{"report_id":"76a0a643-6f56-4d4a-ba95-56d6a330ac0f","version":6,"status":"done","tags":[],"date":"2026-04-04T12:19:08Z","url":{"schema":"http","addr":"mushroom.skin","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":0,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"title":"MUSH","dom":{"size":31635,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5037)","md5":"343822c0e280f2449effaf0224273c2a","sha1":"5a7766c42b0d92baa2e99daf2bce236199bf116e","sha256":"bdb3379e2bfceda2ad572c1698cf6193d175e4252c2b5603cd06c159e544689d","sha512":"bec57f00b4d7875f24756ff7fe42009b88f97cdfa8077079eaf2a41cf9ca55f636f8d1b7125d4f5593117d3555b6b2226230c9deb83e2fc53ceeb9fa316e3bbf","ssdeep":"384:69kF9QBnrYqPbxiZUOP1ChJYXeB353kbMkAozoCmC:69kFGBnMqPbxNuChJYuB353kb9vzoC9","tlshash":"26e2193ab501cd26b417bdaa6a76ee7e6accc527c3168c2873dcc5405f4acf48b97840","dom_hash":"domhash9f09d5a67f5b2a7ad86a4cbd37c6a8d2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mushroom.skin","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":0,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-09T12:19:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"mushroom.skin","ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2026-03-27","domain_rank":0,"first_seen":"2026-04-04T12:19:09.557728Z","last_seen":"2026-04-04T12:19:09.557728Z","alert_count":27,"request_count":27,"received_data":1680054,"sent_data":11618,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mushroom.skin/1813f1100135b132.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"2626bd593858ee1dccffc08769b6cb03","sha1":"397eeaa8e1edca1040d01a83af65c8204f0171ec","sha256":"1402203b4cd5c048d426cd592910689bea1071b96d0ceac2c6079cd07dc6af97","sha512":"cc6f0141cdb4f60fdc57418c6b45d71e6595b429dbcbbe4a9c47261654d081bf70502dc638d6de24dcdba444322387b63b1c825db963af592371595b9caeee22","ssdeep":"384:bHr+OceouUTwUZLd2MmHMJSvu9kebij3CzaFbbo2tRctY:bLZ2VEy4HM2uagiDCzaZXtRcO","tlshash":"28a2f95b2311bb3163de62ddd10b4205b33b92a05341002cf5bc6dea75a4975a2f7bbe","size":21931,"data":"","first_seen":"2026-04-04T12:19:17.484444Z","last_seen":"2026-04-04T12:19:17.484444Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"62c2fcdb53bd67b37520dfd4ab3f3e5f","sha1":"4aacdaecd9448a0e155be31d1ab56050dacfc0eb","sha256":"2aa15c8a77d1eb5c23e61509404af6de9ea6b4bfccdeeb22da5bf0e8ad50a2f3","sha512":"c8f241a9c3736e0184a3bc1e089bbdc200b47dfd4d37cf47ef5ce736fd179f5f4e535a09e99b64ce33826d482b43971d52fb441bd4a0cb34b7fb1efc0cc8a97c","ssdeep":"","tlshash":"0c9002b0b0824c18801604467835500a6e6d040c019802000331809894121048e10dce","size":47,"data":"","first_seen":"2023-11-26T18:48:23Z","last_seen":"2026-04-04T12:19:17.51363Z","times_seen":91,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/4e2541f1f095bad1.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6c2094db79e7131e3fa349dd1581b0","sha1":"85d144111f1a8e277b232f9141180ea1dd70e270","sha256":"f4ffeef9588355c1d2e2a6fd986e66b452dfbbfba569016f4bd8d3791897d799","sha512":"4c66c2dc569ed8af84d5a0f945c4074a54fc2c3688d9c963f6d2f130e4e3ff9d9f6861554c7b6cf013a388dc80f8fde4b64cf43816ce56512db3c430b27d91ad","ssdeep":"384:735S75Bq9E0m1YmRDQ0cJ3tn79Fg/Sg8qWtOPSNsbU:D5S9BX0ZMUx6bU","tlshash":"79d2d8717395f9a352db85d9d03a0015f2290d3530ae24b0b395dcef368dc89a1fafa5","size":30717,"data":"","first_seen":"2026-02-19T03:13:48.113085Z","last_seen":"2026-04-04T12:19:17.494314Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/ff1a16fafef87110.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"5458632ee5cb3da028baebb11d5f70dd","sha1":"57e264834d3635e52fbbd3d93135842c09ce8525","sha256":"e9786b1305894e4119bb9811a816dac9cf576755596dd989ee15b455749fc35e","sha512":"28ae4e3a3828f99d64b7d4bfc7238d56c9ad910ce267dcb6c01e53be00c88f8a7f024640680d2bd66240a9972322744ee9147883a12ff8c92717c27ebb3fef50","ssdeep":"","tlshash":"63d02b702150f8d84086a4cc8836424bf52928b262fe3895d7ae8cb16174f0c51e1e55","size":282,"data":"","first_seen":"2025-08-20T23:30:20.185011Z","last_seen":"2026-04-04T22:20:38.929283Z","times_seen":15326,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"c58841d2eb21c72cef50efa86be5c7c8","sha1":"17eb7de8e0d512e675c24a1154add0c21cbf9f69","sha256":"be15e8210b5dab9996775be15535c78a52b4fbc9f7c15297dc89e8a330ccfa7d","sha512":"37d70c30d418904d1722488d0c4490e1167143322e0e93419ea405f9df3b7777aeba1fe1f26b2bc893557f65c99918e341bd8548d5d6b2f7870abf6f3718bd7b","ssdeep":"","tlshash":"7e41d246f81fec807ca1ed5f112b0f3ad4e8ec7ad0351868b69eda8945b19360388887","size":2376,"data":"","first_seen":"2026-04-04T12:19:17.51427Z","last_seen":"2026-04-04T12:19:17.51427Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"d7a62e970c1015e7847e6b02f7d8f6fd","sha1":"8b4d7ff2af9a5f4b370937b966ded76dcd350439","sha256":"33e1e73cc210acacfe66f05a64fd9479e2ee8052e0c9d274649b7446235a989b","sha512":"826246f3a957837591449b1e53c4a8f4f7ae6024a65cb30f68677217396c045339f92de24e0f0b2d9fbde5ed6e2344ca6efd3259eba9986e3b9d888eb3bf144c","ssdeep":"96:LDu8dTjnNjGxLKZS7cg1xqzc/xmWSMMLl:HrBCxLmngnqzcpmL","tlshash":"84a101797405de0afc5e3d69217e9e3a10cdc57b83d4ceb886dcce0506820ba67d29c0","size":5017,"data":"","first_seen":"2026-04-04T12:19:17.515415Z","last_seen":"2026-04-04T12:19:17.515415Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/turbopack-a14827f4fd7202be.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"df40746f3c83f9431a1b89146350ac5d","sha1":"58310f244d26a1e1eb0d9615febc21716d93413c","sha256":"b72d5d606c2a329e06e66b916da1824583358c96cfbc8b5cd8ba5e4fc37fa163","sha512":"7e5f15ff5a3285f3a59fa0f27352f01663d38333d5ac44602731eb5e0097af480422f04c3f52f0b72618b5bd0defaadea8426827c19ca6b2a86d5df1c7bcb016","ssdeep":"192:bWTzl08/EsUnU91EGdoFNplHda6Mh6CW9xocxkUk1MsiyLxZ:bWTzv1IblHA27roQHyLxZ","tlshash":"3722e8da33aaf077436f90e6907f4044f17954a8145d542c93ace8fa38398ae49e3f67","size":10689,"data":"","first_seen":"2026-04-04T12:19:17.512024Z","last_seen":"2026-04-04T12:19:17.512024Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"8bf5900c3bef64862ac9050869556a7f","sha1":"99da3e8618add03ae049314881560dce410fb09e","sha256":"0c5a941a548c0abe2ed886e52eefd932d745a73f109caf763d327c16f20733a2","sha512":"0356f719689a2241868ff5d8b84731fe27228b6f8dbf0a5cca5f5e5c9e79d40c371208dd210f1a32f0d1ac8900cfebe21848e36813aba76c23bafce493686a65","ssdeep":"","tlshash":"60c08090cc42cc2dd7665f261c3a1c7621dcc57407455546ddc5d9281985b3105b4d89","size":178,"data":"","first_seen":"2026-04-04T12:19:17.516865Z","last_seen":"2026-04-04T12:19:17.516865Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/d7674df198973d92.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1a0948e73bc4452a0810dbcc931696f","sha1":"c595ba705cb992a141235a3f4cea4bc47833e518","sha256":"0997624e51f45c3679b99945e99ab1ba6e5f37e37e0786cdf983f4482af95acc","sha512":"cc36b3fd2bc3cefa42f7296e66a09b7ead60492849b89787502039d3743269da22baac80af055fc644a600c8b33e3cc24230a5a39c278953e4ed94785a8578f6","ssdeep":"6144:NRT1VEfZfvZFpsZwoRvoZQYBYTlSYM3FcyCfzs4bFb:SvZFub","tlshash":"2f140ad5b3b3b42246d695a184361402f37c6a1eb81d402cb7695edf6998d08fb3bf31","size":198267,"data":"","first_seen":"2026-04-04T12:19:17.50273Z","last_seen":"2026-04-04T12:19:17.50273Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/dca0b8380e191671.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"47742b30f39a816143de6e87fe3f7ab2","sha1":"9517442154233890b02dd81953dad83cf9eb416b","sha256":"2b7ccb8c4d93428bdc751d54bc1f50d94dc15b292ca4d3fdb2eeedf24bfdbecb","sha512":"a27fcfff04dc8c35afd7312141e1104ce7cf42c93191c5b001cafcf8e3fc693c5279f06c76965479b8bf5d384bd92738f5caf08a4e87ed27646b89b6ec7c6dd5","ssdeep":"192:c1XhQlvPbS4esLWNndfDUOshdputu8I61Nceg/68uErTtlz8iZhAEH2CJHlcPHg6:qXhIvPbSlnLNDcH68DtBZCEW6G5","tlshash":"a882d729b141bdaca67b05a4b51fc00db13faa8cde0f9c7cb2bc685a1b148d4b5437d9","size":18021,"data":"","first_seen":"2026-04-04T12:19:17.485636Z","last_seen":"2026-04-04T12:19:17.485636Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/b16c042e24f978e8.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"8129390fe67f25338e99cfde110b325f","sha1":"e21217a0da4489be8929039ec5f4e88168f06bf5","sha256":"62aea57ac4dec68db3551027d2ccab823d800d7a6d29b6e42abc7119e8c2c75a","sha512":"5f0e92ae8af7cd923cf558356ddc3422a39a3e5d0c22f43fba2490c015bd7df3bd601adb104f00f95bb4b8aaff12065a47726e3c2c95592a736956f0109cf084","ssdeep":"192:TMQl9Q84OONbQhU6jEQb93OktgAwiKaE5kHYbi5LzdQC12e6eQ6ilj2prEQjgEzA:TO7vBufpOkzZCYY0zdQC12edZdA","tlshash":"b882d5ad7195f4921fa364a4803f500bf2392db6286d90a0e3a2dcf5b9f415ed133f5a","size":19073,"data":"","first_seen":"2026-04-04T12:19:17.487797Z","last_seen":"2026-04-04T12:19:17.487797Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"738ee708597c6c81169104716bf1aef3","sha1":"9f18296c133e50b559868a7f18b8a9218f318e64","sha256":"5aa6c9a4fecc7ad84afab32d2872bc01d3f99791afc200c0e7901a34f54a22a8","sha512":"6184df15f09a711d8e21d0d3ffe3173a344758d81e72085a661bdbc41adf431ce779a866d8ba374e8ff1a05045a65e6fad9f984bfda0e5edb13f865b13c8689c","ssdeep":"","tlshash":"9c318db2bd1ddc05d786ae0c183e3cf860ccc7e68695a45ba2ccdd288097d745ae1662","size":1743,"data":"","first_seen":"2026-04-04T12:19:17.518Z","last_seen":"2026-04-04T12:19:17.518Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/393d37358f6a00f0.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"1efe9dd908ca1a4231cfe05ca4c969ee","sha1":"e78a2c19aa27fb9485e6e1e88a874a3a821e5d28","sha256":"62fafc528548faa0bc263eb02dd81d8e93759a9544d88800b3fb383a724b8484","sha512":"28f2e65af40ef8e95395091a9bc109dbf3351b8a0d0c5f1aab2e399d5d32a98fd3edc4217075f62e6f02cdd6fcf6597f266fd412f655f39b32b0e79b47cd973d","ssdeep":"1536:uh+XvP+gDnoSTM9OdfNc7ZzOpDKCHT7qZTbIgBuHAi9SdMesPjmM/jj:fDeSpb0XdUjmM/jj","tlshash":"7ac309e67351b565c3cb5199c4af0701b33a59e8241a403cb7bde8cb286094d62fbf7a","size":126072,"data":"","first_seen":"2026-04-04T12:19:17.492978Z","last_seen":"2026-04-04T12:19:17.492978Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/249261e921aeebba.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ccec8f4ceebb4a59bc7aabd9d1921a7","sha1":"d212b2733c9fa758d19ac932b0250b906895d296","sha256":"7961aca892de681b29e57241a0ce9228f757707798eab660b1802fcde0f720dc","sha512":"42afa10d006f612b6336a2949db580e302cbe08cdc7d281dca9e4f147b9eddff8232eb21bbcdc07b58fc624b3ca900be6336debc2abc20f3e6388d376a0dd970","ssdeep":"3072:YYzzSSScmKPyGoi8xP3ciNgZTjymL6yXtJfA:YYvSSScm6ZZnfrXtJfA","tlshash":"aa241be83995f6626eb302a710af1803733c252b280d4d60a251fdddb57845eb17bf9e","size":223561,"data":"","first_seen":"2025-12-31T07:10:51.651915Z","last_seen":"2026-04-04T12:19:17.491865Z","times_seen":240,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/aa0a7c5c022cbeb9.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e79b1926473efc64178602f8682d563","sha1":"4c36c924f6467d150d457037eeaade15fac4095d","sha256":"a32cfbfeb00a7e262808bf7665f4cdd076d8fc1fe6321b0be01c97c9d7692bd9","sha512":"9d0faffcfdcc2b33d949a535dcbb42a6dbae9ceafde2fd8a51c9757f6a9b9f6ab07d2f600d0312fb4017b770c47731afa5c833ed8104186c167ffaf30999403b","ssdeep":"384:SjpjDvCaRAzb0mUYTOVF35o59D5qgg9BkECoeZoPUR+2lwQmbnxxtw6ZR:BIPr3K9D5qgg9evXZoPUPorH","tlshash":"d803b6b672d4f9a2139340e0843b2017f2290c76116d7570a7e4ccebb6588dda6bbfd9","size":38924,"data":"","first_seen":"2025-12-28T17:37:42.733635Z","last_seen":"2026-04-04T16:37:51.980545Z","times_seen":143,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/d9b30c50ac450e3a.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7b120a1e9ee8a16b1c683c7c19d6f3c","sha1":"3a646dc5864ce04c72739f4ebb9733f1db254e92","sha256":"3f398a5f7218b7c6e8c6d038024a5ccaedfdb92b782c5d86c1f5e5500f35a9bd","sha512":"a6b5a2320faff41de6e4dc0c4fbcf59e81dec07e7ae015fe2d6a927e77c85f6b0395236f6bde98accfd0918a379cd8f3e437554fe88fd33da4973b3adb6b3ec1","ssdeep":"1536:dQ+JHdrBQVCzoR7IjUbztZlX8tsmZu/gziB+uI9vi:J8CEGjU1Z6sydW+uJ","tlshash":"a9c308f935d5f48207ab40a6c03f0006f32c4d77189e68a0a3e5ddda756499de1b3faa","size":118416,"data":"","first_seen":"2025-12-29T09:23:49.774749Z","last_seen":"2026-04-04T12:19:17.508241Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/bdb138a6091631dd.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"aea3f5212e4472df3b4dc2f6ffd4decd","sha1":"efeb13788248b1c888b77d6c7f2b08f9968a1c35","sha256":"e03693dedc120d13fc32d8f7961c209e0142cf98169a0747a897b96c78d23dff","sha512":"8faa3cc04d8081d871ded70accbc7bc523e7fef8b8247754d3aaec58e2c45ec1bcf440f7643c4697b0cb1d15b11b975821612a8d1789818fa1e4f80d7e3735b8","ssdeep":"192:90lw0ho+Pu9WoTzvDl8cbYWCRJylu2g+3Yf+OMqEhMGhBZWdnryAyeZEoOHiyjwR:N0WIkTzvDlPk63XOMqGyJBE7iy8UAd/","tlshash":"7e82fa6a7695b810575345b0a03b810bbb2b24388a0cd078b3acdcfe3d7d8865156fbf","size":17764,"data":"","first_seen":"2026-04-04T12:19:17.504384Z","last_seen":"2026-04-04T12:19:17.504384Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"895f526ab37305311d1e998fa4d5a6e8","sha1":"06d0220830c81bf254c70552e908371c6dc1f18f","sha256":"90916b8b1fb2fbbd765a22eba866c30d8829f59aa2d7ee86869abd20207b2117","sha512":"6b087d2e2025f4d11073254448b124af8839ce24ff37eb45bf2fd1a2b66bee8fd4fdca2b4d23c08786d217dd71dbc660d1054b7876b37752dee3baaefdaeaa4e","ssdeep":"","tlshash":"2871bc3beb00173bdc8fa9fdced5b4c02e62497262496960691ce102a16cd7487bed88","size":3743,"data":"","first_seen":"2025-08-14T22:47:51.287187Z","last_seen":"2026-04-04T12:35:18.104905Z","times_seen":1238,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mushroom.skin/x-2.png","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /x-2.png HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 427\r\nlast-modified: Fri, 27 Mar 2026 22:00:27 GMT\r\netag: \"69c6fdfb-1ab\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":427,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"d3b19d1b24eca600fd7f7359fed2c912","sha1":"857a18b7641f96fe4ffd142162a4435b22ccf37a","sha256":"42cb6ed2ef600b109806de6e67fa45e3120ddaed9e08709d95a7ca15929f8632","sha512":"5aab45cf6723b2137c23c2deacbb146dd4034b3b11aa6c52e72268f237dca7c3a6f617d77f85871d0b15424005e6274d9602070a4996d5f6f7f33693e3141ec3","ssdeep":"","tlshash":"f1e0abdd1790e83b5b5e2be211822a40d9fa733534e3ae2f60b028313190649b5d4ba1","first_seen":"2026-04-04T12:19:17.483479Z","last_seen":"2026-04-04T12:19:17.483479Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/1813f1100135b132.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /1813f1100135b132.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdfe-55ab\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21931,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21931), with no line terminators","md5":"2626bd593858ee1dccffc08769b6cb03","sha1":"397eeaa8e1edca1040d01a83af65c8204f0171ec","sha256":"1402203b4cd5c048d426cd592910689bea1071b96d0ceac2c6079cd07dc6af97","sha512":"cc6f0141cdb4f60fdc57418c6b45d71e6595b429dbcbbe4a9c47261654d081bf70502dc638d6de24dcdba444322387b63b1c825db963af592371595b9caeee22","ssdeep":"384:bHr+OceouUTwUZLd2MmHMJSvu9kebij3CzaFbbo2tRctY:bLZ2VEy4HM2uagiDCzaZXtRcO","tlshash":"28a2f95b2311bb3163de62ddd10b4205b33b92a05341002cf5bc6dea75a4975a2f7bbe","first_seen":"2026-04-04T12:19:17.484444Z","last_seen":"2026-04-04T12:19:17.484444Z","times_seen":1,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/dca0b8380e191671.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /dca0b8380e191671.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdf3-4665\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18021,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10421)","md5":"47742b30f39a816143de6e87fe3f7ab2","sha1":"9517442154233890b02dd81953dad83cf9eb416b","sha256":"2b7ccb8c4d93428bdc751d54bc1f50d94dc15b292ca4d3fdb2eeedf24bfdbecb","sha512":"a27fcfff04dc8c35afd7312141e1104ce7cf42c93191c5b001cafcf8e3fc693c5279f06c76965479b8bf5d384bd92738f5caf08a4e87ed27646b89b6ec7c6dd5","ssdeep":"192:c1XhQlvPbS4esLWNndfDUOshdputu8I61Nceg/68uErTtlz8iZhAEH2CJHlcPHg6:qXhIvPbSlnLNDcH68DtBZCEW6G5","tlshash":"a882d729b141bdaca67b05a4b51fc00db13faa8cde0f9c7cb2bc685a1b148d4b5437d9","first_seen":"2026-04-04T12:19:17.485636Z","last_seen":"2026-04-04T12:19:17.485636Z","times_seen":1,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/jup.svg","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /jup.svg HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 27 Mar 2026 22:00:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdf6-dd6\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3542,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d82cb2f4c44db6b631dc43a279c6d2c2","sha1":"612fe0064c2c60f57b51402fe1ef0ab7d622bfa2","sha256":"45aed0eb86f66232201f8f87b443b43c493e95d9ec22a5b2a67bdf8ed08f435f","sha512":"e6e642694f08fb2a27674d6ddb95712065ae995c92386080fe815f0834ed30e2485c21f52caf1675faba3eeead4144cd6a077e4a879a3f7d8ebf6e3c5949fb95","ssdeep":"","tlshash":"6d712326e75af93bed42c098c9d455b562e402d7e220c3a4e0bb7f6ee56ccd0114d7d8","first_seen":"2025-09-07T16:05:04.092243Z","last_seen":"2026-04-04T12:19:17.486676Z","times_seen":9,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/b16c042e24f978e8.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /b16c042e24f978e8.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fe00-4a81\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19073,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (19073), with no line terminators","md5":"8129390fe67f25338e99cfde110b325f","sha1":"e21217a0da4489be8929039ec5f4e88168f06bf5","sha256":"62aea57ac4dec68db3551027d2ccab823d800d7a6d29b6e42abc7119e8c2c75a","sha512":"5f0e92ae8af7cd923cf558356ddc3422a39a3e5d0c22f43fba2490c015bd7df3bd601adb104f00f95bb4b8aaff12065a47726e3c2c95592a736956f0109cf084","ssdeep":"192:TMQl9Q84OONbQhU6jEQb93OktgAwiKaE5kHYbi5LzdQC12e6eQ6ilj2prEQjgEzA:TO7vBufpOkzZCYY0zdQC12edZdA","tlshash":"b882d5ad7195f4921fa364a4803f500bf2392db6286d90a0e3a2dcf5b9f415ed133f5a","first_seen":"2026-04-04T12:19:17.487797Z","last_seen":"2026-04-04T12:19:17.487797Z","times_seen":1,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/favicon.ico","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Fri, 27 Mar 2026 22:00:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdf6-654b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25931,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"c30c7d42707a47a3f4591831641e50dc","sha1":"9ecfcc8f0ead0bf3d2d7c39e084b88f41cc89a2e","sha256":"2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932","sha512":"7053e0f76e92179fb5154e2665d81897736bdcc22b002b0a3f8e212f27ef80f56224adaa09972848a20c66b064d16eafa732140461071ad70b6193c33dd517e0","ssdeep":"384:ryveIpvjGAUdJ/RN0d2q3OTirIDpXofYPj68Xg5RNy7yyTLb4v0:bIAJdhwYqZ8pYYPjSy7j3j","tlshash":"11c28e9b2b7e2015c908257641aeddfb011b5d4b28b4a20025fa3eb7b4b3735091fa7f","first_seen":"2023-04-30T22:57:19Z","last_seen":"2026-04-04T22:32:25.817727Z","times_seen":12758,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/favicon-1.ico","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /favicon-1.ico HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Fri, 27 Mar 2026 22:00:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdf6-1536\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5430,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"242e8de2864e8732e5c71638a3db0ffb","sha1":"29eb0b5c6d5c5b98c0dff8b35554cf00b2d213cf","sha256":"b83c5a04f7c9739585b00a61130bd7abf9a1549095ff78c5b2f3c595f8f4fc3f","sha512":"3de310446485848c40a66981c07812e322e68a707bbc281fbb2e17f0ff133478519dcb5cc100ca2d5599f4dd4ef286ba5c74a5b2d84eb97f1e971ea17aa117d4","ssdeep":"96:NQ9ucNCkSA5LsCWHEXUN0bBSpx7CzHoYhgyd:NIHNCkyUUN0bBSv7AHoE","tlshash":"a7b13b7537d5f218c48a82fbd096c312d8ea8db351258acb50fb7f2eb47e4909709889","first_seen":"2026-04-04T12:19:17.489197Z","last_seen":"2026-04-04T12:19:17.489197Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/dex-1.png","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /dex-1.png HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 486\r\nlast-modified: Fri, 27 Mar 2026 22:00:20 GMT\r\netag: \"69c6fdf4-1e6\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":486,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"d5128b917e19a03438991fb5af679ec7","sha1":"3a991c5edc9a2499572edfd4d985553542fb68e2","sha256":"0b66e83c0c7a0e0d7a0bafb498957bf4350d54b11a7ba28ba4cc7fe6d2c79d50","sha512":"9d0dba762ef50218e3f1aff45d7c279dbd96e3e6e2617336b461e22fac38c788641524bf3ccf5fbd54fc4dc7ae83982bb33527414cc99116bc8fbf4e7908313c","ssdeep":"","tlshash":"01f0d4fd0132cd3c57990265548e09110ea71fb40127511931b1f99dee269815d7a751","first_seen":"2026-04-04T12:19:17.490122Z","last_seen":"2026-04-04T12:19:17.490122Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/community.png","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /community.png HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 467\r\nlast-modified: Fri, 27 Mar 2026 22:00:17 GMT\r\netag: \"69c6fdf1-1d3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":467,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"dec4b3cbe946ffb59a9ea9726869f7c6","sha1":"c4feb7fa61c1466dabf6105ff3cf24bab2877ed9","sha256":"09e93d328728bfbe5c2799ff6c6d9faecd43d1da3bc4cfec5b02aafe967f1209","sha512":"bbf1e396364cf845535765b35f9c7969178e4927c3292e7ef62d6ae59698cf7b580b819329b2c8ef5977bbc5ed714d58ecceee7b676a0f315838fb2ac14fea58","ssdeep":"","tlshash":"f3f097eb03999c3da6369b1dc8220868adf219aa04e3a90f9a961cc02a22221751c335","first_seen":"2026-04-04T12:19:17.490997Z","last_seen":"2026-04-04T12:19:17.490997Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/249261e921aeebba.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /249261e921aeebba.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdfe-36949\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223561,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"0ccec8f4ceebb4a59bc7aabd9d1921a7","sha1":"d212b2733c9fa758d19ac932b0250b906895d296","sha256":"7961aca892de681b29e57241a0ce9228f757707798eab660b1802fcde0f720dc","sha512":"42afa10d006f612b6336a2949db580e302cbe08cdc7d281dca9e4f147b9eddff8232eb21bbcdc07b58fc624b3ca900be6336debc2abc20f3e6388d376a0dd970","ssdeep":"3072:YYzzSSScmKPyGoi8xP3ciNgZTjymL6yXtJfA:YYvSSScm6ZZnfrXtJfA","tlshash":"aa241be83995f6626eb302a710af1803733c252b280d4d60a251fdddb57845eb17bf9e","first_seen":"2025-12-31T07:10:51.651915Z","last_seen":"2026-04-04T12:19:17.491865Z","times_seen":240,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/393d37358f6a00f0.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /393d37358f6a00f0.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdfe-1ec78\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":126072,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1efe9dd908ca1a4231cfe05ca4c969ee","sha1":"e78a2c19aa27fb9485e6e1e88a874a3a821e5d28","sha256":"62fafc528548faa0bc263eb02dd81d8e93759a9544d88800b3fb383a724b8484","sha512":"28f2e65af40ef8e95395091a9bc109dbf3351b8a0d0c5f1aab2e399d5d32a98fd3edc4217075f62e6f02cdd6fcf6597f266fd412f655f39b32b0e79b47cd973d","ssdeep":"1536:uh+XvP+gDnoSTM9OdfNc7ZzOpDKCHT7qZTbIgBuHAi9SdMesPjmM/jj:fDeSpb0XdUjmM/jj","tlshash":"7ac309e67351b565c3cb5199c4af0701b33a59e8241a403cb7bde8cb286094d62fbf7a","first_seen":"2026-04-04T12:19:17.492978Z","last_seen":"2026-04-04T12:19:17.492978Z","times_seen":1,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/4e2541f1f095bad1.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /4e2541f1f095bad1.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdfd-77fd\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30717,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (30715), with no line terminators","md5":"2f6c2094db79e7131e3fa349dd1581b0","sha1":"85d144111f1a8e277b232f9141180ea1dd70e270","sha256":"f4ffeef9588355c1d2e2a6fd986e66b452dfbbfba569016f4bd8d3791897d799","sha512":"4c66c2dc569ed8af84d5a0f945c4074a54fc2c3688d9c963f6d2f130e4e3ff9d9f6861554c7b6cf013a388dc80f8fde4b64cf43816ce56512db3c430b27d91ad","ssdeep":"384:735S75Bq9E0m1YmRDQ0cJ3tn79Fg/Sg8qWtOPSNsbU:D5S9BX0ZMUx6bU","tlshash":"79d2d8717395f9a352db85d9d03a0015f2290d3530ae24b0b395dcef368dc89a1fafa5","first_seen":"2026-02-19T03:13:48.113085Z","last_seen":"2026-04-04T12:19:17.494314Z","times_seen":2,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/logosmush-2.png","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /logosmush-2.png HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 7613\r\nlast-modified: Fri, 27 Mar 2026 22:00:23 GMT\r\netag: \"69c6fdf7-1dbd\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7613,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 115, 8-bit colormap, non-interlaced","md5":"b68aa830df740bbf9d9e78259fb59ab2","sha1":"94560382aa76d7035ff8145c247b146e3da61565","sha256":"dbd64b04a6d32f7fad257aae0d06462156935edaf94efe667db2eeede2521a70","sha512":"e515db0506b733687235dfad7616c453f702a71ed2da098fb7f361da5e064da0288eb6b7b0a6a8061524766567bca7e71ed48e73dc3a2420b8d6f46c48d5a78c","ssdeep":"192:HCIaUz7p/ZoT53O+DSyG1gOtt9+8A0W/bcpypzPy+neCO:HcUvp/Zole+WyG1gW+8+/ltvO","tlshash":"b2f1af5fea41ad6ee7acd5bbf5bf14fa91659e03029cd110af46e5a04cc8a1b0241f32","first_seen":"2026-04-04T12:19:17.495319Z","last_seen":"2026-04-04T12:19:17.495319Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-04T12:18:45.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 8430\r\nlast-modified: Fri, 27 Mar 2026 23:06:38 GMT\r\netag: \"84ad-64e098da4718c-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33965,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5037)","md5":"11b4d64e3f7f404bec71f7ae73dfc049","sha1":"83437cd10ea6b2af4b0ed1c2221b0903649d0926","sha256":"97b33fd5def11f5317aa1f23a52b22cb461b54421489f4337ab24d75d271ef1f","sha512":"af83b3db9d55f52ac95b7172e030b31ae2ab992847f8580115d0b130e2453bed66c1facd734b1eae4863b3b4930e9e5b5395074012c4625b00a12a7136bf0055","ssdeep":"384:uhkF9QBnefYHPbxkXuqPZCpJYXeB353k1aMkAozoCmtM:uhkFGBniaPbx/iCpJYuB353k1a9vzoC5","tlshash":"7ee2293ab511cc26b41bb9aa6a7bee6e7a8dc527c3168c1873dcc5405f46cf4ca97840","first_seen":"2026-04-04T12:19:17.496196Z","last_seen":"2026-04-04T12:19:17.496196Z","times_seen":1,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":119,"dns":50,"connect":27,"send":0,"wait":57,"receive":1,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/aa0a7c5c022cbeb9.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /aa0a7c5c022cbeb9.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdfe-980c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38924,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (22713)","md5":"1e79b1926473efc64178602f8682d563","sha1":"4c36c924f6467d150d457037eeaade15fac4095d","sha256":"a32cfbfeb00a7e262808bf7665f4cdd076d8fc1fe6321b0be01c97c9d7692bd9","sha512":"9d0faffcfdcc2b33d949a535dcbb42a6dbae9ceafde2fd8a51c9757f6a9b9f6ab07d2f600d0312fb4017b770c47731afa5c833ed8104186c167ffaf30999403b","ssdeep":"384:SjpjDvCaRAzb0mUYTOVF35o59D5qgg9BkECoeZoPUR+2lwQmbnxxtw6ZR:BIPr3K9D5qgg9evXZoPUPorH","tlshash":"d803b6b672d4f9a2139340e0843b2017f2290c76116d7570a7e4ccebb6588dda6bbfd9","first_seen":"2025-12-28T17:37:42.733635Z","last_seen":"2026-04-04T16:37:51.980545Z","times_seen":143,"resource_available":true,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/bg-6.jpg","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /bg-6.jpg HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 143112\r\nlast-modified: Fri, 27 Mar 2026 22:00:15 GMT\r\netag: \"69c6fdef-22f08\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":143112,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 1920x1033, components 3","md5":"a940047d7c4c53477e4fb0c23101473e","sha1":"24db6b828cec78d6eca16ca9c4644de4a51aa3c2","sha256":"d4e229a685018fd2894bab86ccd3d2274c4a77b9af592d0d1bcd8b9f9665babd","sha512":"36f866cb3777bb9f5c406541c6cd8fe47589396111e472219d6e3b243d0e71001057f1b99f0f22349f32446e28a7545f0cd83697e0890ba784fb0e4a1f4e3c42","ssdeep":"3072:MQ4PvKaElIPqt5XF8dZdnHm09BElXICy5fb/bhhn3S0UC5mS:wKaElICt5e/dBeyZ1RTzAS","tlshash":"a5e312f7f7280e6af17ae84820e5c26a3690461316de760cfdd6e905edcc409a56d733","first_seen":"2026-04-04T12:19:17.497564Z","last_seen":"2026-04-04T12:19:17.497564Z","times_seen":1,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/char.png","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /char.png HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 252749\r\nlast-modified: Fri, 27 Mar 2026 22:00:31 GMT\r\netag: \"69c6fdff-3db4d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252749,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 828 x 828, 8-bit/color RGBA, non-interlaced","md5":"341a308c39420f9021d945e4167e5c8a","sha1":"79c29f61a73a7d08cc78a95d39f8a77f5ae37447","sha256":"539727fd2d4ccd208b5e7683acb748c51b40b29966f669807747392aa5b73c99","sha512":"27f773e44dc74b4c19907049e1de69789360c556bb7323b75a4cd42197362cf4c16592f7c7cc00fe1d4cfc44a3e696b9d373ae075a0f2568680e78c241977561","ssdeep":"6144:BIukq/d48csiBU1DhWHS6+sgMWb/gkzpi:BAq/O8cNS1Dky6zFe/Dzpi","tlshash":"493423c9982886c1be3fd63b7261abe01ecab933d3f508d17b3c0a51d465562729c897","first_seen":"2026-04-04T12:19:17.498506Z","last_seen":"2026-04-04T12:19:17.498506Z","times_seen":1,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":62,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/f909145872f20f5a5bba20d851083795fd178329.svg","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /f909145872f20f5a5bba20d851083795fd178329.svg HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 342\r\nlast-modified: Fri, 27 Mar 2026 22:00:31 GMT\r\netag: \"69c6fdff-156\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":342,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b49fea441b46f14bbe5035f5114ce998","sha1":"f909145872f20f5a5bba20d851083795fd178329","sha256":"d0e045f1e51be202164928a4a0647a05a8404cf7be6e78dedf3ddcfac4a87ce8","sha512":"47d4e34ffa3035ab83a4e500c79154a1b32e1d7e7e9fbf5208e419e0a0e0c54c791a40df81fe9261bc9b407e729dfc8f1b3b260e6a98d59569e416f3a3f07b39","ssdeep":"","tlshash":"5ae020a182d4091ee10e8575e1dd9d69570ee1f032b508d59d6f13e1d313091da233a8","first_seen":"2026-04-04T12:19:17.49945Z","last_seen":"2026-04-04T12:19:17.49945Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/bg2.avif","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /bg2.avif HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/avif\r\ncontent-length: 193898\r\nlast-modified: Fri, 27 Mar 2026 22:00:13 GMT\r\netag: \"69c6fded-2f56a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193898,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"a24a1e6678a5a4aa90d9fffcb1a48ba7","sha1":"844e005bbbbe9028cd2268452f43b7ff9bebae4e","sha256":"45f38520a5518474650df5b2b25ecfeb0ab9ac516602317294db40411726c82f","sha512":"1a546fdc98a541bcb539f931e7dc5611123d3a82cea57aa549ea4b9714807c8c5317bf206cbc8af554d9cd48804497f18bd403b04b1fd9e2e3e1379e41173fb1","ssdeep":"3072:OjWZwJ1Bv1IigsKq3WwSb+KRskQEF1imHGXDMXXeNnXGBtosQDT9q7DYyx9Q:5ZwrFnKq3WwyRsuOm8g+NRTI7Eyx9Q","tlshash":"9c1412888d99339d9f91016e10492b7eefa84948060be5d3bcfb2b75357ad033739c98","first_seen":"2026-04-04T12:19:17.500249Z","last_seen":"2026-04-04T12:19:17.500249Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/char2-1.avif","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /char2-1.avif HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: image/avif\r\ncontent-length: 99903\r\nlast-modified: Fri, 27 Mar 2026 22:00:16 GMT\r\netag: \"69c6fdf0-1863f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":99903,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"37b4edaa935b550b0514bd6c973fc59f","sha1":"46c118e12d40636ceb30906c7972213c44f0ce2e","sha256":"51723af66d6529b39cc3063c7aa863f5ce7b6d372b46325f74fda5df2420b4ec","sha512":"fbd22367ff06498a94a04e44385ffeea1ce27e7edfd6a3120529cb1f15b10abbec2baa24b3e569d22dbdddf9e8ed538fd8598e09bbe5dc9758c69c995d55f321","ssdeep":"3072:INj3siu+xBiEzoZJDlf88OD60GWzQIvpVvz5MV:G3FxAESizuKzQwe","tlshash":"cda3123772f7c6ef9710eea0c218013785cf9664867f16445f7adaa9f819b8212b4c39","first_seen":"2026-04-04T12:19:17.501071Z","last_seen":"2026-04-04T12:19:17.501071Z","times_seen":1,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/d7674df198973d92.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /d7674df198973d92.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdf3-3067b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":198267,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (36516)","md5":"a1a0948e73bc4452a0810dbcc931696f","sha1":"c595ba705cb992a141235a3f4cea4bc47833e518","sha256":"0997624e51f45c3679b99945e99ab1ba6e5f37e37e0786cdf983f4482af95acc","sha512":"cc36b3fd2bc3cefa42f7296e66a09b7ead60492849b89787502039d3743269da22baac80af055fc644a600c8b33e3cc24230a5a39c278953e4ed94785a8578f6","ssdeep":"6144:NRT1VEfZfvZFpsZwoRvoZQYBYTlSYM3FcyCfzs4bFb:SvZFub","tlshash":"2f140ad5b3b3b42246d695a184361402f37c6a1eb81d402cb7695edf6998d08fb3bf31","first_seen":"2026-04-04T12:19:17.50273Z","last_seen":"2026-04-04T12:19:17.50273Z","times_seen":1,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/bdb138a6091631dd.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /bdb138a6091631dd.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fe00-4564\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17764,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17759), with no line terminators","md5":"aea3f5212e4472df3b4dc2f6ffd4decd","sha1":"efeb13788248b1c888b77d6c7f2b08f9968a1c35","sha256":"e03693dedc120d13fc32d8f7961c209e0142cf98169a0747a897b96c78d23dff","sha512":"8faa3cc04d8081d871ded70accbc7bc523e7fef8b8247754d3aaec58e2c45ec1bcf440f7643c4697b0cb1d15b11b975821612a8d1789818fa1e4f80d7e3735b8","ssdeep":"192:90lw0ho+Pu9WoTzvDl8cbYWCRJylu2g+3Yf+OMqEhMGhBZWdnryAyeZEoOHiyjwR:N0WIkTzvDlPk63XOMqGyJBE7iy8UAd/","tlshash":"7e82fa6a7695b810575345b0a03b810bbb2b24388a0cd078b3acdcfe3d7d8865156fbf","first_seen":"2026-04-04T12:19:17.504384Z","last_seen":"2026-04-04T12:19:17.504384Z","times_seen":1,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/db30aa2e2a372bc4.css","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /db30aa2e2a372bc4.css HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 27 Mar 2026 22:00:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdff-12c3f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76863,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41835)","md5":"2ffe43be23260ac90da0e4a4f93f4939","sha1":"56ed3d3621d484e5384bf330acc5b5b739908ebd","sha256":"7425f91decca05f130506fd9affd83dbfe60e8d161e0aedc7572f7e0b8ac90b5","sha512":"f7527462e01b807718bc8a78e46ccb1328fe42ecdb35b137f3b03cb4195085e34b7f811981d2ed5fe0910503d2d499c378241aad718f1ab34fecbd377b1b881b","ssdeep":"768:Yai163s/LiFAUlOwDy7AT4leIHbXPa8aPsxxfCs6upj7eRpF0XjuhoN:Yaiw3sDiFAYOmy7E4lrDi8aUne6Shi","tlshash":"0b73a7206036982abff759b331cf7f0da80db004ab6521abf55217948ada6770fc6735","first_seen":"2026-04-04T12:19:17.505961Z","last_seen":"2026-04-04T12:19:17.505961Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/6a269ac3b85453d4.css","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /6a269ac3b85453d4.css HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 27 Mar 2026 22:00:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdfe-be9\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3049,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3048)","md5":"fa5ab691410e47d249635e96655cc046","sha1":"b7b033975f4d03b6b9ab284aed23799f73afb1f5","sha256":"9bf695a588739721a84691e685bdb7904a0e88525ab3fdf7841c045e4480864f","sha512":"c059036620f816ac86d2f5c9c210be61c1da560dc96f727eca8b8cc2d10d5c12a23a820b2b157d34c8f09b3639f82d85f8f8de328b346fde6736c706921f108c","ssdeep":"","tlshash":"2051eeab827d0345f975d8f3ed821315fb52b86981c3ad8ee05a91e5c2da27122fc912","first_seen":"2026-04-04T12:19:17.507356Z","last_seen":"2026-04-04T12:19:17.507356Z","times_seen":1,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/d9b30c50ac450e3a.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /d9b30c50ac450e3a.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdff-1ce90\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118416,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a7b120a1e9ee8a16b1c683c7c19d6f3c","sha1":"3a646dc5864ce04c72739f4ebb9733f1db254e92","sha256":"3f398a5f7218b7c6e8c6d038024a5ccaedfdb92b782c5d86c1f5e5500f35a9bd","sha512":"a6b5a2320faff41de6e4dc0c4fbcf59e81dec07e7ae015fe2d6a927e77c85f6b0395236f6bde98accfd0918a379cd8f3e437554fe88fd33da4973b3adb6b3ec1","ssdeep":"1536:dQ+JHdrBQVCzoR7IjUbztZlX8tsmZu/gziB+uI9vi:J8CEGjU1Z6sydW+uJ","tlshash":"a9c308f935d5f48207ab40a6c03f0006f32c4d77189e68a0a3e5ddda756499de1b3faa","first_seen":"2025-12-29T09:23:49.774749Z","last_seen":"2026-04-04T12:19:17.508241Z","times_seen":2,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/turbopack-a14827f4fd7202be.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:45.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /turbopack-a14827f4fd7202be.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 27 Mar 2026 22:00:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c6fdfb-29c1\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10689,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6411)","md5":"df40746f3c83f9431a1b89146350ac5d","sha1":"58310f244d26a1e1eb0d9615febc21716d93413c","sha256":"b72d5d606c2a329e06e66b916da1824583358c96cfbc8b5cd8ba5e4fc37fa163","sha512":"7e5f15ff5a3285f3a59fa0f27352f01663d38333d5ac44602731eb5e0097af480422f04c3f52f0b72618b5bd0defaadea8426827c19ca6b2a86d5df1c7bcb016","ssdeep":"192:bWTzl08/EsUnU91EGdoFNplHda6Mh6CW9xocxkUk1MsiyLxZ:bWTzv1IblHA27roQHyLxZ","tlshash":"3722e8da33aaf077436f90e6907f4044f17954a8145d542c93ace8fa38398ae49e3f67","first_seen":"2026-04-04T12:19:17.512024Z","last_seen":"2026-04-04T12:19:17.512024Z","times_seen":1,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mushroom.skin/ff1a16fafef87110.js","fqdn":"mushroom.skin","domain":"mushroom.skin","tld":"skin"},"ip":{"addr":"45.67.85.152","port":443,"asn":203363,"as":"Kuroit Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mushroom.skin/","date":"2026-04-04T12:18:46.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mushroom.skin","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 22:13:10 GMT","end":"Thu, 25 Jun 2026 22:13:09 GMT"},"fingerprint":{"sha1":"61:FA:EF:52:87:F1:E7:F9:02:48:A0:B3:3B:0F:E5:F6:FE:85:6B:D3","sha256":"D5:4E:A0:CC:A5:DE:E1:93:A7:01:C1:5A:1E:29:AB:E6:0E:95:56:18:9B:1F:8E:63:26:74:04:08:5C:96:54:B7"}}},"request":{"raw":"GET /ff1a16fafef87110.js HTTP/1.1\r\nHost: mushroom.skin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mushroom.skin/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 04 Apr 2026 12:18:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 282\r\nlast-modified: Fri, 27 Mar 2026 22:00:22 GMT\r\netag: \"69c6fdf6-11a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":282,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with no line terminators","md5":"5458632ee5cb3da028baebb11d5f70dd","sha1":"57e264834d3635e52fbbd3d93135842c09ce8525","sha256":"e9786b1305894e4119bb9811a816dac9cf576755596dd989ee15b455749fc35e","sha512":"28ae4e3a3828f99d64b7d4bfc7238d56c9ad910ce267dcb6c01e53be00c88f8a7f024640680d2bd66240a9972322744ee9147883a12ff8c92717c27ebb3fef50","ssdeep":"","tlshash":"63d02b702150f8d84086a4cc8836424bf52928b262fe3895d7ae8cb16174f0c51e1e55","first_seen":"2025-08-20T23:30:20.185011Z","last_seen":"2026-04-04T22:20:38.929283Z","times_seen":15326,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"mushroom.skin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}