt=546\u0026rtt_var=273\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=547\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":115671,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"97affa698dadc62e219326890e9a828c","sha1":"aafc150f6664c8f613504b943fd27ef9b652e8dc","sha256":"45d263b30745e564e5d3ba6e75862f3b56a173b9a11850683dcfc82b344ef983","sha512":"169fa9253c46ab3eb20abf68a379e1587cb189b0378f2bd12a13185b3b46803678189d183d0f40cb4ed665c51fd5f6b8572944e119fddd5eab27a46c9bd9e4c4","ssdeep":"1536:iD5j3Od1s5SfvF57kZ826WmaFmZDGFIZCKhT6TiQI9/kxRahZu99XBJkr:iD5jOfs5SH7yjkEFIZ/QYWahs9u","tlshash":"38b3fa8d75de7455827a70a500ab7aca23bd6c8430188d2cf71395e43cd4778b7abeb8","first_seen":"2026-01-04T22:39:06.370433Z","last_seen":"2026-01-04T22:39:06.370433Z","times_seen":1,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":2,"dns":2,"connect":2,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"rutor.dirproxy.me/favicon.ico","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"172.67.160.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:33.397Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://rutor.dirproxy.me/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_chl_rc_ni=3\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 04 Jan 2026 22:38:33 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nAge: 15\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 04 Jan 2026 22:38:18 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kJPX44Q4KyvIl8cOKpACX36P0llVwLqxXZBDElvIUSz%2BdH3WdUMkxezsqsy%2BZkU9WdKEtj6e%2FZT3Oz0Xwbz%2Fh8sMaEKAXaBsUYwFwUarFlUh\"}]}\r\nCF-RAY: 9b8e3a12a990a0f0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://rutor.dirproxy.me/","date":"2026-01-04T22:38:33.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 21 Dec 2025 19:12:58 GMT","end":"Sat, 21 Mar 2026 20:12:54 GMT"},"fingerprint":{"sha1":"DA:45:58:DD:B7:34:05:65:E2:26:69:9C:69:2A:91:C3:DB:C6:80:5E","sha256":"BE:E0:7F:BA:DB:DB:66:EA:EC:1A:A8:D1:E5:7F:8C:DE:5B:EF:55:8F:52:90:0D:D5:42:CE:5D:A6:B4:21:39:FB"}}},"request":{"raw":"GET /turnstile/v0/g/d39f91d70ce1/api.js?onload=REiSI4\u0026render=explicit HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://rutor.dirproxy.me\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 04 Jan 2026 22:38:33 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\nlast-modified: Fri, 12 Dec 2025 11:56:37 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\nset-cookie: _cfuvid=GCYHgSmkrPccH5dONxD1TGauogfrpdupRZ56szCBqdQ-1767566313399-0.0.1.1-604800000; path=/; domain=.challenges.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 9b8e3a12b9f51a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50001,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (50000)","md5":"dd141df1db41d439d7706c298a369a4c","sha1":"a80c5f6a6fec4acbc3d6d81b9865287b0dd705ea","sha256":"46a2126ccb16841040f55934627c444b0eb965e51f2a7ea90e24e504a56eb56c","sha512":"d2587c387339467aad182f239d9609aa3ec097709e4bef2547cfa5bd2a662bb469bd3cedba19a062021f35b7fd8b6a22d28e9325912e70c491b77ae8ca70a539","ssdeep":"768:2ZCnhL0z2vMpjLUU6mLU10SLgC2GdJj2sg0D5THPN5HKpXEAsG91C+8APDfhv6Yg:2wQ2UpjLUU6mLB22uJd1HAsse","tlshash":"50232a583166397227d980e4617b63437329753ae94ccc50e823d936277cecad237bba","first_seen":"2025-12-16T18:08:49.681876Z","last_seen":"2026-03-22T10:55:38.115758Z","times_seen":22970,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rutor.dirproxy.me/","fqdn":"rutor.dirproxy.me","domain":"dirproxy.me","tld":"me"},"ip":{"addr":"104.21.49.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T22:38:17.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dirproxy.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 20:32:55 GMT","end":"Mon, 23 Feb 2026 21:31:37 GMT"},"fingerprint":{"sha1":"97:2E:95:99:D2:BD:4F:4C:E8:EB:3C:47:86:E3:26:A2:BD:0F:3D:00","sha256":"EF:A7:0E:DD:2C:F0:C0:FF:85:DC:61:0E:C6:F0:4E:17:30:81:30:1C:1B:20:81:29:73:FB:5F:13:7B:98:1B:C1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rutor.dirproxy.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sun, 04 Jan 2026 22:38:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncf-mitigated: challenge\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yvBmF3tNnrSCmWaCyIJXcgT5gxbto9ysoZ%2Flmtli%2FYgjXAYDY6MHUEBDCWWQU%2F8euod0fT8cSOhe1t4HsYns69iBCE6yTpRq8D76ExAVVDOTUsCXQVsnT3AdcKOaHUELGDjSDA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9b8e39ae5af34c11-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: chlray;desc=\"9b8e39ae5af34c11\", cfL4;desc=\"?proto=TCP\u0026rtt=521\u0026min_rtt=484\u0026rtt_var=121\u0026sent=6\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=3196\u0026recv_bytes=1127\u0026delivery_rate=7215946\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=60bb4fe125fae73d\u0026ts=32\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7174,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (7174), with no line terminators","md5":"260bcd0324913c3cc56cbc57671336f8","sha1":"45c3a394bf3e76ad85cd0ad52dbf747ad0a40dc0","sha256":"3219d609afaec501f71f17d68f20ee013a254a7545486abb041f83006c806b1e","sha512":"459301c0469676a2b795fb3c8523ce749c262016a600929e918db68d69c0d5c56d11644d8052e561458f8a2d33228684f0aab223aceb6b78d5ffaa70d952b120","ssdeep":"192:PNadBTL8tLpoJE7FQf8ojKhLVx2rAE3DSySLOw:0moO7+UojKdarAE3Dhw","tlshash":"dde18db79a611057e3be23f391b3b3145301f954970a945debb4c90de3ebe1bc216141","first_seen":"2026-01-04T22:39:06.371764Z","last_seen":"2026-01-04T22:39:06.371764Z","times_seen":1,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":18,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"rutor.dirproxy.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}