{"report_id":"785e31d7-e378-4de7-b845-823e7709cde0","version":0,"status":"done","tags":[],"date":"2026-07-03T05:22:44Z","url":{"schema":"http","addr":"auradrainer.gt.tc","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"auradrainer.gt.tc/?i=1","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"title":"Aura Drainer: Crypto Drainer For 480+ Wallets.","dom":{"size":230798,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3550)","md5":"a381a2cefb3fbb5f2a2a4ae9e5524d2b","sha1":"8e99831aedf4cb79e88aa0efecd3cc7a37d33f3f","sha256":"3e7e4a370d84fa88319f1e863773826e03d31dcc3b2d71b466ceb284e5320efe","sha512":"26935da7742fdc01ef929daaec1f9d9cbd6ef189583b3b3f7732e1719cadac6d34a65749058c631b523d71182c10394f3675d9eee5edc4b0d4acdd55b0f1f480","ssdeep":"3072:EQGiXPLVDAo2vwOwOTtBKm9gxb1qEr/2bZEg38:EQ9PLVDAo2vwOwOTtBKm9gxb1qzD8","tlshash":"f234b751b5bb283a312f61cfc2021f0c5993efb7d6a26ae5717e0154d3e6c913b831a9","dom_hash":"domhash71498bc581d09b5ba2e9bfe79e23b13e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"auradrainer.gt.tc","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-07T05:22:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"auradrainer.gt.tc","ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-07-25","domain_rank":0,"first_seen":"2026-07-03T05:22:45.932326Z","last_seen":"2026-07-03T05:22:45.932326Z","alert_count":396,"request_count":99,"received_data":2705067,"sent_data":57404,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"www.google.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2026-06-28T22:45:38.558215Z","alert_count":0,"request_count":2,"received_data":0,"sent_data":2135,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-06-28T22:30:22.905773Z","alert_count":0,"request_count":1,"received_data":415594,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=AW-17934677356","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"79b1cd1c9d954c1af88aa597218aa673","sha1":"e6cb643a9a2c9b10701cad8fe0dd9e6469b3fce5","sha256":"206d398e089899c8908f0dce26dba7cc74c2c08b7f9371e96f653f74091c2583","sha512":"237783ba4114265bc217b7d6d2d694a3b5e4154f9fc7e8e44766fd6832473c1539ef115f510b53d8d13933159d9ad935932470cf6d8e672e1c6f4d40b5ed70c7","ssdeep":"6144:TrwtCn0W5iAGCvJWXLd5fpcxIGQznsWBf2ImQN:TrwwY6KL/kXQN","tlshash":"839419cdb3d674629393b478903f018ba27a69e2f44cc899f185d8d42e746998237f7c","size":414944,"data":"","first_seen":"2026-07-03T05:22:49.373101Z","last_seen":"2026-07-03T05:22:49.373101Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/aes.js","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc66e046447092c606f2587837f96874","sha1":"fcf354a8044f494ee1f9fe868dde3f570f50e593","sha256":"5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96","sha512":"51cd149b2876e90621afc579fb172e253548a851d4c202181e1faba812f5beb1ae9ccf9f153137f60c569e05a79dcb272176e0126eceac54316208d2699a689f","ssdeep":"192:4hsoEj776Bn/tnHcgaollys/6+EgH3JLg7oLu0MyMVu:i50/3xoGs/jE839g2FB1","tlshash":"355200c203894a7cf2c92ed68c2f605620f3e54a3d251249efb399dbbc77d895075a36","size":13733,"data":"","first_seen":"2023-10-15T19:29:47Z","last_seen":"2026-07-03T18:09:19.258959Z","times_seen":7916,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/?i=1","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba54968d0a62335d541928e91740e2fa","sha1":"85c3e9ab45cf08da4b09beb582f20a658db05845","sha256":"db96cc9ddaebc15082372f7358c8b5492d14b6623335b2ae8979c74f68accad5","sha512":"f4f9348ec51b8c6f5beb463c61ea21c6c03b841eda97b33dcac53f805258382191c2add119b13197038dd0fa014ef259a1a65de529cce2aed475f8785b8b784d","ssdeep":"","tlshash":"e7c02bdc210f0cf141db2f214f1fb300f0053211acb01c3108012304e510d07ab88c50","size":144,"data":"","first_seen":"2026-07-03T05:22:49.462577Z","last_seen":"2026-07-03T05:22:49.462577Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/?i=1","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"0286be971ad68d50d2ee0f04c89e15f2","sha1":"2cfb3d92c9d6a67854ff1a56258d31e987e1c358","sha256":"40a540685a9f93d3b52cac337fb84d33b1ae45bee95b070b0728b9db64b9fd00","sha512":"da6b7d09969742c139bd4796bc9e4751b55d189e19e0050470f3d48e55983aecff8f7797401a8d9675c4b6df2e36bb2b2c67cc82d607366b02a4db9c5a0c8763","ssdeep":"","tlshash":"04a012440144009b8085db189e040882833510c7e500238200000611524c4039d40b56","size":80,"data":"","first_seen":"2026-07-03T05:22:49.463679Z","last_seen":"2026-07-03T05:22:49.463679Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/?i=1","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"0732a38519e0f311d23c84f8cfc6b7e9","sha1":"a9ac24f58d48c705dcab3557cfc701648c9efe0f","sha256":"789b5d2998c1f0fc5d400d15b7620a53c48ee04119e44d2b927b5f799d5053fa","sha512":"1ea47b293a8965f1a2ae283be964d5ac25bcf6007be587291c6818eabfdfa0373221a4722d13d12f57d3653e9712dfa1fbe3b8b434f879c136b7a0a1304f6355","ssdeep":"","tlshash":"0931ccbaeb0c343786b961c48ed036e8692c51f7fd83ac6b3c08c44421c2a09aeb8551","size":1798,"data":"","first_seen":"2026-07-03T05:22:49.46478Z","last_seen":"2026-07-03T05:22:49.46478Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"auradrainer.gt.tc/solana-sol-drainer-quark-1-300x300.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.571Z","timestamp":1783056140571,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /solana-sol-drainer-quark-1-300x300.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 9834\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"266a-650ab11fcdbe8\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9834,"size_decoded":10143,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1625060f8b080f188362518f6a12b183","sha1":"d9add6edd3edfe3ce7a3bb5c94a15de71cf51c8f","sha256":"fd5713613dc7e535e2f6254bce4d9362aa687c3e4cc786bb398d7f7ef4e731a5","sha512":"81b0a713c738d5249ee1fb25dbbf1777d535d1b0e74851d83246f7e7c78f484f6eeba7986c91aee75d878d0540f29d5ba4a5a0a8cec046bcdf0658bdb0f53d7c","ssdeep":"192:vJg3hBxP9mMnM1X1Sf3MR3H4qrubHsk707qATcT7Lohsv+mdjZsXuo:vyNoMnMX1F3H4Eg7eqAQDwsvFoXh","tlshash":"4212c0d3d9a32d34e7934f813258d3a5bc0a1202dd54851567bf96daa3abfc463d041f","first_seen":"2026-04-26T13:04:41.557038Z","last_seen":"2026-07-03T05:22:49.319729Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18092,"timings":{"blocked":18052,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/ton-drainer-quark-300x300-1.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.572Z","timestamp":1783056140572,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /ton-drainer-quark-300x300-1.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 7590\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"1da6-650ab11fe2fc9\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7590,"size_decoded":7899,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8540a281482399336f2494228f7c4830","sha1":"e6be2a57b143de77e98c42e4a7513d5fe0525c50","sha256":"0797728ec7a6c8ddb90a75816392beec2f55ca56cab88f27ea3a4a9863e46966","sha512":"2ff1e31d1ec57aa70940691bb0e1baea4250ff0fad8f8ddff072cba91518c989cd90e8a3849721a616c84076e4366e902e6b47e0fd9b1b8b99c73e88350ec513","ssdeep":"192:DJI5V/WT4sIeq0HMienXgdyTcFz+UXzbwRlXQ73A9H:DJI3WTRqkIuyQFzVCXQQH","tlshash":"29f19e6dbe0024810bec554258a83ee70e285c2eec4da69c0b6e86fa5e1a2d175c2394","first_seen":"2026-04-26T13:04:41.572292Z","last_seen":"2026-07-03T05:22:49.323876Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18129,"timings":{"blocked":18092,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.679Z","timestamp":1783056140679,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__notosans-css-v3db4ff6b721e63e03b19c0b3644a29c5451235e6.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Length: 35840\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"8c00-650ab11f2e0f0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35840,"size_decoded":36124,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 35840, version 1.0","md5":"00427f129772e9f049050a50407952d1","sha1":"0f9e19ecc1d89758fd59d187f35b5a73e499eb45","sha256":"086bfcad0e112af1c9ac0cdea1744dfb11dfdda61906ceee1b32439437096add","sha512":"26478f6744d0875901f6c20b13f4303abe0d579ac2ffe02b74a5cee4a6af48b23a6d611116fc5f1f1b9aa6ef8b083a992e80aa1675e3a211b5332c480050e90c","ssdeep":"768:haAL1lUUxZ+mIxfVJ5tYBU+ma5q71y9SWeGt7UMaVJc2PtupNFtpXjN:NLEkxyJjUUza6ygxGWMaV67/LjN","tlshash":"c3f2f15f368e8e17f4d8691c5a667d523e022dfc9e30c622504f5efd3939320946ceaa","first_seen":"2024-12-04T23:04:18.137977Z","last_seen":"2026-07-03T05:22:49.324882Z","times_seen":2119,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":11,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.685Z","timestamp":1783056140685,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__notosans-css-v3db4ff6b721e63e03b19c0b3644a29c5451235e6.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Length: 35840\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"8c00-650ab11f2e0f0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":35840,"size_decoded":36124,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 35840, version 1.0","md5":"00427f129772e9f049050a50407952d1","sha1":"0f9e19ecc1d89758fd59d187f35b5a73e499eb45","sha256":"086bfcad0e112af1c9ac0cdea1744dfb11dfdda61906ceee1b32439437096add","sha512":"26478f6744d0875901f6c20b13f4303abe0d579ac2ffe02b74a5cee4a6af48b23a6d611116fc5f1f1b9aa6ef8b083a992e80aa1675e3a211b5332c480050e90c","ssdeep":"768:haAL1lUUxZ+mIxfVJ5tYBU+ma5q71y9SWeGt7UMaVJc2PtupNFtpXjN:NLEkxyJjUUza6ygxGWMaV67/LjN","tlshash":"c3f2f15f368e8e17f4d8691c5a667d523e022dfc9e30c622504f5efd3939320946ceaa","first_seen":"2024-12-04T23:04:18.137977Z","last_seen":"2026-07-03T05:22:49.324882Z","times_seen":2119,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/quark-drainer.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.475Z","timestamp":1783056140475,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /quark-drainer.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: image/webp\r\nContent-Length: 49340\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"c0bc-650ab11f555ea\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:19 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49340,"size_decoded":49650,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"34c05ebdc4cefc3e1c2eb9e82978e521","sha1":"30893620c029f8969f4ea8e30f50551832f603ea","sha256":"252bcc2a1165eb7c1b58d82871a1d786b95ff9f7da0b2d92b328d30f8850e09e","sha512":"7274f807bb355c521b5806202e6ead6f42ab1a4a5405ad8c905072e974a009ff48bdddd31f9aa45db4e0e02af763c24482b35200a1a498da0fd541c49caf796a","ssdeep":"768:drd0tp51ghDIJjejNj2sjBhZbFgiQXyByVtnMKeNB+K2nFiFPDof+INA8iZD:jW18sje5njDZpHLMVwX1F7oZA8id","tlshash":"b823f1451476b3f7a6b080b760e1ffd2181bd0e521eb11ef6884355ce29b07d2beb6a4","first_seen":"2026-04-26T13:04:41.582954Z","last_seen":"2026-07-03T05:22:49.325611Z","times_seen":3,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":56,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/icon-box.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.519Z","timestamp":1783056140519,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /icon-box.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 13371\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"343b-650ab11f0d18a\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":13371,"size_decoded":13728,"mime_type":"text/css","magic":"ASCII text, with very long lines (13371), with no line terminators","md5":"5ee2be7d087312b0b96ed7a2abc18355","sha1":"05576ba98ace5ae122f8647cf3ee8a50caeadffd","sha256":"21ec4c5fd2037e985d85d89d3b5b7f7e3133030721c45fd1b658be9b7dadcec8","sha512":"4f57ef777c83b8643dc23c1c4328d102aacf761c705b5257704e3bec73e7b5f1b74f6fbfcd668e32fc175001dd4b7094abe10d9eacb2c1e8faff1138affc013f","ssdeep":"192:gaZkQ458458k58GEENP3BSoIg+ia+KcGwb6Hd+6+tr69Lj9OWF:hIl/003BSoIg+ia+Kc/69fJ","tlshash":"fa528884fc4399e8331b54e74bd754fd7664a8c9ec619ea4bdb2af0300fa9e41322635","first_seen":"2025-11-20T01:51:51.728503Z","last_seen":"2026-07-03T05:22:49.327308Z","times_seen":20,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/evm-quark-drainer.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.532Z","timestamp":1783056140532,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /evm-quark-drainer.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 23898\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"5d5a-650ab11efa4b9\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23898,"size_decoded":24208,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1160, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a05abf2aa821dde2a4ab1336e4106e6a","sha1":"52dabe778f872b65154825c8b396f3c5d8568286","sha256":"31cfda8a71724fcf63c4b0118960807111624bec3dcfb909c9946fd89a4114b5","sha512":"7102554ef324dd17cdd22623d84d87221898476f0f2b7f146f132251569a3abc7572d3c523144d072eee5b95f0992c2678116ee8728b9ac736a77af6590754f0","ssdeep":"384:6evv+yjf87KIjvcgiJAqa2LC/0/61jXMGB5OqPE/WQnrwv+HggLv+2+l2MdVL9:6uGp77j3P/0/qjXMGPPRv+ZK2GZ","tlshash":"46b2d13d36bb98a361ea0c4f8487b471a791d1ec01e088d82b6a9e7e06d746df285725","first_seen":"2026-04-26T13:04:41.562454Z","last_seen":"2026-07-03T05:22:49.328796Z","times_seen":3,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Quarklab-dashboard.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.646Z","timestamp":1783056140646,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Quarklab-dashboard.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/post-243.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 104936\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"199e8-650ab11f90f25\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104936,"size_decoded":105248,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"66d1764426fda6ec3c0f414d171d4c07","sha1":"742b44d3603d8d10603a70a1fd251ee2d40a15a4","sha256":"047ba01f216ede9736df46127aba5e54b1c0bd47e0f0dcb642e3b5388fd167f0","sha512":"1478d05f522e36b33a552d43d948cfc3345376719d6543092e0502ae14e337f5cab97d9b670b4919c3d4e11ba56733bf738022a6bdd988ebc5cc4bffa93da632","ssdeep":"3072:Kq4JuR83k3BGeJ5KCRaGxHhpXbdCbCc0T:Kq4JuRUk3BGe++aG1hpbvT","tlshash":"e3a31225800fe3ad55c3ac9903a7cea84e5b6a71452e206dc4b34237d2939f8b6649cb","first_seen":"2026-04-26T13:04:41.547513Z","last_seen":"2026-07-03T05:22:49.330067Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18660,"timings":{"blocked":18596,"dns":0,"connect":0,"send":0,"wait":63,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5ardu2ui.woff2","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.683Z","timestamp":1783056140683,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5ardu2ui.woff2 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__notosans-css-v3db4ff6b721e63e03b19c0b3644a29c5451235e6.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Length: 20080\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"4e70-650ab11f3717d\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":20080,"size_decoded":20364,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 20080, version 1.0","md5":"9d065b00390eb4ec7a36438451b90885","sha1":"6da63da2a3400062f3ad4aa3b096d2a2e362e8d1","sha256":"6ab64433de6077ca5ad31b05420450ce986a616a4ea47b6ad16f3217055dafc3","sha512":"f06acaff61c50e1ba05a0d93e85a59fd5a0b7c5604ed947ef1cfd98ea8d63cbbc972e2c8ebc11c5a31ece50e1e736931343749413f5fc61160fdc185e1570ea5","ssdeep":"384:WbYV4tx3GwS6MxSaqz4mED7HI5Kv2kGMcuGYnyRyhmdmFCFg38:Yx34Tc9z4mEvAKvFdcuFFAOM","tlshash":"e592d1a8376a3435bb2849aca447f1633a15747eed8423ec0f67490993df15eca7a18c","first_seen":"2024-12-04T23:46:11.118135Z","last_seen":"2026-07-03T16:04:19.556503Z","times_seen":175,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?rcb=18\u0026frm=0\u0026auid=823486131.1783056141\u0026dt=Aura%20Drainer%3A%20Crypto%20Drainer%20For%20480%2B%20Wallets.\u0026en=page_view\u0026dl=https%3A%2F%2Fauradrainer.gt.tc%2F\u0026dr=auradrainer.gt.tc\u0026scrsrc=www.googletagmanager.com\u0026rnd=169608882.1783056141\u0026navt=n\u0026npa=1\u0026gtm=45be66u1v9248370851za200zd9248370851xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=115616986~115938465~115938469~119027224~119576881~119576885~119576891~119576895\u0026apve=1\u0026apvf=f\u0026apvc=1\u0026tids=AW-17934677356\u0026tid=AW-17934677356\u0026tft=1783056140910\u0026tfd=904\u0026fmt=8","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.914Z","timestamp":1783056140914,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /ccm/collect?rcb=18\u0026frm=0\u0026auid=823486131.1783056141\u0026dt=Aura%20Drainer%3A%20Crypto%20Drainer%20For%20480%2B%20Wallets.\u0026en=page_view\u0026dl=https%3A%2F%2Fauradrainer.gt.tc%2F\u0026dr=auradrainer.gt.tc\u0026scrsrc=www.googletagmanager.com\u0026rnd=169608882.1783056141\u0026navt=n\u0026npa=1\u0026gtm=45be66u1v9248370851za200zd9248370851xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=115616986~115938465~115938469~119027224~119576881~119576885~119576891~119576895\u0026apve=1\u0026apvf=f\u0026apvc=1\u0026tids=AW-17934677356\u0026tid=AW-17934677356\u0026tft=1783056140910\u0026tfd=904\u0026fmt=8 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://auradrainer.gt.tc/\r\nOrigin: https://auradrainer.gt.tc\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/cropped-Quark-Drainer-6-32x32.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:24.148Z","timestamp":1783056144148,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /cropped-Quark-Drainer-6-32x32.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb; _gcl_au=1.1.823486131.1783056141\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 442\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"1ba-650ab11ed1467\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":442,"size_decoded":749,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"deeba1c829adb9839126079962a282a2","sha1":"3f36dd308413ea9c4e75ed1853c61a1a37ee3251","sha256":"8ec7f292b26263b4cec5a06b09324036e98fbc2339df0ec55fef525e1519c0ef","sha512":"605e66ec18b977747ef5a926f75dba7ca835111bd7e0f1a262ed6dee16360af31a58e84900601ae58c73aa34f7d697ce406a41f657226b67920b4fe2d1c7553a","ssdeep":"","tlshash":"97f023d1426230c0412d87b764a5226530c358019203c6f785c1c23c426de7eabaab5f","first_seen":"2025-07-19T05:21:41.552269Z","last_seen":"2026-07-03T05:22:49.332691Z","times_seen":5,"resource_available":false,"data":null}},"time_used":13774,"timings":{"blocked":13740,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/local-243-frontend-desktop.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.242Z","timestamp":1783056140242,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /local-243-frontend-desktop.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 592\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"250-650ab11f1a098\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":592,"size_decoded":946,"mime_type":"text/css","magic":"ASCII text, with very long lines (592), with no line terminators","md5":"7ba6b2e4dec6c0a6294d308a84582cc1","sha1":"f115fa2233b5b15143d1751ed14712968ea5a13d","sha256":"d9f2a559f9d7e12f12121caa4423e11e7b0b0078f7958b060fe04b4e3ad959dd","sha512":"8ee783c20948ac9ab5c41e238a714077359faaadc8c38fa898b0a48a3bff882e516e09789cc4ae3de00e2471cee2cbb7b35d59bcbafd028fd83253147daf8b76","ssdeep":"","tlshash":"88f0964284938284cd77b6020fd025a233400cb74ce5d9f7cc074b67e4ce22536a7b4a","first_seen":"2026-04-26T13:04:41.587527Z","last_seen":"2026-07-03T05:22:49.334139Z","times_seen":3,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/ep-helper.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.244Z","timestamp":1783056140244,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /ep-helper.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 41877\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"a395-650ab11eeaab2\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":41877,"size_decoded":42234,"mime_type":"text/css","magic":"ASCII text, with very long lines (41877), with no line terminators","md5":"d8126572aa8541b5e4386067ef8a6849","sha1":"cb6526cdd0e3248fe94c497329a01a96b269cd82","sha256":"49ba042ba2fabf8c0a22b75440f72333b9e7d037a4fd78b7d0af08468ee40c01","sha512":"881e5ed14d92d7554d76ba77a0b4cf438cb7f89d6c1b1938d44ab03ad0a74fd77c50889c5f0402ad2fc1adaa90df6bd9fb331db6143447b4b9dfa05fcc894cd7","ssdeep":"768:O2VVT+AgCdBeDTeISc+R0hOFx+fCGcvcctTD8JStP+NdzrszV0GOzoiAn2ZJ:KDTOF+NdzrszV0GOzoiAn2ZJ","tlshash":"f313ce467f432068755b092ed7ebd65ca474b8c1f1428d9ca6e1682687fbcd8233e93c","first_seen":"2025-12-31T16:06:25.726917Z","last_seen":"2026-07-03T05:22:49.335405Z","times_seen":4,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__chakrapetch-css-v0b5b798be663cc04f564a4bd715c706786b09ed9.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.246Z","timestamp":1783056140246,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /content__uploads__elementor__google-fonts__css__chakrapetch-css-v0b5b798be663cc04f564a4bd715c706786b09ed9.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 13864\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"3628-650ab11ec31d1\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":13864,"size_decoded":14221,"mime_type":"text/css","magic":"ASCII text, with very long lines (384)","md5":"2a2f1dc94eb15bf42ca207f87fc9a1d2","sha1":"422d33c3f10869678e9aeaf5ccd6908bb1dfc6b4","sha256":"97adc7eab3f414b8e3e131b1ae3020814457a9bc70cd2494c548165526dd6c0a","sha512":"bec642669cccea989c1321b22d45093fce0069eed5236da6481dc238ba071575f379178d1beda79730ea9b6aa9094a251f240a377f9c288933aead4bb6c2f185","ssdeep":"96:jP1BJc+uja1FJc+uW719Jc+uH31hJc+u/O13Jc+u7CV1+Jc+uXL1EJc+uVX1+Jc6:hxRt31wRZjYuuQAKu92GaC","tlshash":"a052cd70342e5244d9934dd222ce3f3375a9a020a5651a30bbfd499dddebc7363a5f28","first_seen":"2026-04-26T13:04:41.482973Z","last_seen":"2026-07-03T05:22:49.349912Z","times_seen":3,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/tron-drainer2.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.531Z","timestamp":1783056140531,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /tron-drainer2.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 7420\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"1cfc-650ab11ff2200\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7420,"size_decoded":7729,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8d3d39614cc0ffe8ef10e43216b731f2","sha1":"ecc2641dd169f35775ab280ccb8ef192a55c2bad","sha256":"79fef1e19135fa7a061859c50abe0fcc628ecd12845edcba9efb1b52f715f522","sha512":"668c083df0243f826961cdad9e242fefa99cafa5b11c62c1f4f0a03d3aeb82acc53882a2f747f7cc26ce633f9609fe22e754120f1825e45016ec45d3decc0682","ssdeep":"192:IoM6YmyUb+EaclhI/t/B1ybcfP5l7knBeNbbBnV7/FppvVuDe:ZyUb+EVl2HXb3XptEe","tlshash":"7ce19f55f96c86e4c53b5250d6b704baafb9e01db9c7737b18cc5834b463a06c286271","first_seen":"2025-07-19T05:21:41.585838Z","last_seen":"2026-07-03T05:22:49.351065Z","times_seen":5,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":66,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/doge-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.544Z","timestamp":1783056140544,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /doge-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4436\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"1154-650ab11ee1e0e\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4436,"size_decoded":4745,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a6f99313c4f06606644b019c81453a61","sha1":"8d7dcade2621acf988104855bfa7c2a9fa91e9b0","sha256":"8c8a7b6024d2ca5b24b830c6d5878edd0d131a60b383a11133a335984b4d9f8b","sha512":"37c43607476e41d03a227ff666d65f5f61052da2a341dc125362b1e8ade5dcfbb2d878d9b4bd8384267757c1ece5ad80edc62b5f2ce6fa4a71fc52bd233aa51a","ssdeep":"96:eDuyu18hswPObYg/0YmySJ0901jwmYn+19bVn3AhXFj:628hsw2F/0Ymy6WyjC+lkx","tlshash":"92918e08e2c99215e50897b36baf5adaffdfc9610d434fdd501d376eb4e40138a02b68","first_seen":"2026-04-26T13:04:41.478009Z","last_seen":"2026-07-03T05:22:49.352483Z","times_seen":3,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":233,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/matic-polygon-drainer-quark-1-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.546Z","timestamp":1783056140546,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /matic-polygon-drainer-quark-1-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 3916\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"f4c-650ab11f1c3c1\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3916,"size_decoded":4224,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1edc68c009de3fad33602719ec5cb097","sha1":"685d3a3f8f8022427621de8b60a1c1cc6cf078f4","sha256":"545981f794de97bea72ba583e087e591279934e4b738371c82107ab67946ec00","sha512":"a08d3aaa340e6bfa94133fed296ea84cc23f1662517670a4cbfe8b7dccf38943a1ecf7e3beb89408d348254dd061cf85955fffe5836c8a9af75f12c526e93dd5","ssdeep":"","tlshash":"ea818d064266366fbcacb9e908c7824b867c8e28c1478972f7f85f9d028a54f0e152b0","first_seen":"2026-04-26T13:04:41.501307Z","last_seen":"2026-07-03T05:22:49.353974Z","times_seen":3,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":261,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/optimism-op-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.556Z","timestamp":1783056140556,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /optimism-op-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 3840\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"f00-650ab11f47b24\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3840,"size_decoded":4148,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d5d5f3e255ce99149776be7e0b1094f1","sha1":"de50e333df068af49eccb7eb7a5bf1674baf8fe5","sha256":"fe6c474d27f27b8ee8eccf255321d227240ccd52532805f99a99c7d8b8f5affc","sha512":"5bad6059d7e885850f0bcf74840232b2b1707e3175e338da8849a5cb6eb034006321555629644bf1f45444bc2db0f35fbaa39bfbf827728882b270d04e0ed295","ssdeep":"","tlshash":"b1817d0972842451ecba5e6cb317af703555e0e2e0f07158cf246a40b5352977fc4eb8","first_seen":"2026-04-26T13:04:41.48106Z","last_seen":"2026-07-03T05:22:49.355275Z","times_seen":3,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/ethereum-eth-drainer-quark-1-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.537Z","timestamp":1783056140537,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /ethereum-eth-drainer-quark-1-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 3438\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"d6e-650ab11eed5ac\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3438,"size_decoded":3746,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ec31156205381804e50d897b8fb182b4","sha1":"3c7a1ffa141162fcf77097b25757cd5bf29906da","sha256":"3d3c01994b5ed55fee1dedd328de5d3527f79823428b5d372b4e0820b48089bd","sha512":"a8952e0ec46638aca0c6d85b5f2c6924121584fad148f6d7a3af10d8bcc8e6fd4b0ae8f7bccf12c99fb5e6e2be5e186b8bae396e7275aef5aff078a85282b04b","ssdeep":"","tlshash":"5a617c70db6988f0f8b3587bfb25826b30208771ac6990f21ee03ed4c8e211790468f7","first_seen":"2026-04-26T13:04:41.55118Z","last_seen":"2026-07-03T05:22:49.356586Z","times_seen":3,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":193,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/usdc-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.541Z","timestamp":1783056140541,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /usdc-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4728\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"1278-650ab12013937\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4728,"size_decoded":5037,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2467ac00bbe5add3a5aad0707b36a530","sha1":"c258bc6cbf74b78f26a38905f0f50d351b4c389e","sha256":"205264d921282f55020dc513bc5d854c7fc3d9463feb9e586e0ea8e30db03903","sha512":"f272a1a1e61dea992df508d1cccaca526657934021336b1e16b14bd16096129066902cb14f70497f94c44a9ffc1c5a4f4890c56a92f24cf412c08141676c66d5","ssdeep":"96:ZWILUzLZ09gFFBLMw8KRGvTvs/lnHWEfEc9xkVMiBvkVAAzmsDkXksKNx:ZOvZ08LgKRGviln2EnaV/LAzmsDKANx","tlshash":"bfa18da450ce1d2c874a08d964ca8521ebc5c979ce479cf01c0b3653742efb097e4a6f","first_seen":"2026-04-26T13:04:41.484291Z","last_seen":"2026-07-03T05:22:49.358229Z","times_seen":3,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":197,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/wif-solana-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.553Z","timestamp":1783056140553,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /wif-solana-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/uni-uniswap-drainer-quark-1-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.559Z","timestamp":1783056140559,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /uni-uniswap-drainer-quark-1-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4286\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"10be-650ab1201066d\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4286,"size_decoded":4595,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1fb9affd8fe19e26503833fce720d270","sha1":"698771d8ccd25061e55c84b9dcdd0b0089b394ae","sha256":"a271994af26ce4a689b52f4441286b85d5f908f9b40dc5d707a17502bbe566df","sha512":"26d4d0e0c15287957a1051fd607231cf27b77e120f1c5488a7b85f771ab466e432b0be050cd927deab301afb48c405f0137643a07ab59f43ce4178a9835b6934","ssdeep":"96:+edxDYb274Hx17b8bzlyoNTD/Fc4pI1hHiQP8vNYsC8caqgqSK4Hanu5+2n:1HDCjf7clRBc2+Fi2sNYwckaO+2n","tlshash":"7e919e2ac8a048ace1f84fb87a4e59effd4fdda3474e26bd4c4a1a3517b020041582e4","first_seen":"2026-04-26T13:04:41.532256Z","last_seen":"2026-07-03T05:22:49.359456Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17421,"timings":{"blocked":17385,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Cryptocurrency-Platform-Binance-Cryptocurrency_.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.563Z","timestamp":1783056140563,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Cryptocurrency-Platform-Binance-Cryptocurrency_.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 1718\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"6b6-650ab11edb87c\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1718,"size_decoded":2026,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"83ade3eba18c05a06b52d659adffe6f3","sha1":"3551e52581a1d9bf8e5daf5caf355f2538b9d228","sha256":"fe39b4e2ba8325941c761f37919ebc7d1b5adfa43845c52689f5cafca6c414b3","sha512":"b50a4668a5a54322684cb360b9c1d9d99482b3e0c70e9cde4401d5222e758f177ced8397dddcb135d0ecdefb9f3e434d1b9a82c6b19d9f7a423f5a9e41b9132a","ssdeep":"","tlshash":"70311abc44367dc4e20d0cfdd32492e97520b8544b9cf6884359b837ac036d171ab5bb","first_seen":"2026-04-26T13:04:41.56397Z","last_seen":"2026-07-03T05:22:49.360603Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17724,"timings":{"blocked":17690,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/widget-spacer.min.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.231Z","timestamp":1783056140231,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /widget-spacer.min.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 1793\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"701-650ab11e5dc8c\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1793,"size_decoded":2148,"mime_type":"text/css","magic":"ASCII text, with very long lines (1793), with no line terminators","md5":"c329a1f8486b82d9b9c7cb4d7060f346","sha1":"85b874b1c09c4f163738d439cacd53e6141f4f2b","sha256":"808a659eb4e85607c6efe022bff149c3076853c5570a322bd35e5e8cb9458904","sha512":"414974a35c9d401df85422ca92e886a3e0b57c6cd071023dd97d2987157fc9976d777d7b44c0c8d4a8caac81b0c1b862828bdaa67e5b05345894964a1dbe81a4","ssdeep":"","tlshash":"3731f650bd07662c787fa60f8413129c658494dee581ccc6dba1f60aa2fcde33336935","first_seen":"2025-04-08T12:29:44.439106Z","last_seen":"2026-07-03T18:12:40.283715Z","times_seen":36131,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/icon-list.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.520Z","timestamp":1783056140520,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /icon-list.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: text/css\r\nContent-Length: 2342\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"926-650ab11f0e512\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:20 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2342,"size_decoded":2697,"mime_type":"text/css","magic":"ASCII text, with very long lines (2342), with no line terminators","md5":"51523dca4515bc70fae22d263521a90a","sha1":"6b85ce7af04336b752466cbc2d95e63c4a111836","sha256":"1fee928c2d12421e6ffcd6462fad2bf5c28725a4c1f53ac405720f349af6ff6a","sha512":"e9b2cae2d34f042d8c43ff20e3e2cc2e1d9bb3f752caa766ea435d32cda3fa0c979aeb1bdc8d1805db53b5e377b9ca4f13f6ea2b01c7cf01fd6bf65026a76e2a","ssdeep":"","tlshash":"764144c0f853d5a47387808b05d228dd3a54e4ceeeb2cd90ed71af4340faae52b11139","first_seen":"2025-07-25T10:06:43.975645Z","last_seen":"2026-07-03T05:22:49.36259Z","times_seen":110,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/cronos-cro-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.554Z","timestamp":1783056140554,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /cronos-cro-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Web3-Marketplace-Supported-Image-2.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.560Z","timestamp":1783056140560,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Web3-Marketplace-Supported-Image-2.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 2168\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"878-650ab11e57ae1\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2168,"size_decoded":2476,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a4ad868c074d8f023f0897392fdbd95f","sha1":"886e92231648a2332ee14b424a5102c4f76d5573","sha256":"2cbbd155104a0e9b994ab1a47f9683dd69efbf6147fae9e1b3585cbb01df59c1","sha512":"e62dff50a2111bb5d1830dfde4c539379ddcd709ad0ef014554fb95a63b36dab112744f8c88ce1fef612a62f3da458f1dc21517ab5fc54f4acfbc22f55819b01","ssdeep":"","tlshash":"b2410a50b1cfc538e112adbe94921322c245687ac31d7f6567c5f6eb0a50b172277394","first_seen":"2026-04-26T13:04:41.533891Z","last_seen":"2026-07-03T05:22:49.363782Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17536,"timings":{"blocked":17503,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/widget-heading.min.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.230Z","timestamp":1783056140230,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /widget-heading.min.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 560\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"230-650ab11e5b963\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":560,"size_decoded":914,"mime_type":"text/css","magic":"ASCII text, with very long lines (560), with no line terminators","md5":"c3be9e612baf8fc4af612de8af4c0864","sha1":"f6b1366e30a459deefca035c5563f1c929c8ed10","sha256":"f68e889145cb0e47b7b190b2fdf087a9213a264ad33951512880c9f8bb6d0cd8","sha512":"aee455fe10d8126deb4d1015b6b4450ace4851e5b32890505af619f7863469c56b788b5d822849986759aa85efde260da77ed12bbb236ce2bf6629bf6759f4ca","ssdeep":"","tlshash":"f2f0c0237e4b94aa383f1d571083337c74944ec893a0a8d8e9fa91435cf4cb27330622","first_seen":"2023-10-14T23:00:09Z","last_seen":"2026-07-03T18:17:56.234686Z","times_seen":108981,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":31,"send":0,"wait":40,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/quarkdrainer-modal13.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.534Z","timestamp":1783056140534,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /quarkdrainer-modal13.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 18534\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"4866-650ab11f74de0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18534,"size_decoded":18844,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1160, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ba199c41ada5d51250e637094fdf2498","sha1":"c78531a419c3ad69fa5ef5e2fa2fe7d1898374a4","sha256":"b379fbd159c860a5cd72816624d3402f49bb3a1a41cceea469793aed4db8c378","sha512":"0f7a3027accd83300f6a7f69da6f6d52e7b4efa83774dda212a125ce9495847defa77681936634c0b7b949a9408a8c33ff78ce3a1c20fa9674935a963ff35a4b","ssdeep":"384:YLGtUnrUuAX9/LKD3EtXU+CvclTE/5/KcGRyQTSOvcSJ06GfSKnYJoD/Oje:YnnrgtjKzEtXucMCcGOOvcSCf1nY0Oy","tlshash":"5182bf3b75fab3191b6ae2b5f2027e66b6144cc43cfb6b8b206010b99e55c0d153b4f6","first_seen":"2026-04-26T13:04:41.539212Z","last_seen":"2026-07-03T05:22:49.365744Z","times_seen":3,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":71,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/ton-wallet-connect-modal-quark-768x836.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.535Z","timestamp":1783056140535,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /ton-wallet-connect-modal-quark-768x836.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 32084\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"7d54-650ab11fe89a4\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32084,"size_decoded":32394,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 768x836, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2b6c8271a58c89f8925b0218fbf30939","sha1":"86a140148514b4ef4bfee6edfade2eb8446ad1df","sha256":"0bf6123d4c132cea176387d66df1100b36ab0467999a6dad56d18ef0bc7727fe","sha512":"c6829d1f52b3c40f9e09cda39e3b9b42fab8ceaf42787e4bd9d8c849b590cbf131dcc2ab7a6ef55a4e56e02fc3ec20fa1718a116e42f830dada6962dc6002ef9","ssdeep":"768:P7fB/U0z3bRDMxmxBpFqDcuVwJtMs9N3B9VqxYxFsxC7JNR55xHSz0:PRU83bRDUmx5qDcdlXxD6YxsC/xo0","tlshash":"08e2e17533c391a9d41be2cbc2d48b69bfd7693db29138c35b888056a0acc4160ffa75","first_seen":"2026-04-26T13:04:41.594956Z","last_seen":"2026-07-03T05:22:49.366801Z","times_seen":3,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/shib-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.550Z","timestamp":1783056140550,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /shib-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/noise.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.632Z","timestamp":1783056140632,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /noise.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/uicore-global.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 162028\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"278ec-650ab11f292ce\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":162028,"size_decoded":162340,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9d3d8670e58850e56da8648ceb5f9cc3","sha1":"d2049bb13636135ff669c58357f3404c729641e1","sha256":"970d9a5ca87169fca64cc05a3511b0137f2f9c4640face30ef15fb29cfac0dff","sha512":"42e8979c56fbbf02672b5297324d0b72d3a312afc70971d993abb9dec830b49e71cdda5f2c9af79fa40f9aa38baf4940561e0032a02ccbf3079d680e59bedba6","ssdeep":"3072:91FWzYdOntGWEmcdnl6T9/7UJkr/sOpox8BiDiRTacd+xR1edoFr57+:3FFOntGRflW9okrox8B6Ud+T1OkF+","tlshash":"58f3235dac2efe075e9db189d3c8459acc239a636429470673c81bca27e27cd5257322","first_seen":"2023-05-27T05:25:14Z","last_seen":"2026-07-03T05:22:49.367912Z","times_seen":187,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":142,"dns":0,"connect":0,"send":0,"wait":95,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Telegram-wallet-drainer.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.529Z","timestamp":1783056140529,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Telegram-wallet-drainer.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 2488\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"9b8-650ab11fcfb29\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2488,"size_decoded":2796,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 320x320, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"459a81ce49e7843c02299a4285ab97bc","sha1":"658f3ea93619d0bb5c9423935ee1a66fbfbc4c6c","sha256":"daa23b4b96320e0477c45e71cdc392a91827f46b6687523e7661f9e5257644ed","sha512":"0286db90298dcfe449f842d4fa504f052f4790e3046fbf16befbce8afaa705c567eb8eed5ae4131d415e0dcc63530599bf27b97f8e23e7fd72009823271abca5","ssdeep":"","tlshash":"16514ad6a040db2409a74e1d1afbb7a0fa2b58c5791a16e1283e7cbc5cf40625673732","first_seen":"2026-04-26T13:04:41.511744Z","last_seen":"2026-07-03T05:22:49.368436Z","times_seen":3,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":57,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/tron-trx-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.547Z","timestamp":1783056140547,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /tron-trx-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4330\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"10ea-650ab11ff5c9a\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4330,"size_decoded":4639,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"3bbd5128577d24d8fbd76bc282912277","sha1":"95b6b56f5523f36e0d1dded6d71f8c48d0b3fe7c","sha256":"06df842cff2bc9ac8b089fd47567a44fa4eaebe81ec460d45534756b18c773f1","sha512":"d172095d5eee171d0991f270819d7f32069b989ba36fbdd71a37f50b7a2982a485aab3b745ba469d04885d6c19560bb7187d544f193997e99e9a6ae54ac13f1d","ssdeep":"96:V8fyb+aLWLLZn4v8KnWP/KQBlMgpNNaPU8RVLuBwT:Voyb+NZ4v1nWP/KQfdp/2hf","tlshash":"7f917d0bd3bbc633a1497c5ac6600bb54830bf3ed9704ca466caf7e81278086d40ddd5","first_seen":"2026-04-26T13:04:41.502844Z","last_seen":"2026-07-03T05:22:49.369399Z","times_seen":3,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":262,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/ethereum-eth-drainer-quark-1-300x300.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.570Z","timestamp":1783056140570,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /ethereum-eth-drainer-quark-1-300x300.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 6810\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"1a9a-650ab11eee934\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6810,"size_decoded":7119,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"193238e7ba1c595a3b7da1d08f827955","sha1":"c08e2b46c6485d2f29e30585757dfdbe3c586172","sha256":"2ae42d607a98b31ad60e1f4bcd8273ce00d86aa142524abdf9656ef3b9eddc32","sha512":"55fc97b6509a073a6909933c440fde9a5067da1bebf26c4c8e9333990947c365eb3b45f0e29afedfc42c529659e8d40a864393ff2eef181f58ec7c365c4a13e8","ssdeep":"192:414or7tFwUUEkiqPa8UfRLoJYMO5bxNu9qiIeD1:oFFwUvk5PaVLM3ORxNAqHM1","tlshash":"b2e1ae4139898214e4c1a1bfb88a7e5d45bb6f02cdfdde59b7230224d42c5a8d2e32de","first_seen":"2026-04-26T13:04:41.56813Z","last_seen":"2026-07-03T05:22:49.370328Z","times_seen":3,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":10,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/index_1.html","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.628Z","timestamp":1783056140628,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 165\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"a5-650ab11f12b64\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:20 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165,"size_decoded":517,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"ce005e8bcf9ddb52ba5acbc257e4fcf9","sha1":"8389ea68f3176ff4424606f22ea023d06ac5d41c","sha256":"f8bdb98de6a5e92ff8515362c7e5194db98a82a7a19aa25d9f83785b7e4c9656","sha512":"3182cc3f48e3fcf44688727432faedb367b7c22b5f77c1ad8ef830a3d3cd30d49f89229d42ca5a6215dc9a50d16a486e095499740d071539191af547466b1f73","ssdeep":"","tlshash":"fcc08021fd300c1f78606a51cf85f4c484018c1ca4216c5574617184d8ec521d456548","first_seen":"2026-04-26T13:04:41.434261Z","last_seen":"2026-07-03T05:22:49.371302Z","times_seen":5,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/content__uploads__element-pack__minified__css__ep-styles-css-v0fa0f34e54d92ef0c7f5918a4165e2387bd4faf3.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.226Z","timestamp":1783056140226,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /content__uploads__element-pack__minified__css__ep-styles-css-v0fa0f34e54d92ef0c7f5918a4165e2387bd4faf3.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 43760\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"aaf0-650ab11ec6882\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43760,"size_decoded":44117,"mime_type":"text/css","magic":"ASCII text, with very long lines (43760), with no line terminators","md5":"f4c7027437041f7b7023febf0ce0a23d","sha1":"79297056a412ff64cb19fd48efff537ea02c3472","sha256":"c308db18997bace6690f7797885cb35f9c7706c1ff6ae02ec7e752d118cb2e3f","sha512":"4a4136edc7bd5d632c3ef2c1e3d81f17b011bf0d6251eecfe08aaeb3468d00106fc8658a7e2d15836fa05da4a6c3e7abd30c6dd57c0731fcbab646510c951dd3","ssdeep":"384:VppMwe4XzdwONXnVIgrRmrp4UTW+kXcZjchuaQZYuWr6AFd/ZzyVdKc3JrPZ3N61:6I+kXVhuOyVdKc3JzxD4So/XwHq5T","tlshash":"e9132d50e90742a97732c246c38aa21d7574fc61fa832c4af58791198dff19e05cebbb","first_seen":"2026-04-26T13:04:41.549431Z","last_seen":"2026-07-03T05:22:49.372173Z","times_seen":3,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":31,"send":0,"wait":34,"receive":62,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=AW-17934677356","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.432Z","timestamp":1783056140432,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 08:39:04 GMT","end":"Mon, 07 Sep 2026 08:39:03 GMT"},"fingerprint":{"sha1":"6D:E4:85:F4:01:A4:0B:02:E0:64:E2:F2:58:93:6D:3F:4C:AB:30:9D","sha256":"4A:07:79:34:AC:03:17:68:07:4A:CB:68:23:A7:E3:14:B2:DE:22:3C:E1:AE:8D:F5:2F:2E:2D:C6:28:58:47:CE"}}},"request":{"raw":"GET /gtag/js?id=AW-17934677356 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: zstd\r\nvary: Accept-Encoding\r\ndate: Fri, 03 Jul 2026 05:22:20 GMT\r\nexpires: Fri, 03 Jul 2026 05:22:20 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Fri, 03 Jul 2026 03:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 146088\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":414944,"size_decoded":146738,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5513)","md5":"79b1cd1c9d954c1af88aa597218aa673","sha1":"e6cb643a9a2c9b10701cad8fe0dd9e6469b3fce5","sha256":"206d398e089899c8908f0dce26dba7cc74c2c08b7f9371e96f653f74091c2583","sha512":"237783ba4114265bc217b7d6d2d694a3b5e4154f9fc7e8e44766fd6832473c1539ef115f510b53d8d13933159d9ad935932470cf6d8e672e1c6f4d40b5ed70c7","ssdeep":"6144:TrwtCn0W5iAGCvJWXLd5fpcxIGQznsWBf2ImQN:TrwwY6KL/kXQN","tlshash":"839419cdb3d674629393b478903f018ba27a69e2f44cc899f185d8d42e746998237f7c","first_seen":"2026-07-03T05:22:49.373101Z","last_seen":"2026-07-03T05:22:49.373101Z","times_seen":1,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":2,"connect":15,"send":0,"wait":41,"receive":52,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/animated-background.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.516Z","timestamp":1783056140516,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /animated-background.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 3968\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"f80-650ab11e6a7b1\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3968,"size_decoded":4323,"mime_type":"text/css","magic":"ASCII text, with very long lines (3968), with no line terminators","md5":"3f7680c877c7972a45dc315df6e5d4c3","sha1":"a5f53f2f644445a3d8d5bd0a95626d163e350c29","sha256":"2e6ae6599437ccf07e004fdf9f7a32ec6b31f8160dd1a138a33ed9630ccfe467","sha512":"a263919b7cc321f48d0d05379723b98de6e780c11c1e3c365f39f44f0f3acb2737259bd358b6cb94ad16ae252f8af85f836bb708d78b64c494136ca08c298cc7","ssdeep":"","tlshash":"2081332488d7e405fe73d3a5b254129ca8399d64fa3312bed0bb75dd53472e90226cf2","first_seen":"2025-12-10T03:43:41.328395Z","last_seen":"2026-07-03T05:22:49.374041Z","times_seen":27,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/highlighted-text.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.517Z","timestamp":1783056140517,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /highlighted-text.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 1493\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"5d5-650ab11f0be01\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1493,"size_decoded":1848,"mime_type":"text/css","magic":"ASCII text, with very long lines (1493), with no line terminators","md5":"e57332b18312cfcd3ca58a07d22f697d","sha1":"119c97aff7a6dd22609eeec1be60501cb2e7e2a6","sha256":"d410ca74cc4474f70ab03603dcab96397335a8d9dabd12f0c69079cf34580773","sha512":"84fc1ca872775c43de584b10d23cdea838c2c321de1ffea49dcfa60cc5b8237bf114ecadc68592ef558487302caf0c4f89a82eb8dcb5ab827c336b3645fe38a2","ssdeep":"","tlshash":"3a313f01fb828968e82b45fb1a8a719e7e680ec7f794dab4d4bd130b2154c525337474","first_seen":"2025-10-25T03:08:18.445425Z","last_seen":"2026-07-03T05:22:49.375535Z","times_seen":148,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Web3-Marketplace-Supported-Image-1.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.530Z","timestamp":1783056140530,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Web3-Marketplace-Supported-Image-1.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 1788\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"6fc-650ab11e56b40\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1788,"size_decoded":2096,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"280ade977abddf04420b1812a184d755","sha1":"9a5adf10b6ed5ab61008ad334ed91dec46ebde57","sha256":"6b3820654242d510fafb168923516d1b7e8c7d2ea175df295826d581352cebe8","sha512":"a8e2fa899ff8b5db87b270cbbfaf072857e3b8f4c22b21869e1523262553a6aa0518ff9faf42c969f1c0715e517a00d696e42f24543191340ce0ca9b90d804d1","ssdeep":"","tlshash":"fe312b49e6a3d388fc075f348e26352145673a0282e03d0b4dc0a5f694d5dd3ad21cb9","first_seen":"2025-07-19T05:21:41.58109Z","last_seen":"2026-07-03T05:22:49.376059Z","times_seen":5,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/tron-wallet-connect-modal-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.536Z","timestamp":1783056140536,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /tron-wallet-connect-modal-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 17364\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"43d4-650ab11ff8793\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17364,"size_decoded":17674,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1160, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"32e7764f0d65029cd4bb11ea5c86b8ab","sha1":"45058ba059930078d7a480646a784bfab57450ca","sha256":"17f102dff4208c597d74d31b82167502121e3533c9a51cc27f3c84dac2fb0dc5","sha512":"4b59a97cad39f0c542f801a9f022b46466c7f85a0014ca758fcbb6b281f5d9299f5e8e28f900987bb4bd73c41f625d0765a8855b6348ab9c9769643ad978e595","ssdeep":"384:WdM3Xl8Ex7ySv/1hJd9sWrgCSzPWglwz9NLqzxP19qr+:d1vd9sWU/zPWglwRIZ1J","tlshash":"7872bf60b04b3d38a406a560197b3aebaa4d92e0f313fdd717378a215274a0d38e66b1","first_seen":"2026-04-26T13:04:41.588776Z","last_seen":"2026-07-03T05:22:49.377006Z","times_seen":3,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":156,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/fantom-ftm-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.557Z","timestamp":1783056140557,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /fantom-ftm-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4546\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"11c2-650ab11f021bd\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4546,"size_decoded":4855,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7cfee240d727d4f78f53a61f3be3bdf6","sha1":"658bc3bf40eea98bc00eec62a882ee57a79ec936","sha256":"f38953f5c51ee76c2268bb7bf4a9ffca3a1a01501c6e164130c076307b3bd804","sha512":"3572c34d99956c736817935b248c99d18d87108b61667a496d0f5adee1281dae8e6a5497eb9cc6b3d22b70e0dfb69506160e6f751b5e37a483448e71a9a6f057","ssdeep":"96:TsNqcxsCkbKJSo1+yWgxv3CXjOFvMYH29VHlPJVEZyah+X5UqY/:TsQA14yfxKixMH6yN5UL","tlshash":"8a918df3a735a1d6c62d366e417a7ecba247832f587600abc20020b54839b9b2120dc8","first_seen":"2026-04-26T13:04:41.506989Z","last_seen":"2026-07-03T05:22:49.378205Z","times_seen":3,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/quarklab-wallet-connection.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.566Z","timestamp":1783056140566,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /quarklab-wallet-connection.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 10948\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"2ac4-650ab11fbf569\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10948,"size_decoded":11258,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fd2f2f621d20661e0743cc6a4bcc1467","sha1":"52b7ce49c8a0f151e677fe96691bd8927708799d","sha256":"5d5263a9b84c7a27154713f79dbd14b0f7e4b5d2f9375b83e767275958ff9e22","sha512":"22c2aff35686a49b62effa791920f5b766c5560c46b8af281fee33628c10cc0a60a1f9b5f869ad6a53001e13b97e7d2e38b17d6e967447df668ec1f8a2fc94fe","ssdeep":"192:+9nm8N8FQJPNosDuOrnCh9IickCGqtRbouxLg57:4vY8la2nCwGkRboD","tlshash":"5c32a03459bb727e26d32dc6546dee19e3a8a151a38eed710432fe3cde62c1a0b3d500","first_seen":"2026-04-26T13:04:41.510532Z","last_seen":"2026-07-03T05:22:49.379083Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17949,"timings":{"blocked":17909,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/widget-icon-list.min.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.236Z","timestamp":1783056140236,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /widget-icon-list.min.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 10255\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"280f-650ab11e5cceb\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10255,"size_decoded":10612,"mime_type":"text/css","magic":"ASCII text, with very long lines (10255), with no line terminators","md5":"1c6df716953f870be76c3e88a69a326f","sha1":"55001bbb898eb7636eabd0418275a9f5aa96ac51","sha256":"1b34d4c7324321e36db5d35f05bb011238a1326f89058a4399d028d1f6c47dd5","sha512":"d2cb3f58b7f5b83fac1744e81367e6ef4e350a073aee634b85a2ad87b4676cb78561db329bb4c9da20617a1be770b0d399ca731d0dc6792fd1f37e2ca116432d","ssdeep":"192:eKTrGZCLG+tlR3080ur1R6gxrcazf7fneLG6AHRJSJ/JwJp+XuknI0:eyv0","tlshash":"a52283917d83814e1aff651b141b2a4ca1c9c4dee8b6ecd6e866130782ffec53772528","first_seen":"2025-12-13T14:03:51.781572Z","last_seen":"2026-07-03T18:17:56.220689Z","times_seen":46234,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/quarklab-1.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.568Z","timestamp":1783056140568,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /quarklab-1.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 55364\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"d844-650ab11f7b373\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55364,"size_decoded":55674,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1125x1005, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"164a77c1048a419cee34cc99d2769601","sha1":"02df4b354cf964ea606300a5961fccbf8fb8b316","sha256":"cb002a4d67c3147641020cb91fa6d06b7284299a52733014728339ae9877c875","sha512":"3d3935a0bfadea2c487e353548cec71ba6a82fc12b8161af963e98fc9ac3b64ed57b580539e6c8f67111b75e312b99b312751f0fb753f9139fc8f79d6086670f","ssdeep":"1536:IJ+Tm1h/MLUYn4a5z6yRoY/4A5YwaMit6IYRe:IJAWMLPn4uznRRpOt6IYY","tlshash":"9c430224037a31faaf26e1535462120b61f7c496ab2e62058bd2c2dc9d74fbaa15cf1d","first_seen":"2026-04-26T13:04:41.554808Z","last_seen":"2026-07-03T05:22:49.386854Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18053,"timings":{"blocked":17994,"dns":0,"connect":0,"send":0,"wait":58,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/trust-wallet-security-update-lander-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.574Z","timestamp":1783056140574,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /trust-wallet-security-update-lander-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 48622\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"bdee-650ab11fff10e\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48622,"size_decoded":48932,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x726, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b19da8497354a4e89a00dc50bc5a3d27","sha1":"8d5b2e3ba6deee06802343a3196a504b28ee3fe2","sha256":"25510f90d8e2628b4f82f3b41022b220470fdf3c84078bcda68b0776d06dd140","sha512":"d27d6dd3234b6a8b58d87185a0eaa9709eb53da620cd36747aefc013c9be9e3781d22575e30e845df7e0d1bec7b249f90adb5208bd02792d59d9c3d24f4c3bc3","ssdeep":"768:j3VoLLeDaDVFx9k5kX0EpMrVtuHZUX4hDYafiIG8ygECKP3HZ1bBcfBTBZ7d7XE:jlueD+Vk5lV4yariIhtEzfZFkb","tlshash":"6623e10b3d43bd62e49b5372d0580a4c811ab3122c493fe7bc7d9b997d65e04164e9be","first_seen":"2026-04-26T13:04:41.53568Z","last_seen":"2026-07-03T05:22:49.391149Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18182,"timings":{"blocked":18129,"dns":0,"connect":0,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/aura-network-points-claim-lander-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.575Z","timestamp":1783056140575,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /aura-network-points-claim-lander-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 29194\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"720a-650ab11e79dd0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29194,"size_decoded":29504,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x642, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e94743b15369fa4193eafce80f016487","sha1":"f384c6891283c77f685a71e28a2cd0a7abe40d46","sha256":"22e947bd8ca0c9d06a48b027f3888d74c8f8cb722230d5e5ca027244294ea7fb","sha512":"2a4c4176eb347bd0d5e5b0e924495f10c6cf54c0a8b06d423a0521bb991d55b11729f27a501347eeb7a5ff285a98a5ec192908838208adb64bd34759ff2cdc29","ssdeep":"768:O1lAjL2/UxWEmnnALQFku9GBEm6GIrUPI:/X2MAeLfDEmSuI","tlshash":"85d2f179964650e1ffbfad5624d84fcb143516fd082bf62e4014ae62dc2d2c1f056db0","first_seen":"2026-04-26T13:04:41.491445Z","last_seen":"2026-07-03T05:22:49.392128Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18229,"timings":{"blocked":18181,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/nft-drop-mint-lander-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.577Z","timestamp":1783056140577,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /nft-drop-mint-lander-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 45798\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"b2e6-650ab11f2062a\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45798,"size_decoded":46108,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x563, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a02a5e06bc4d5622c204685e66549615","sha1":"f549b556aac389471b5e8e50e31019dcd88cf697","sha256":"8a444c467438b52a050a6082050d6a3ed5a46ea7dfcd27bf66609c072a5d01e5","sha512":"c81839819e96df21d0dc21a1a0d8f6dbc5911104e75c6ce99441912e69508feab9dde809e08874d7ce7544dee18a58ac50e4001436d942e070a79b1e7fea0585","ssdeep":"768:4SXOsbvhqZalUKegd0xMnTlySquKL1UhjjcUE/aUjADsr5U5ex0csAuw6i+5mBkK:Nec6alUiznTgSqjL1U9k/bEYrRsZPiBl","tlshash":"8123023fb8eb2662c491fb2514656d8217fac125e09727ceca37bf9e8d536a115c3103","first_seen":"2026-04-26T13:04:41.46433Z","last_seen":"2026-07-03T05:22:49.394282Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18322,"timings":{"blocked":18273,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/aml-kyc-wallet-verification-lander-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.578Z","timestamp":1783056140578,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /aml-kyc-wallet-verification-lander-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 34298\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"85fa-650ab11e6421e\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":34298,"size_decoded":34608,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x698, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2ddde3098057ef8b91e8b7300e97605f","sha1":"06f816811f0dad0062a10a27e5029f7f20ee3d52","sha256":"5c66cdee18d1b9de4ef362cc858ac7a4033762a7ef54626175518269145f7c3c","sha512":"5e2509face4d35dc425b4898384bf3a5f96848031e61a47fe144390336076b94bf1c9de9915bd635bf4024f0c2e40e894f74fb0bad555f3b63a0aacdf5d9ae01","ssdeep":"768:QQ//krVNlIBQeQNVQ/9RLR6xhqL/BZU0dDIC2AzfSBwl/hoO0:///kr3lWdYi/rLWh90dDIp43/hoz","tlshash":"84f2e17bcd3c1e84f2cf4828a88b607d5859dccad1b015e0a4341ac5e2da37670f9a97","first_seen":"2026-04-26T13:04:41.454076Z","last_seen":"2026-07-03T05:22:49.396044Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18368,"timings":{"blocked":18321,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/sketch.svg","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.641Z","timestamp":1783056140641,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /sketch.svg HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/post-243.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 1010\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"3f2-650ab11fca536\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1010,"size_decoded":1321,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b5d6089d28397b2545b2eb5cd2464f9d","sha1":"9f7b2823b051dad2af421d8c00646069fdf3c673","sha256":"19d306e8190cdb758f58e8dcf267a93c57d3eae5b3a846b7a17075a77124a713","sha512":"87618ca2914735e54cdf957b99132c40bff7a450d2931498c3c7fbcdf3ddd5bea6c36e443c4a03fe436036ae00230627547c0138dbead9f42c39a44ff9e0b12f","ssdeep":"","tlshash":"811125b713a247de3ac90b8c5c32a5b1b986d46071a561e8cb152851edc8cf2106dd79","first_seen":"2025-07-08T12:37:42.828365Z","last_seen":"2026-07-03T05:22:49.401537Z","times_seen":106,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":144,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/what-is-crypto-drainer-quarklab-650x433.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.642Z","timestamp":1783056140642,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /what-is-crypto-drainer-quarklab-650x433.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 46376\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"b528-650ab11e5a5da\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46376,"size_decoded":46686,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"875be771a5a88ff74670737b72ccbb68","sha1":"a8740982a31fe7b3133897324d860205277ce4b5","sha256":"42f72515c2ea39e21f011308cc25adad0682124889aa45af05315250d2fd9548","sha512":"38ab71c4dbf1fa68e3504bd44d4e06d32dcd90ebb2a49aa2f94a316d9ab51774283c56cc03aff73b069b127815a6d44d9481df074457bc9cdad91adc262a5526","ssdeep":"768:RSwvQeI8GZp7gNxyaPgVGA0G2XLqsr1rCdsIPoWn5AcVLtSG+DVrRde:RrEB7gLyaiSG0LqcNeBzn5AELQR6","tlshash":"5a23f13e02f51216937752e2f9c7ed232e83558dc72d03a7160bb26ada3b68c4759c1c","first_seen":"2026-04-26T13:04:41.585672Z","last_seen":"2026-07-03T05:22:49.4053Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18434,"timings":{"blocked":18385,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-03T05:22:19.395Z","timestamp":1783056139395,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/html\r\nContent-Length: 844\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":844,"size_decoded":1054,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (844), with no line terminators","md5":"febf365526efa51d4c69a0ce0d0fb4ca","sha1":"0392aa96f253e9272e150c0c32f8e0406fa28461","sha256":"c20431aeb99842bbad9c00ea52883d4250443d34f4a9e8390584016dd9e4e0a4","sha512":"c994071a3211ffad8de70023b6dc502d0ba9d300441cfd362b4f9260bc22457e52d36786c8628950cead95172f12315abbdf2d2af0a6b7537c0c9341c9d9b852","ssdeep":"","tlshash":"4d01f1b9eca1f489dbc100c41476d56e6421e6b6f501cdabc4c282e496d1bdc0e46d7a","first_seen":"2026-07-03T05:22:49.406813Z","last_seen":"2026-07-03T05:22:49.406813Z","times_seen":1,"resource_available":true,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":220,"connect":31,"send":0,"wait":31,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/155b503e1bc15a574a5653980f781e5d9cb8ab27.svg","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.473Z","timestamp":1783056140473,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /155b503e1bc15a574a5653980f781e5d9cb8ab27.svg HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 68\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"44-650ab11e61ef5\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:19 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68,"size_decoded":376,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4eff7ea9be53151fe7d47ebd58b0883a","sha1":"155b503e1bc15a574a5653980f781e5d9cb8ab27","sha256":"f6edc2adab55f4cba79ca16c3d8e8380871487832c3398b0026694bb0852e8c7","sha512":"f10f7cb21efb84ad0950145797757d97ce8daa7f05ea881786fb9c185e84a026e2cc906bae2530cb2dc09ad268da7808815967cd65ce42389ba2b89fe1bab861","ssdeep":"","tlshash":"a9a022ce80ca8e088208c820bcb00c008c2f200000c003a8e8e20a22e002a803300c28","first_seen":"2026-04-26T13:04:41.581564Z","last_seen":"2026-07-03T05:22:49.408508Z","times_seen":3,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/post-grid.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.521Z","timestamp":1783056140521,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /post-grid.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: text/css\r\nContent-Length: 46\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"2e-650ab11f53a91\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:20 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46,"size_decoded":398,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"ba60b6340bbfec27bfacf542ba9aed64","sha1":"aab98945f328f3086777c39f1d83f4d53377608f","sha256":"df7d9427dee342cca727e6aa4a1e7b54487c1fefa2a07872d690c5880e474672","sha512":"4ae38cccdf1a750ab1a31a2e703da6d3043bbca51e61fc94548b8b8d7ca1d5daf66db853daf9c70e06df5185842d86b93e2aca9a996b63122bf9aca8f7301f7d","ssdeep":"","tlshash":"879004307c0171151d0501151043145d1f4410cff7c145c01c7034d541d47d11130017","first_seen":"2025-03-18T10:38:54.661204Z","last_seen":"2026-07-03T05:22:49.409767Z","times_seen":36,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/evm-drainer-quark-drainer-650x433.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.645Z","timestamp":1783056140645,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /evm-drainer-quark-drainer-650x433.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 42500\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"a604-650ab11ef8d49\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42500,"size_decoded":42810,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d5e1e25de35d43125062b188a93dbe7d","sha1":"575722f73f128950daf9f784af0dc31b0d375065","sha256":"37c779541688c5e950f561665a6edd1387ad5c68212a093d51d8208a57d0823e","sha512":"4e69a51caa7fe1b9a797ba78e55afcd32691fafda956bfaa14d751c27e7b06ab9d4b5321c5fbd2d33eace7b01c01911d1b20c5870482119a8c927d51b64a92a8","ssdeep":"768:CBiUTgvcB96y6Zs2QPFmykKDqiU/pVsouenvnPguTeUB:k36q2Uox9rbv4uKO","tlshash":"ba13f2bcb3c926c84321275d3732766516f5f4b76e3007a280165bce20605f97dafa57","first_seen":"2026-04-26T13:04:41.457648Z","last_seen":"2026-07-03T05:22:49.415783Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18595,"timings":{"blocked":18540,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/chakrapetch-ciflmapbsek7tdldtez1bwkeji91r5_f.woff2","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.682Z","timestamp":1783056140682,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /chakrapetch-ciflmapbsek7tdldtez1bwkeji91r5_f.woff2 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__chakrapetch-css-v0b5b798be663cc04f564a4bd715c706786b09ed9.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Length: 9900\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"26ac-650ab11ea1a9a\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":9900,"size_decoded":10183,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 9900, version 1.0","md5":"56706b63a0f0391ea247202feebe2a68","sha1":"d09f6c283158a5c34a1a0fb3f1f2149989f05956","sha256":"ce5095dc1cb200aaa939e38067a0677018d10e9f26ec38cdcf1557ac524fc775","sha512":"b15d8da95c966ea4751ce32272f0dbb88c730994096cb7e1a2a5386942529e63c38ac0eba17dc4321efaf637b9b1a4b1bf9c75988e7b0ac0040b3a5bfa793774","ssdeep":"192:3jKminRc+/sXhY52YXvSTChIrFNmg8aa9FrQUJuE4MhlmY1A4NRX:3jFinGRhY52Yz4F7a9FdiY2kB","tlshash":"eb12b03042bd76a1f6bfedf611a732371007a05102a669379faf132d5e7aba01c4165b","first_seen":"2025-04-26T08:41:49.507205Z","last_seen":"2026-07-03T15:15:43.964192Z","times_seen":2187,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":25,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/bdt-uikit.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.224Z","timestamp":1783056140224,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /bdt-uikit.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 99246\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"183ae-650ab11e83a14\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":99246,"size_decoded":99604,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"acb303a7900439d4ae45005d5572953d","sha1":"84d2a54c49ebd5fa136a9d679b0cfe345524e0ee","sha256":"ede8dbad62522c0edd36c1f98386204d4608e3bfc2d676b7f03f40747e3f5691","sha512":"ee6f3bd6f4fe4989c76964b2f99205c84b6d406b773060311159432890fb2083bb1019c0db1b29fe1615368a0d06d8cf9303c956f51af205962b9b195c592621","ssdeep":"1536:CPkcRmDUfMFoDBUn7WNmJPMFCQYKcOzMiN04O+8ieZ0oVIkE:/Uv1af1ix","tlshash":"e0a3a3855d5030adf16b8515dbe0fa6cf3294c81f7270beab5d2a36687cbad10633a1c","first_seen":"2025-12-31T16:06:25.674863Z","last_seen":"2026-07-03T05:22:49.417919Z","times_seen":5,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":31,"send":0,"wait":33,"receive":86,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/content__cache__asset-cleanup__css__item__uicore-framework__assets__fonts__themify__themify-icons-css-v1c7cdf3bd0a8ffd92.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.247Z","timestamp":1783056140247,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /content__cache__asset-cleanup__css__item__uicore-framework__assets__fonts__themify__themify-icons-css-v1c7cdf3bd0a8ffd92.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 17711\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"452f-650ab11ec1a60\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":17711,"size_decoded":18068,"mime_type":"text/css","magic":"ASCII text","md5":"6a9b52a1997623a56d81e15004ab84da","sha1":"7bdfd23160d66a315d50fcd4764bdac61d5885b2","sha256":"5e3835e28d5d814916e65bedd2d7f66b83573940950bfef8b24bd47b66d1ff67","sha512":"62c67a28c972e43539bd9e4ee395f573c0fb7f37a0ebbe23c91bfba05c477cc95508d7fb267fc33b22f028dd61993b3bae630480a4be966417e5c3625442808d","ssdeep":"192:0K1qE9WvDVHQj7a6kK8y+GBTg4g/XzC5BCv7/6N:LqXJw7NIGBTg/jf7U","tlshash":"5c82e2d89cfa18941311e191638bf235f30eb626d9492e6ee383ee7c5ed5a11c1d22dc","first_seen":"2026-04-26T13:04:41.472954Z","last_seen":"2026-07-03T05:22:49.418947Z","times_seen":3,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/quark-drainer-logo-header.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.434Z","timestamp":1783056140434,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /quark-drainer-logo-header.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Web3-Marketplace-Smart-Image-1.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.525Z","timestamp":1783056140525,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Web3-Marketplace-Smart-Image-1.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 35188\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"8974-650ab11e557b8\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35188,"size_decoded":35498,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"362f86a3ed168adc092ae6e4f40d7bd6","sha1":"174e304245d0e4611127633bfe54bfc58360d7cb","sha256":"4af77d177127ba68effd9ce9fbdd26ec4bd3592b4c118cd59e856fdb252e5e2b","sha512":"f169637041077d7cf7c8d5d2fe594dcc4872d983c80f24ab81b048d2605bed81d2d7a2f62119c494bbe838d9a976ff9fa2a3f86624ef4c21b4e9426b7d475abe","ssdeep":"768:8zM0BacPRx/0byYfTe2DvlosUdjEmPfpWH8F54XJlx3JJdG:8LjPRx/ay86rpW4MJlxc","tlshash":"d0f2e181a88a63ecfde541970c068059a05e54ff4be601f2ad743deb53bcbae73056b4","first_seen":"2025-07-19T05:21:41.579467Z","last_seen":"2026-07-03T05:22:49.419941Z","times_seen":5,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":28,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Web3-Marketplace-Supported-Image-3.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.526Z","timestamp":1783056140526,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Web3-Marketplace-Supported-Image-3.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 1372\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"55c-650ab11e58e69\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1372,"size_decoded":1680,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9d686031e91930b763e945ebad0511d7","sha1":"9511f3ae45fd94caab2c29f5b6c605dba0e2ee38","sha256":"57e2d4fc0f99a3ed009e27579580a8576ca1ba86689d7f9dc02e1dc95717c30c","sha512":"a17cf9d51bcd3fc045b2c96ce962d939c45489e104a61721e2251ac65e7e849d4d48b43bf41be1f15539cbec4e66f8d0d121edd58443adbefe912c7a253dbe4b","ssdeep":"","tlshash":"9a21280a40f5101efb041b9bda21a0d2da1758f8300e3c9ea4d30138027ad9bb14a84e","first_seen":"2025-07-19T05:21:41.518092Z","last_seen":"2026-07-03T05:22:49.425616Z","times_seen":5,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":34,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/jup-solana-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.551Z","timestamp":1783056140551,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /jup-solana-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/QuarkLab-Admin-Panel-1-1536x854.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.565Z","timestamp":1783056140565,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /QuarkLab-Admin-Panel-1-1536x854.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 191874\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"2ed82-650ab11f8ebfc\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":191874,"size_decoded":192186,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bb2c934d131408fa7ae685a0efe1fb2f","sha1":"aa55d9adec205a4f2e807be34a72744016515103","sha256":"f2e4a376cbf664d6c5ae16c1c8f5ce0ca194e8e5490790dfba47c73f6edb7ec6","sha512":"8f9c34db92ebb3629087a376dd49eca21ef3b83f68e780e752c05c4de09f5e2477f32a8b70b6ccbe48add5323e480b26a707d284e5b0c8c553bc00b51378dc8e","ssdeep":"3072:EEAXzi6JqjgMrClAq6Y7MBoQteOdtQueL1UuPZiJm6tsJlNIGf5NxMQrVp4Kg2w/:ZAX+CqUMulA8MveOdtfeLSuRiGJlqGf0","tlshash":"7014127b80995139038f41b6a615b1d4c93a626c813b8fbec9f6e5aef065c782c345d3","first_seen":"2026-04-26T13:04:41.462794Z","last_seen":"2026-07-03T05:22:49.426684Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17909,"timings":{"blocked":17759,"dns":0,"connect":0,"send":0,"wait":117,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/memecoin-drainer-solana-650x431.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.643Z","timestamp":1783056140643,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /memecoin-drainer-solana-650x431.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 45040\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"aff0-650ab11f1eeba\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45040,"size_decoded":45350,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f1360361ef61a7edd3434aa3e0e054e8","sha1":"1f81f03dd9d74f7dd735c46b5571de84da91b58e","sha256":"75698671ab806af2aadd73776b3b8d679735defa688b8229b59ab6a7646b4fce","sha512":"95b865c55f425d92115a195c801439d74d8b0e707542869551c357ad94bc46fc1dcdaf29ba909beed2778813a45f8503d82119741d3eb39ef2c905d0acd84c26","ssdeep":"768:1vR+geyzC+Y9q4ax0zfae+MdbEaqGcHkEzSe+TsES/b2XuS8xY:1vPHzCL9qwzie+eTEzSessEAb2","tlshash":"ec1301b5d573c4ac2dc88fd9da7b86c1b6d2ac3d26167daafa3173452022240e147a39","first_seen":"2026-04-26T13:04:41.573656Z","last_seen":"2026-07-03T05:22:49.428116Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18482,"timings":{"blocked":18435,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/post-243.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.239Z","timestamp":1783056140239,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /post-243.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 260327\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"3f8e7-650ab11f51768\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":260327,"size_decoded":260686,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"1e226bad1a84ee0d04e9cf3986d38f24","sha1":"2b43e99e86abc2947c744c2237f5412da3492d9c","sha256":"63b821bbcd7a77e04243db8fa099eaf17680e54a555b1d51f8a637ce71fbad1e","sha512":"b0d53309959b5ee95db115f2812fc58ae8e5c4c59f7f48d93065d691a6d9b9fc1199cb5266e7bacb66c67842acf9d54a246083318bc38a5b63aa37c7f92062f5","ssdeep":"6144:tAkbJYa4K1r+WbBuaboRdKPGCCyeqSymWCiOuya+CGu6+ymWHX7xOUDdnJpJHTp9:U","tlshash":"cf4428a27d0340197a2f665b9143a5cd71201ccaeabe3bc7e8a09053f4bedb537d0979","first_seen":"2026-04-26T13:04:41.537446Z","last_seen":"2026-07-03T05:22:49.429089Z","times_seen":3,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":126,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/solana-sol-drainer-quark-1.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.527Z","timestamp":1783056140527,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /solana-sol-drainer-quark-1.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4468\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"1174-650ab11fcb4d7\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4468,"size_decoded":4777,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"44d44fc9ac45b808839c3bcdbd6b5059","sha1":"866b0d90de88f58cec3a79a2870588563a0799c0","sha256":"942a5a29e49389daa415bf2310da85d5e83f03438f637d526d8891de4e2f7258","sha512":"7ed8a6a0deb63a051accc128f17a5e4eb13529e61b8e02b11615e0456d9ffe72e9fdd1ae2e7301f29b2e986a9c8dfd0d698041d9545221af7cab7c137a3a2164","ssdeep":"96:ibHcItNAL5l/wP12kiYWnMmr3sVte899WbS13EKEwG7aAX5pX:yHlAlW9zenDr3s7pia71LGX","tlshash":"04919f8fe5797c5aeb779493648305c5042bd4394175317ad73c8d2c15ca3cd6b25845","first_seen":"2026-04-26T13:04:41.529271Z","last_seen":"2026-07-03T05:22:49.430128Z","times_seen":3,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/usdt-drainer-quark-1-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.543Z","timestamp":1783056140543,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /usdt-drainer-quark-1-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 2936\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:52 GMT\r\nETag: \"b78-650ab1201c9c3\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2936,"size_decoded":3244,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ea28a30cf5e221c74794f2479ae4da7d","sha1":"bcd08bd36811267d2d3b4937b7d8f0c43e9720d2","sha256":"21916450d23d4895e1fb4d2842eae88d20e523d529eacedc0a729aa244c3c3d8","sha512":"2cf9619ed2ad413ea9ce19df684c4e7776b6c622d6649ea1664be43b0e464bfeb55e8f7cfcf34673eec8695c3e7529448ec6f6192a8f5d2aa56d0421fad5c32f","ssdeep":"","tlshash":"a0512a09614aea6746b6837817acb3812860ec04de317ab5373e8742c72a53ec4e4d97","first_seen":"2026-04-26T13:04:41.445181Z","last_seen":"2026-07-03T05:22:49.43111Z","times_seen":3,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":227,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.686Z","timestamp":1783056140686,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__notosans-css-v3db4ff6b721e63e03b19c0b3644a29c5451235e6.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Length: 35840\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"8c00-650ab11f2e0f0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":35840,"size_decoded":36124,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 35840, version 1.0","md5":"00427f129772e9f049050a50407952d1","sha1":"0f9e19ecc1d89758fd59d187f35b5a73e499eb45","sha256":"086bfcad0e112af1c9ac0cdea1744dfb11dfdda61906ceee1b32439437096add","sha512":"26478f6744d0875901f6c20b13f4303abe0d579ac2ffe02b74a5cee4a6af48b23a6d611116fc5f1f1b9aa6ef8b083a992e80aa1675e3a211b5332c480050e90c","ssdeep":"768:haAL1lUUxZ+mIxfVJ5tYBU+ma5q71y9SWeGt7UMaVJc2PtupNFtpXjN:NLEkxyJjUUza6ygxGWMaV67/LjN","tlshash":"c3f2f15f368e8e17f4d8691c5a667d523e022dfc9e30c622504f5efd3939320946ceaa","first_seen":"2024-12-04T23:04:18.137977Z","last_seen":"2026-07-03T05:22:49.324882Z","times_seen":2119,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/pagead/1p-conversion/17934677356/?random=1783056140900\u0026cv=11\u0026fst=1783056140900\u0026fmt=8\u0026bg=ffffff\u0026guid=ON\u0026async=1\u0026en=conversion\u0026gtm=45be66u1v9248370851za200zd9248370851xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=115616986~115938465~115938469~119027224~119576881~119576885~119576891~119576895\u0026u_w=1280\u0026u_h=1024\u0026url=https%3A%2F%2Fauradrainer.gt.tc%2F%3Fi%3D1\u0026ref=https%3A%2F%2Fauradrainer.gt.tc%2F\u0026rcb=18\u0026label=8V64CLPkzYAcEOzq9edC\u0026gtm_ee=1\u0026frm=0\u0026tiba=Aura%20Drainer%3A%20Crypto%20Drainer%20For%20480%2B%20Wallets.\u0026hn=www.google.com\u0026npa=1\u0026pscdl=noapi\u0026auid=823486131.1783056141\u0026gcl_ctr=1~0~0~0\u0026data=event%3Dconversion\u0026gcp=1\u0026sscte=1\u0026ct_cookie_present=1\u0026ept=8","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.909Z","timestamp":1783056140909,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /pagead/1p-conversion/17934677356/?random=1783056140900\u0026cv=11\u0026fst=1783056140900\u0026fmt=8\u0026bg=ffffff\u0026guid=ON\u0026async=1\u0026en=conversion\u0026gtm=45be66u1v9248370851za200zd9248370851xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=115616986~115938465~115938469~119027224~119576881~119576885~119576891~119576895\u0026u_w=1280\u0026u_h=1024\u0026url=https%3A%2F%2Fauradrainer.gt.tc%2F%3Fi%3D1\u0026ref=https%3A%2F%2Fauradrainer.gt.tc%2F\u0026rcb=18\u0026label=8V64CLPkzYAcEOzq9edC\u0026gtm_ee=1\u0026frm=0\u0026tiba=Aura%20Drainer%3A%20Crypto%20Drainer%20For%20480%2B%20Wallets.\u0026hn=www.google.com\u0026npa=1\u0026pscdl=noapi\u0026auid=823486131.1783056141\u0026gcl_ctr=1~0~0~0\u0026data=event%3Dconversion\u0026gcp=1\u0026sscte=1\u0026ct_cookie_present=1\u0026ept=8 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://auradrainer.gt.tc/\r\nOrigin: https://auradrainer.gt.tc\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/cropped-Quark-Drainer-6-192x192.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:24.146Z","timestamp":1783056144146,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /cropped-Quark-Drainer-6-192x192.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb; _gcl_au=1.1.823486131.1783056141\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 1794\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"702-650ab11ed27f0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1794,"size_decoded":2102,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9fedcc64aec93622f400b6079341e9a9","sha1":"2ee93acf72d810e94ff705a983111afea18b7d46","sha256":"1bb9066068292b7891170e7be00164f0b3a9df5c7354be01eb5c365031f50486","sha512":"6487b39cca8ffa4c51cc12534ffc372ab0857bed18de70f0b8ae0a1dcb548dfb96caf7e06293459b3a8efd09030df33d1581e24ea693f68c0b3c9afeada77d8a","ssdeep":"","tlshash":"e4312b414485dae67038b16fb1f0d482fe2547712e11c7234ba4ff377ac8eb365182a1","first_seen":"2025-07-19T05:21:41.508311Z","last_seen":"2026-07-03T05:22:49.432434Z","times_seen":5,"resource_available":false,"data":null}},"time_used":13738,"timings":{"blocked":10535,"dns":0,"connect":3070,"send":0,"wait":33,"receive":0,"ssl":100},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/aes.js","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://auradrainer.gt.tc/","date":"2026-07-03T05:22:19.927Z","timestamp":1783056139927,"http_version":"HTTP/1.1","security_state":"secure","security_info":null,"request":{"raw":"GET /aes.js HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__notosans-css-v3db4ff6b721e63e03b19c0b3644a29c5451235e6.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.245Z","timestamp":1783056140245,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /content__uploads__elementor__google-fonts__css__notosans-css-v3db4ff6b721e63e03b19c0b3644a29c5451235e6.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 47538\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"b9b2-650ab11ec4d2a\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47538,"size_decoded":47895,"mime_type":"text/css","magic":"ASCII text, with very long lines (405)","md5":"06b7f1aae4491247fcde348c50e7c05d","sha1":"272bba800e53d9b10923dce60a5666582dfaf9aa","sha256":"7344519bce72f15138dac2efd88a3e73cd5114458fda06e584f03b874255d113","sha512":"9ce3ea7d99a3f51bc976d3ac89c9eb6b48357c0180a47983fa373826007448b8e6a58e44d23636395d1f5a5805c57e059717362799e427856e3822cb97faa9c3","ssdeep":"384:nCc0qiYASqsU6aeTIB9sObb2xC8AOemMKOqoGuOMSHja6vwQKS/gG:5","tlshash":"74237ba4502f9455a6638cd376ce3f137038e03460a95632abfd8569ade7cbb13b4b1c","first_seen":"2026-04-26T13:04:41.526031Z","last_seen":"2026-07-03T05:22:49.433342Z","times_seen":3,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/bonk-solana-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.549Z","timestamp":1783056140549,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /bonk-solana-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4570\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"11da-650ab11e90152\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4570,"size_decoded":4879,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9e4b3daa22794d7284c5e8ab22cf7968","sha1":"83f5a4300ab058aa7d91ee5cb69328b56f3da92c","sha256":"182d56eb0e226e2fbebeaf7140a4960881e5dd904b4227bf6765e0367e67344c","sha512":"0ec0c71f4b523933d478c02fee40413b588f87836e82ee23b991c358d345f2bbaa4da3d4d2b1c4c6d84698ddb381fa10cf4df1d13f726e3ef5f2aab7374ae98b","ssdeep":"96:3hzD6f0DXoS0K0ApLUT+JYKBbK8ZmUOog2sPACrOsAAmMlQzTl:ZO0DXoS01uUTSYKoIvg2aACep","tlshash":"63915ca05775e30ba354326067810fd45d4a7d12fc33269c7eee5ad2a32f12ad992f09","first_seen":"2026-04-26T13:04:41.569509Z","last_seen":"2026-07-03T05:22:49.435018Z","times_seen":3,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":290,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/phantom-solana-wallet-drainer-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.561Z","timestamp":1783056140561,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /phantom-solana-wallet-drainer-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 882\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"372-650ab11f4d8e7\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":882,"size_decoded":1189,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"44dcae97b990dea2c2cbc7e4c3bed235","sha1":"4ed8e55e4af3a4cdd40d7f6efd47f313d6507e7b","sha256":"2ea3ff3a0716a2ebf9efb01c052c8456c57e9f4fe1cb386c6f3cc98160464bc1","sha512":"69bb3912c228ccd37711b201f7def3894799d46f9cee691643cad984c87da7fa3b2c27c2ccebb2eea3459bfc1bce566020dfb75805fd1ce937f255eb89891996","ssdeep":"","tlshash":"6e1163e9ee705d23c488e9975b2da83260ce6d129f2caa5200b654ec1cb5ea02d4a498","first_seen":"2026-04-26T13:04:41.48787Z","last_seen":"2026-07-03T05:22:49.43615Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17569,"timings":{"blocked":17536,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.678Z","timestamp":1783056140678,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /notosans-o-0bipqlx3qulc5a4pnb6ryti20_6n1iphjc5a7duw.woff2 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/content__uploads__elementor__google-fonts__css__notosans-css-v3db4ff6b721e63e03b19c0b3644a29c5451235e6.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Length: 35840\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"8c00-650ab11f2e0f0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35840,"size_decoded":36124,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 35840, version 1.0","md5":"00427f129772e9f049050a50407952d1","sha1":"0f9e19ecc1d89758fd59d187f35b5a73e499eb45","sha256":"086bfcad0e112af1c9ac0cdea1744dfb11dfdda61906ceee1b32439437096add","sha512":"26478f6744d0875901f6c20b13f4303abe0d579ac2ffe02b74a5cee4a6af48b23a6d611116fc5f1f1b9aa6ef8b083a992e80aa1675e3a211b5332c480050e90c","ssdeep":"768:haAL1lUUxZ+mIxfVJ5tYBU+ma5q71y9SWeGt7UMaVJc2PtupNFtpXjN:NLEkxyJjUUza6ygxGWMaV67/LjN","tlshash":"c3f2f15f368e8e17f4d8691c5a667d523e022dfc9e30c622504f5efd3939320946ceaa","first_seen":"2024-12-04T23:04:18.137977Z","last_seen":"2026-07-03T05:22:49.324882Z","times_seen":2119,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/uicore-icons.woff2","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.680Z","timestamp":1783056140680,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /uicore-icons.woff2 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/uicore-global.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Length: 6600\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"19c8-650ab1200df5c\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6600,"size_decoded":6883,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 6600, version 1.0","md5":"c7ea0bd7722bf1c5ea6ee1fb64ea1768","sha1":"6d1d53d4c0b196e67e258bb65b8abd94e0938b7d","sha256":"86ca79c6879848dae3564ae2934a52e0cd5375f51eee55e917555a9149269d1d","sha512":"439d53a12b34ac5e1a893d83eab2126bdcbe84e8d7e7ab103d0af901a79ebdae374233616bacf85d9099a44127c2b3b3d03110eae2fcc1476f49e6397739cbdb","ssdeep":"192:N8bM3sndytABvn4Cc/h+R6xwXewcDd+1n:X3sdyWBvncAkQJcx+1n","tlshash":"3cd1bfb7e212f1e9e2289672704458d28d07bef88744339e74785a794bb10dc14ec7e4","first_seen":"2025-08-03T23:42:20.35844Z","last_seen":"2026-07-03T05:22:49.437197Z","times_seen":246,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/post-3118.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.514Z","timestamp":1783056140514,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /post-3118.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 8877\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"22ad-650ab11f52af1\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8877,"size_decoded":9233,"mime_type":"text/css","magic":"ASCII text, with very long lines (8877), with no line terminators","md5":"9b3b886d19ec5e6b14f09090c9cc57bf","sha1":"6ab82d5a168808dab3bec47bf0f44006de5ebee1","sha256":"343509dc5ddd55795de9fb623d8d421fe691b0df85147945ac3e8f563072edac","sha512":"bf3e24cdd5f1ab4712825b09dbed35a83882e104714b50c8ce8e3d3c490aa8aac799672ab8744c0993f449ca80913b1666f57130b5fff0a7a9c113f20394245c","ssdeep":"192:5hu5DO8XOudHIlUNOx/OW/Lhu7u/BgANuwfu6:9gM","tlshash":"2102e2983c534458b67f665f00536a8c255e8ccfe4797de2f6220267f0bae853bf09a4","first_seen":"2026-04-26T13:04:41.542636Z","last_seen":"2026-07-03T05:22:49.437741Z","times_seen":3,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Quarklab-dashboard-1536x860.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.569Z","timestamp":1783056140569,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Quarklab-dashboard-1536x860.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 84094\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"1487e-650ab11f98458\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84094,"size_decoded":84405,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7adb4f1b38023b0619a6902bcffe84ef","sha1":"02101a4323fc3156d15727a82249632c3275b444","sha256":"74cacf630ea917f8bf9281aa0eecf00b522bb3b99881d9f340d846ce2288522c","sha512":"54882e51c8281f9f9728ecdd3a4d69f31d27f259ff2b4e8015b2a55b593ad695ee28aa55c8039c031d0e1f053230052029574c0d3eb911e7aaef47966668ae06","ssdeep":"1536:1+5t3teuWE5DouoIxgNtgaKveyYohDW5rd5tXelpz9Zzj:Y3teuLmNtgOsDWFdnaP/","tlshash":"0b8312f11b99598a0c0fdb1777ee39649032c91f82abdc297676adb73f109c6493e102","first_seen":"2026-04-26T13:04:41.51434Z","last_seen":"2026-07-03T05:22:49.438788Z","times_seen":3,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/a39ff433af093b9c3eee82bf3e5322955cab6f4e.svg","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.580Z","timestamp":1783056140580,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /a39ff433af093b9c3eee82bf3e5322955cab6f4e.svg HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 64\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"40-650ab11e62e96\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64,"size_decoded":372,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5357f16a999a350ce50170553aad43e0","sha1":"a39ff433af093b9c3eee82bf3e5322955cab6f4e","sha256":"01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c","sha512":"e386d55540d717138e4bfd3865ce3b22b7a5b90ba38e43dfeda76dc76b9ea6e09e7b36fa184dd29fda20baef46486fff95b389668bb8450a226fb42401bf0e6d","ssdeep":"","tlshash":"afa002ee81df4e28b21a89247cb55d549e2b605050c403b9d9e60a25a2455913706568","first_seen":"2025-11-06T07:58:18.947521Z","last_seen":"2026-07-03T05:22:49.440287Z","times_seen":28,"resource_available":false,"data":null}},"time_used":18726,"timings":{"blocked":18693,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/buy-crypto-drainer-650x433.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.644Z","timestamp":1783056140644,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /buy-crypto-drainer-650x433.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 45290\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"b0ea-650ab11e9341b\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45290,"size_decoded":45600,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d8638f94666d44f434d4dbb1199a2235","sha1":"f91fd72c48cf6591183122456eef833141597cef","sha256":"6f467ce384401f15ed978c9cc35bfbef0caf0bcfd38559790f7798dea49e7cac","sha512":"064808af0755b89905745c70f5ca871e9d29a3337753047a8b771aca38df8e7a751c56f632bb23442c4fdb355ce991146e0a9b5d1e2947263d34ad19219a98e5","ssdeep":"768:ON/lNsQpQAqOp9F8VZ2XbejqjkAo2E1MqgCDyTi9hg7rkNosDc3z1q2YodkG419:OxlVpzY8hE1Mqxu0g7fsDM1DI","tlshash":"bf1302a2399140fd538d2fe8bfbe80f4b5afb90545ec6421591347c746bb2586c9dcc4","first_seen":"2026-04-26T13:04:41.575011Z","last_seen":"2026-07-03T05:22:49.440922Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18540,"timings":{"blocked":18483,"dns":0,"connect":0,"send":0,"wait":56,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/themify.woff","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.687Z","timestamp":1783056140687,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /themify.woff HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/content__cache__asset-cleanup__css__item__uicore-framework__assets__fonts__themify__themify-icons-css-v1c7cdf3bd0a8ffd92.css\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: application/x-font-woff\r\nContent-Length: 56108\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"db2c-650ab11fdaede\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56108,"size_decoded":56431,"mime_type":"application/x-font-woff","magic":"Web Open Font Format, CFF, length 56108, version 1.0","md5":"a1ecc3b826d01251edddf29c3e4e1e97","sha1":"9394f35bd2addd24666b79bfc36d4f9d247cb01d","sha256":"0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7","sha512":"2329063d667b5480a2862fe4e11154b4dabf3b8782fd67be79ebfe55bfda96e28e70f8f438f73c7ef9901afcb16370897c3022c8b649a33cb74459c610cca00a","ssdeep":"768:tImTAHYFg71fAWsOKi5qSy5LBaK+mn2noN5IO3RCtebWA8ipCWUa:GmTp0gpBpv2a58oSA81","tlshash":"244328747f6a5b2bde839db9fe850e5160f098c61f43f123c09e98522c7b7a88979143","first_seen":"2023-04-05T04:30:11Z","last_seen":"2026-07-03T17:14:43.529566Z","times_seen":30447,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":56,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/base-desktop.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.240Z","timestamp":1783056140240,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /base-desktop.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 1121\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"461-650ab11e816eb\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1121,"size_decoded":1476,"mime_type":"text/css","magic":"ASCII text, with very long lines (1121), with no line terminators","md5":"a9b293285368ff1df10aca9be6c85635","sha1":"0a4664bad66f645ce904f3f87300469cbb6f3302","sha256":"7d3ef502269576e7a08600c7187b6094ea55a496d36ab4f74dcf26990cc4d01f","sha512":"f80d9e3b736cf8bdd0640b210f45ca02d65e52d54c92129e6ca2ade10747720a3ceeefda5927f810162b593969a0ac284f28405b81d1fde6ab52700c55976ede","ssdeep":"","tlshash":"84215730b503553a132fc44eac96b64f509582d373d673caf9616022e9ad5407fe7306","first_seen":"2026-04-26T13:04:41.471273Z","last_seen":"2026-07-03T05:22:49.442604Z","times_seen":3,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/solana-sol-drainer-quark-1-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.539Z","timestamp":1783056140539,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /solana-sol-drainer-quark-1-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4300\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"10cc-650ab11fcc85f\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4300,"size_decoded":4609,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"025bde45786825de8892ce4ab49a034f","sha1":"f7039151834fc374630c4146e2ce41f4427a7593","sha256":"ca506906f6e6e7e5c70957b6fb2892b1044a922019b83c37a977625c678ee6e2","sha512":"6fe523640b2c5bb59f5e086b0469e41d3b5fe24593c844467deabbc0a451d6ba7d128f8e6fb93cf1e4c96d19aca654705e766dc345acfd730e0c4128f5385506","ssdeep":"96:PNsqESLHz7o/s2BMDuIu8mShiMA3W4/VDtD9NHLmvF1R5lLg76Car6I:PN+Kk02Ypl9k24/VDtJovFbY7Er6I","tlshash":"e5918e89da7099b9a50093900e3ed65b33dd77f80c16dec34690ea9b8d2b074b8e4274","first_seen":"2026-04-26T13:04:41.530863Z","last_seen":"2026-07-03T05:22:49.443754Z","times_seen":3,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":194,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/wbtc-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.548Z","timestamp":1783056140548,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /wbtc-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 7364\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:52 GMT\r\nETag: \"1cc4-650ab12020074\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7364,"size_decoded":7673,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"712afe5d4a33e646624e69ebf4b6b7b4","sha1":"3de6f34d77d35b98241ea9cb4db02987bcb84e99","sha256":"6fd451aaafc9601978ca6a41d0f165bbf620121ff4c89fdf9e56d65910e51c44","sha512":"cfd141dcabba518d9b95072ea509f298f1e38ad5891fa019ba6f688ea6bfcde77e9d0b1057e95c24caa1f4b482718d8f5d3e58e7ab74de6829056c92f16d3dd6","ssdeep":"96:fFC0SOPq4y1i61WoCFPevY6KD5O56z9XuTU+3PDKob9p+cY8WvAhW2QWcuQfeJqT:fmvwFPchKNFzJunfDV9ptY8IAbQFbpt","tlshash":"9ee19d02b36ccf192853d7fdd2e2f644ad156a588ac8ee8884c629db225f35f5812891","first_seen":"2026-04-26T13:04:41.596281Z","last_seen":"2026-07-03T05:22:49.444808Z","times_seen":3,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":268,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/gnosis-xdai-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.557Z","timestamp":1783056140557,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /gnosis-xdai-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4388\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"1124-650ab11f09ec0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4388,"size_decoded":4697,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"639430361bb98a929e635a3b1d9f8884","sha1":"4a51c07fb54965d6b6c69fb1b7f8271a4eb5d1f4","sha256":"03369c9126a266956a5426977301c6933eff12f2f0f9494a5555386233d19203","sha512":"93bfdf42c199ad1cebf8a528dc87879dd0f210c1cd60555b5e5e257d4cb84e9316687a3ec6f8f308cedd23693af979f7954cf3cdde1945c47acec51db08ccad6","ssdeep":"96:sdwpfbizI+lwIZm75z2ZoqcYD2Zm48ZMLWWE/iGftwQyNEqB6Mu4:sCpzizI3IZmlaZoqcWj47LWlKGftwQy7","tlshash":"ed917edbf496d111454ddaf1e92722827b4134dd9f884c82b2b02be604676122bfedbc","first_seen":"2026-04-26T13:04:41.570928Z","last_seen":"2026-07-03T05:22:49.445957Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17349,"timings":{"blocked":17313,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/Rabby-Wallet-drainer.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.564Z","timestamp":1783056140564,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /Rabby-Wallet-drainer.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 2566\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"a06-650ab11fc5ee4\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2566,"size_decoded":2874,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"88fd49030e81bef155c2cfb113623a87","sha1":"66c9d93780d0f3f283414971c2055b0e942838a3","sha256":"3eb3a76da73017bdb5751eba18097f48bbd5d77c2b9448f8a81e6aece61bc6d2","sha512":"90aa5df21970be301577a074535720f4b94bb8fc5a4d033027a9f58a7223024bb4081571f9b0d6b99ddeb9968e359c6650cc5bcd8710debeed6d34a36e011838","ssdeep":"","tlshash":"a35109a906346121eb62b9f87ddc7c418748909c3c57c65c1c75ad2b16772252a4ddf4","first_seen":"2026-04-26T13:04:41.509257Z","last_seen":"2026-07-03T05:22:49.447383Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17758,"timings":{"blocked":17724,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/evm-drainer.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.567Z","timestamp":1783056140567,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /evm-drainer.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 32768\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"8000-650ab11ef2b9e\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":32768,"size_decoded":33078,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"3268b7df3fa01d1f083c2173f6618d8a","sha1":"1c8cdd624019fbad72c7b273cdb64f15ffbef667","sha256":"dfd772c1b5c04d967d333eb905e736bbd1ffeb91ebcf4024004e63644b74bea1","sha512":"46bae3be324ca530a36c6840c522017b87136b6932d2a061041637f1358fa916daf3dc15350e253b343ae0fcc1dc52362511efaf1ed4c0c96219567cd5624c58","ssdeep":"768:BZvWdQsLaDWUgtb9f5VvHanTucLDB0U1HHY4/WKrZ:BZSOIZfbyBL10IJt","tlshash":"99e2f1fd76ee858dc3411ad4b788aa71af40669ddd2ff221f1473b840778d8f2182662","first_seen":"2026-04-26T13:04:41.565199Z","last_seen":"2026-07-03T05:22:49.448417Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17994,"timings":{"blocked":17948,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/cryptocom-quarklab-1536x656.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.576Z","timestamp":1783056140576,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /cryptocom-quarklab-1536x656.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 31964\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"7cdc-650ab11eda8db\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31964,"size_decoded":32274,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1536x656, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a72a238702efbd10632776bf7ed10f18","sha1":"f1857a7747c6fcb1b5bc235654255bf8150b5dc8","sha256":"631efbaee4c7e1b295dee2a52cb62b278235276e5d057ec2322b28b7527b3c0f","sha512":"05479fbe19325b66b721fbb44531bf76c2711554264c648eeee7fb0ae3145a2022a4a9f47a6854f56bb4a6ccdf7dfd449164750b7eafcc58390416478a1a3b03","ssdeep":"768:FURxb6zc1ENWo/pMzfcpGhjO9GoFUig13DN2vvBee:FulQcIW6ibcpqjOQniMDy","tlshash":"8be2df2a007dd096db014b782ac0db859e325181978be0e17c2b7df73b50e676fb5d4a","first_seen":"2026-04-26T13:04:41.515796Z","last_seen":"2026-07-03T05:22:49.449413Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18273,"timings":{"blocked":18230,"dns":0,"connect":0,"send":0,"wait":42,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/tron-airdrop-claim-lander-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.579Z","timestamp":1783056140579,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /tron-airdrop-claim-lander-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:38 GMT\r\nContent-Type: image/webp\r\nContent-Length: 55914\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"da6a-650ab11febc6d\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:38 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55914,"size_decoded":56224,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x724, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"036370d838459b8ace4b475ca1bceb7b","sha1":"0b516682f744f78168daec76cfd3c36e4450bf10","sha256":"e17b730c033ac1180f693aabf52caedca1813346857a2ea2fbd8d3ef98da681f","sha512":"8595374287b2d21ecb3f60ec8f46dd9aeb381478af886f60c285d8f8622d99c35c7b71b4748c968c61dea7896ad712334207f9402d6a4b54c07b567f1fb5bdd0","ssdeep":"1536:moL72eIdY9chsVOq5OVligYJwYO7BwH8g5KYeLy6:moLibia3YiYO7U8e6","tlshash":"e74302d5e3800732c694aeb11b1f869451a64379b4106b95724d3fefc777b14c3a52cd","first_seen":"2026-04-26T13:04:41.590256Z","last_seen":"2026-07-03T05:22:49.450434Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18417,"timings":{"blocked":18367,"dns":0,"connect":0,"send":0,"wait":49,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/style.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.227Z","timestamp":1783056140227,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 313\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"139-650ab11fceb88\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":313,"size_decoded":667,"mime_type":"text/css","magic":"ASCII text","md5":"25b1ccd5c5e91368b048bebac763494b","sha1":"7ba98a67680b5516dab208f93db4aae0f3bdc02a","sha256":"3897854ad3f65ee17cbc14bdd1ee449e63c2dd55508d0b313e4d376db650a7ee","sha512":"286bc5ea0487861b65f516a7c94d8097b92d3f8a343a1e10bf7aefea5236aa1fda7986ca664f812fc20f2e7d68e88cc8dea7c7836486aa7d4d2f3e12c1766dd8","ssdeep":"","tlshash":"d3e0cdd3d7456183f736431934ba773e673d33045adc19e9f44a176513506910978e80","first_seen":"2026-04-26T13:04:41.468888Z","last_seen":"2026-07-03T05:22:49.451468Z","times_seen":3,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":31,"send":0,"wait":43,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/frontend.min.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.228Z","timestamp":1783056140228,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /frontend.min.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 54564\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"d524-650ab11f07b97\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":54564,"size_decoded":54921,"mime_type":"text/css","magic":"ASCII text, with very long lines (54564), with no line terminators","md5":"a286126314ec92d85cd0302320a9564c","sha1":"4ada0cc7c92f17e114641aa8cdabe934954658f0","sha256":"af678b3d541e064f18fca2e33b6ac896a88a902f71fa4c66b1c5fe2cdbbeeafc","sha512":"ee4f659fe14a3af6605f868dcd2cb3859f33789b7433bd2eb9e887049724aea41199bdce8fb0c3044751dc20971f59de7066597ec13e0fd23ed77fbb9e8a71f9","ssdeep":"384:5s4J/8DEksCoI+SBQYO22/RmRs5Cz9TQikvmGkvmCFldtraiIks05ArOk:wFLh5mP3RwlDdps05Xk","tlshash":"0a330da23d13b269226f442b82c7364c536495c1ee1375d9fa04c5239afece63b36c27","first_seen":"2025-12-12T23:30:14.932004Z","last_seen":"2026-07-03T16:53:11.326235Z","times_seen":16686,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":32,"send":0,"wait":35,"receive":62,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/ton-drainer-quark.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.528Z","timestamp":1783056140528,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /ton-drainer-quark.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 3874\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"f22-650ab11fdc266\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3874,"size_decoded":4182,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"947228ca6b5cea4c98641528c6196880","sha1":"a6188d9fd1b743fd9b4a124e3cc131bffb537989","sha256":"cb7fc82c2fe8cb82529a78f229b9a0f95a5abca078d93308ee505c79f49c95ea","sha512":"11903545f9edeaf8365e8f11c36e8d6912d25e12a76b75963165ad701209b57803cb16c25b8aee0c0413f6458682a3368bf577faedc306da2069738819c5166e","ssdeep":"","tlshash":"02814ae777bcd7eb09923d71e0a00c152aeb26eb41e0a7aa321594474b85ba64b30380","first_seen":"2026-04-26T13:04:41.559396Z","last_seen":"2026-07-03T05:22:49.453035Z","times_seen":3,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/bnb-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.542Z","timestamp":1783056140542,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /bnb-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4262\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"10a6-650ab11e8650e\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4262,"size_decoded":4571,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7c5aa9ccfbbe36af7c79b05d110c5e5a","sha1":"a6cc0a0dae5bf53dcb392c7b9d3c3d277597e0d9","sha256":"4d050bba1faf3f7227f58ba09759489359d1d50378b0e6a000dce52888fc97c5","sha512":"1cecac3f5dcd904192d4b36235bb3260c6f74f089eba1206713b822d6fc9a5c81b20623cf4483f22a0969bb597ccd085ffaa0096e1827f8da267ff0982dbc075","ssdeep":"96:grjdZ0Vy7Hjf++8vXpYclh9XItG9grifH/n9hnPapKCotgmn:grjU8+NpnhdJ9gri9FapG7","tlshash":"b5915daae7ad4106650d7c21893f4b3f4cd60d1b4bc5ebf095ccbc5c146a50b642fb46","first_seen":"2026-04-26T13:04:41.553102Z","last_seen":"2026-07-03T05:22:49.454042Z","times_seen":3,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":223,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/ton-drainer-quark-1.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.544Z","timestamp":1783056140544,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /ton-drainer-quark-1.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 1170\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"492-650ab11fdd207\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1170,"size_decoded":1478,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"63dc9bed0b60d9e8742ac02fd3aeb459","sha1":"b58ab9c459defc2a9b5cd995ab5033ad6d9c218b","sha256":"6e4d61d158650a9028f70473848eb2a15d81607ec21c14cc2de6a2d1c4a0ba8c","sha512":"1893ac127586678628455142a5d8868f11b1e7117e34f33f2ee63f5d92c621601e66b1b93509a4a52cd03941a93f72b3b50221d7c264304a9b333f5cef5857ac","ssdeep":"","tlshash":"9b210a150587130dff0e90012a837265e41c0d46a6c21cb7b2ac5a050be770977e87cd","first_seen":"2026-04-26T13:04:41.541056Z","last_seen":"2026-07-03T05:22:49.455053Z","times_seen":3,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":228,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/dai-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.545Z","timestamp":1783056140545,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /dai-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:20 GMT\r\nContent-Type: image/webp\r\nContent-Length: 3494\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"da6-650ab11eddba5\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3494,"size_decoded":3802,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fbef6bd0898cd5b8a807e79936f4b240","sha1":"6e43bbae5cb33c32eb851beeb2f4fa8bc2252655","sha256":"b1fd65524f13e242c07f4771e6c8d00153bd044aa76092f4f6d25d28b54b046d","sha512":"da63d8f2c388159af6108fa1afe02c500e9c457cc449794905bcd54ec7301cbe36595dd4e5f1321539464471b4bfc0750fa73578c3e674617990099b44e7e37c","ssdeep":"","tlshash":"77714c4c73d419e72d89e7d8866ab583ad5be3c4b1460cc857707efa467327d0930c96","first_seen":"2026-04-26T13:04:41.46133Z","last_seen":"2026-07-03T05:22:49.455882Z","times_seen":3,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":256,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/pepe-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.553Z","timestamp":1783056140553,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /pepe-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T18:16:34.634295Z","times_seen":16947930,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/arbitrum-arb-drainer-quark-150x150.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.558Z","timestamp":1783056140558,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /arbitrum-arb-drainer-quark-150x150.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 4222\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"107e-650ab11e6e24b\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4222,"size_decoded":4531,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8069ec8f1147983ba5e175b7c217e6c1","sha1":"ce0314cbebce2fcef094245217e5051b3d266098","sha256":"9c5ea7a3e4c6b33d5e2d9bafa97536199b10f2558ab32ecbf97fb4e0d016064f","sha512":"f2c49b721fa25e5a924aa10c80ce84c41f9d8acb9399218f4edc7777bd231f8e739b3aa50a04b2506d79262dd0b0e8a4922492489a9ae958fa15cdaf1160298b","ssdeep":"96:yGzcYc5EwwAzPN9zu72Q+viLY4UPdcje2OCbbxZBOzuA3r:yGAYA559zu72BPGbbAH","tlshash":"b7917dcf08e58159751a9ee8f39e46401bddc0b120f75930935196536e3d216bf0ecfa","first_seen":"2026-04-26T13:04:41.521829Z","last_seen":"2026-07-03T05:22:49.456841Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17385,"timings":{"blocked":17350,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/?i=1","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-03T05:22:20.012Z","timestamp":1783056140012,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /?i=1 HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 232504\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:50 GMT\r\nETag: \"38c38-650ab11f11bc4\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":232504,"size_decoded":232862,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3550), with CRLF line terminators","md5":"bb80aca8e14f975ba9657982abb5bb8a","sha1":"b17b097d0cc9456787ea37c774f29512b122ae01","sha256":"0b5e7795c6a43b8666ea1d4ce903c1158bb8077f30aa6e2aff029d84c270c892","sha512":"b99d7699c4fa1dfee482a18f8f9d3e0172037fd1a1f3dcd021c37b40696de6f2b2c0b6b3f76e345d8f86fa885dda0c0dc85936e372479e11e562dadbc1e53173","ssdeep":"6144:hkRoAy0tdjchTNTUCOzjWBOIinWVSrgTa+:n","tlshash":"14349551b5a7603a313f61cfc1221f5cd983efb6d6926ae571bc0266d3f6c503a831a8","first_seen":"2026-04-26T13:04:41.524727Z","last_seen":"2026-07-03T05:22:49.457878Z","times_seen":3,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/uicore-blog.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.237Z","timestamp":1783056140237,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /uicore-blog.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 33224\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"81c8-650ab12006641\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33224,"size_decoded":33581,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (33220), with no line terminators","md5":"68f840fd46b00ef260e6d0883e847d31","sha1":"8e88fff05e8178c5a7d6b7cd027a5eb3eb173046","sha256":"960c46b2d65f1498a167a51de647d7a74b59dcee48a5169391971223eebbef30","sha512":"43c59c4a1518ef81f920f2226d105d3438ca6664012171b36f339b060578fec9eeab6d8d2161e4ffd238f7dd829110cbdf8754ade4f8f900afb999b7e4aaf768","ssdeep":"768:lmc4Op+1KSn45hHDITw97d0RDoQMxAU6QJKYpeIrhE:lmcfp+1KSnMhHDITw97yRDoQMxAU6QJC","tlshash":"01e20ed5f214685c8ba3115eb5c55ccf1b0cf10eae9e88eefe106ac110c6bfa05ea917","first_seen":"2026-04-26T13:04:41.520541Z","last_seen":"2026-07-03T05:22:49.458914Z","times_seen":3,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/uicore-global.css","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.242Z","timestamp":1783056140242,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /uicore-global.css HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 98827\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"1820b-650ab12008d52\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 02 Aug 2026 05:22:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":98827,"size_decoded":99185,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65490), with no line terminators","md5":"3786bfb6dcf8ea52a60934ab9d0717da","sha1":"18f39a85f166ad29f652cc88f0b1e465808cdc0c","sha256":"4f884b1a1b109af486ac1b80e46c453cc1bc308821d946fe2f01e8e9c7b452cd","sha512":"b116a7d80d1246611b0e67f0e8f24b93cab53f225f50801ff998ce3aa1c9f4d6fba012d3e283c25cbed8d6bd748c174870593f20a7ccc92fcf1a8ce6edb1d291","ssdeep":"1536:9WbfE5M3+ENH3SFevU8y3NFrKAzbaaZYr9:sBXkevU8ydFrKAza","tlshash":"e9a37780fd42183427a7411ef7ca9edf1b24b18ded4e58defc6069d907cbae70269906","first_seen":"2026-04-26T13:04:41.593742Z","last_seen":"2026-07-03T05:22:49.460045Z","times_seen":3,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auradrainer.gt.tc/quarklab-drainer.webp","fqdn":"auradrainer.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.167","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://auradrainer.gt.tc/?i=1","date":"2026-07-03T05:22:20.562Z","timestamp":1783056140562,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 12 Jun 2026 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E8:ED:8B:D9:70:88:8D:95:1E:B4:93:B4:63:AC:91:A5:BE:4E:FB:88","sha256":"4F:4F:E7:75:98:23:23:2B:C4:9A:93:0F:D7:29:F4:31:EC:64:60:04:FB:F0:C5:62:71:91:53:5A:86:50:C0:FD"}}},"request":{"raw":"GET /quarklab-drainer.webp HTTP/1.1\r\nHost: auradrainer.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auradrainer.gt.tc/?i=1\r\nCookie: __test=b7068d675384559aa32c0e0df3f087cb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 03 Jul 2026 05:22:37 GMT\r\nContent-Type: image/webp\r\nContent-Length: 80532\r\nConnection: keep-alive\r\nLast-Modified: Thu, 30 Apr 2026 10:38:51 GMT\r\nETag: \"13a94-650ab11f9a399\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=0\r\nExpires: Fri, 03 Jul 2026 05:22:37 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80532,"size_decoded":80843,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"94f0704978c0947efacd2bc734b60de0","sha1":"794734e4c8ef0afd109be23172b7643e64bc6c17","sha256":"f3b4aecd8ec0cba58d579bcefa5286cb14268f41c4213139dc75a672a04d64a2","sha512":"4b9bf1d76e3a53da3cc9469b08ce77b37ca97874558368c0dd073cf009c6a1ede67ae69383f9c3b134141039c3afb016eee0e61c3df05d3b59c95c9abc6af47f","ssdeep":"1536:XQoVqNVfI1Ga21CAd6BG8nFweOxzjfnePnm3FDgOYSU4UT:dVqbI1Gf8m2nSeOxzrn8m1DSSU4UT","tlshash":"b373128126b7f063589835ee2240f5f5a5b848e7a674c6b38cdcd8ac597cc7344f2a53","first_seen":"2026-04-26T13:04:41.489851Z","last_seen":"2026-07-03T05:22:49.461113Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17690,"timings":{"blocked":17569,"dns":0,"connect":0,"send":0,"wait":58,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-03","alert":"Sinkholed","trigger":"auradrainer.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}
