{"report_id":"78be06f0-c378-4b07-b448-1ea2f27cf855","version":6,"status":"done","tags":[],"date":"2025-11-21T01:46:48Z","url":{"schema":"http","addr":"bonustrck.com/?anid=33n4nuu1019hd\u0026creative_id=5838\u0026serial=61332061\u0026source_id1=33n4nuu1019hd","fqdn":"bonustrck.com","domain":"bonustrck.com","tld":"com"},"ip":{"addr":"172.67.148.13","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","fqdn":"play.royalsea1.com","domain":"royalsea1.com","tld":"com"},"title":"Access Deny - 403 Forbidden","dom":{"size":4199,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"6156f8984d389cccbb46e87527a753e4","sha1":"21e3b965aec5499e3fd09f46e6498f2fb19144a6","sha256":"c48ac9f8a4ff0f5bad65f6c97da80f3905d30ae5818c5865e03e016b0a406335","sha512":"49aaad84b5151c2383c12c17c8559aace18778649b8c0eb445f89040727e2de87bc6bda57dffe6b5f8ae10ef3820094b71b088807506c4cd4f53d0ea777a830a","ssdeep":"96:nh483/FP74Fb0F6Ds0MZwsfncjgbjA9XpBah0HMyifjkmvH6:hnvFcFb0FCWwsfncMbkNLPsycjs","tlshash":"948187d7b9bb0406aaa7f1581fabd2587360e00b988ddc657fdc168d8f407f548d2690","dom_hash":"domhashd8c0f6d9d96b27bce20b18d15c7172a1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bonustrck.com/?anid=33n4nuu1019hd\u0026creative_id=5838\u0026serial=61332061\u0026source_id1=33n4nuu1019hd","fqdn":"bonustrck.com","domain":"bonustrck.com","tld":"com"},"ip":{"addr":"172.67.148.13","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-26T01:46:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"bonustrck.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-16T22:13:25.550079Z","alert_count":0,"request_count":1,"received_data":24415,"sent_data":531,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cloudflare.com","ip":{"addr":"104.16.133.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":9,"first_seen":"2012-05-22T15:19:15Z","last_seen":"2025-11-19T13:09:37.178309Z","alert_count":0,"request_count":1,"received_data":599,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"play.royalsea1.com","ip":{"addr":"172.67.144.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-06-11","domain_rank":0,"first_seen":"2024-12-06T22:03:07.991776Z","last_seen":"2025-11-11T21:54:54.728606Z","alert_count":0,"request_count":3,"received_data":14251,"sent_data":1852,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"bonustrck.com","ip":{"addr":"172.67.148.13","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-23","domain_rank":0,"first_seen":"2025-11-15T05:42:22.105895Z","last_seen":"2025-11-15T05:42:22.105895Z","alert_count":1,"request_count":1,"received_data":4934,"sent_data":559,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-16T22:13:25.532985Z","alert_count":0,"request_count":1,"received_data":1460,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","fqdn":"play.royalsea1.com","domain":"royalsea1.com","tld":"com"},"ip":{"addr":"172.67.144.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c06cb56ebd33198938065064986ad2fc","sha1":"cc447782c898c711aecf99be3cd9b86dbcc779ce","sha256":"a3ae271f7f55dfe13dc93cfd1e2be27b2b969897a752970bb46c3d744f729aea","sha512":"87808055346d9d227b263b7741b54ec7d790baab9767978582da4cf57178d49702ebe54802a2158e9979a2d5b01459742dd1f45d643b82dc00cf697a2bdf1329","ssdeep":"","tlshash":"fa11d06b347a49264fbb709a430bf1dcb560500fae88de167e4d4f852f81ba5c8e21e1","size":1062,"data":"","first_seen":"2025-11-21T01:46:50.532736Z","last_seen":"2025-11-21T01:46:50.532736Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cloudflare.com/cdn-cgi/trace","fqdn":"cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.16.133.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","date":"2025-11-21T01:46:27.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 14 Nov 2025 20:28:36 GMT","end":"Thu, 12 Feb 2026 21:28:32 GMT"},"fingerprint":{"sha1":"04:C6:71:6C:4E:9E:5C:AF:A6:8E:58:76:B9:72:1A:7A:5B:07:99:4B","sha256":"DA:D4:16:22:D8:4A:85:57:3E:24:D9:E6:69:06:04:86:56:70:25:90:55:A6:35:A0:1F:6E:D7:EA:97:10:07:AB"}}},"request":{"raw":"GET /cdn-cgi/trace HTTP/1.1\r\nHost: cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://play.royalsea1.com/\r\nOrigin: https://play.royalsea1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 21 Nov 2025 01:46:27 GMT\r\ncontent-type: text/plain\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 9a1c83720f685a0f-OSL\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\ncache-control: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":272,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text","md5":"aa2fd2594a2a698d6f2c164823a7baa0","sha1":"c816c4d20061b8bbc3643f27372813e9fad808b8","sha256":"24b1b84f4783e7442e4b84f002459e22e6e9f3ac6bf295b8fc2c170e00e619dd","sha512":"5f00fe21132c64b2dd6df337474a2516b170d42cd0c0022666b2e60ae012d7c086455e96a2beecfca3046c2618b1cd28cc8c6095d3eb9518f486ae6bce0fa68e","ssdeep":"","tlshash":"43d02bdbd63d016c286dd40502aba245cba0554b89efbd31fce68509afc93d644dddf0","first_seen":"2025-11-21T01:46:50.520886Z","last_seen":"2025-11-21T01:46:50.520886Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":2,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play.royalsea1.com/favicon.ico","fqdn":"play.royalsea1.com","domain":"royalsea1.com","tld":"com"},"ip":{"addr":"172.67.144.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","date":"2025-11-21T01:46:27.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royalsea1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 12:56:47 GMT","end":"Fri, 16 Jan 2026 13:55:20 GMT"},"fingerprint":{"sha1":"EA:C6:D3:BE:12:8A:04:9F:30:8A:CB:16:09:86:03:13:6E:80:7F:93","sha256":"84:22:BD:FB:D6:3B:A7:4D:DE:09:67:C0:3D:99:61:27:3B:58:59:B3:05:EB:49:22:1E:7C:6D:C3:BB:B2:3C:26"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: play.royalsea1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 21 Nov 2025 01:46:27 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s3A2lPTBYZ36DYhOUE451KjM7IEvexGZcsXrhGah%2FFvroEg2snCz0ptjn2wd3h0eYzbXxVf4dxL5en0WJ%2BiAX%2F8inTw4dFZqf9Z8LV7HTUo%3D\"}]}\r\nray-id: 599df8f78d-2g8qf-770b60d4-2b6f-4159-964f-e79534415cec\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Fri, 21 Nov 2025 01:46:27 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\ncf-ray: 9a1c83727cdbb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"b6ef6403c05c383cc2fc4f1c4feb0ac9","sha1":"a7db64547332bd00f859476f0deb81f39e61fb38","sha256":"5868b5b2ef6ccaf385b046b62acb13f0915c530c37907f68e42a5ac9db308099","sha512":"864b1521ec4e503f158e4f276d8684994b5452940280d665230e835a061161791066d9c48d8cc50bb8f4945eb11ee98ad8b3ae15c27b494e5b7dae5bffb74334","ssdeep":"24:su68b/5X/n1q68yFgLpMnfpzxpLcDTdBK5x+E2M25yWl6:LXwNmgLpUpzxhsdBFE2M2AZ","tlshash":"c0914dbba1369491d09935f43b31c23f15edeeb09cb0b2285821f5726eb62e72003d5e","first_seen":"2025-11-16T09:33:44.817324Z","last_seen":"2026-05-30T04:15:54.476529Z","times_seen":16,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonustrck.com/?anid=33n4nuu1019hd\u0026creative_id=5838\u0026serial=61332061\u0026source_id1=33n4nuu1019hd","fqdn":"bonustrck.com","domain":"bonustrck.com","tld":"com"},"ip":{"addr":"172.67.148.13","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-21T01:46:26.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bonustrck.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 13:16:35 GMT","end":"Mon, 16 Feb 2026 14:16:29 GMT"},"fingerprint":{"sha1":"03:E0:E6:46:E2:84:35:D4:D4:65:AB:A3:63:B7:63:99:3B:E2:87:3C","sha256":"AA:43:B0:50:D8:64:18:C1:3F:C1:3B:8B:A3:1D:EB:1F:F2:77:CF:A3:0E:C9:74:C4:95:D1:30:28:13:D1:EF:EA"}}},"request":{"raw":"GET /?anid=33n4nuu1019hd\u0026creative_id=5838\u0026serial=61332061\u0026source_id1=33n4nuu1019hd HTTP/1.1\r\nHost: bonustrck.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 21 Nov 2025 01:46:26 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: PHP/8.2.27\r\ncache-control: no-cache, private\r\nx-pm-click: 0ffdc2610d96c4504ede044e7d906444\r\nx-user-click: 2a685e25cb459a860ace8e4f1887fe18\r\nx-user-unique-click: 1\r\nx-detected-country: no\r\nx-brand: GF\r\nx-robots-tag: noindex\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JZuJrRo5WFSWp5ABjuxC%2BxoKvAZVCnngOMsnxrj66jRQTalh2Ot1OMkMRDOHV4UG2X%2BXm0aYNYfIgR%2FE7%2BGTgsv%2BMJSF4HFd7FLy\"}]}\r\nserver: cloudflare\r\nset-cookie: click_61332061_5838=2a685e25cb459a860ace8e4f1887fe18; HttpOnly; SameSite=Lax; Path=/; Max-Age=2592000; Expires=Sun, 21 Dec 2025 01:46:26 GMT\r\ncf-ray: 9a1c836c0ade56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":3842,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T18:31:00.561381Z","times_seen":15971922,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":218,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"bonustrck.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","fqdn":"play.royalsea1.com","domain":"royalsea1.com","tld":"com"},"ip":{"addr":"172.67.144.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-21T01:46:26.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royalsea1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 12:56:47 GMT","end":"Fri, 16 Jan 2026 13:55:20 GMT"},"fingerprint":{"sha1":"EA:C6:D3:BE:12:8A:04:9F:30:8A:CB:16:09:86:03:13:6E:80:7F:93","sha256":"84:22:BD:FB:D6:3B:A7:4D:DE:09:67:C0:3D:99:61:27:3B:58:59:B3:05:EB:49:22:1E:7C:6D:C3:BB:B2:3C:26"}}},"request":{"raw":"GET /gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838 HTTP/1.1\r\nHost: play.royalsea1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Fri, 21 Nov 2025 01:46:27 GMT\r\ncontent-type: text/html; charset=utf-8\r\nray-id: 599df8f78d-jrgkq-d28897e1-5a65-4b1d-a3df-27a72d845134\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yWs6uUQFfWQRYvcDCXD23vJ%2BPxTGegE1PU1vgRDEvY4Q3nvprAcfxWK%2FV021SL2Xxski44R6c%2FjLB13FKJ6nPXwgM2WdoJN3g8NZIH1XqBg%3D\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9a1c836dba4456a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3842,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"f16ec9b91250f2c63039bd156d1354a6","sha1":"a8a24cc950961fc90dae611e5e5aa68767a49145","sha256":"7324c5636706b281ae316886964ed56e05273d458775df6174e284fa4dfd18ae","sha512":"4d6f26a105653a9c96a10e289a67d12fb6c6201b6e93bac12b6bb6724cf73b6fb67b5f7f9ed7382d80940cf1a5aa81cf9985bcd179739c47988194da396b54f3","ssdeep":"","tlshash":"198165dbb9b7000696a7f1581fafd6587320d007948ddd657fdc26888f807b44cc26a5","first_seen":"2025-11-21T01:46:50.526412Z","last_seen":"2025-11-21T01:46:50.526412Z","times_seen":1,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":27,"dns":8,"connect":1,"send":0,"wait":200,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","fqdn":"play.royalsea1.com","domain":"royalsea1.com","tld":"com"},"ip":{"addr":"172.67.144.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-21T01:46:27.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royalsea1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 12:56:47 GMT","end":"Fri, 16 Jan 2026 13:55:20 GMT"},"fingerprint":{"sha1":"EA:C6:D3:BE:12:8A:04:9F:30:8A:CB:16:09:86:03:13:6E:80:7F:93","sha256":"84:22:BD:FB:D6:3B:A7:4D:DE:09:67:C0:3D:99:61:27:3B:58:59:B3:05:EB:49:22:1E:7C:6D:C3:BB:B2:3C:26"}}},"request":{"raw":"GET /gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838 HTTP/1.1\r\nHost: play.royalsea1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Fri, 21 Nov 2025 01:46:27 GMT\r\ncontent-type: text/html; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nray-id: 599df8f78d-jrgkq-f8285fea-8dfe-4d7f-acb3-e9374705d2aa\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncontent-encoding: br\r\npriority: u=1,i=?0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VsUceEWpcNzULjEQBYaqhtaGarQx%2FND7TZxDR82EvDsuSx%2BvOg82qlsHavhpbBaS%2F3vu449t36OLKPbblj809hWZQt5purlRwo4neA41oKo%3D\"}]}\r\ncf-ray: 9a1c836ffccdb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3842,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2d7ee2b0c9f37263a7ed4779ae90edce","sha1":"59347658a16cc411ef406b1317b5e480450a4ee4","sha256":"26f3321fd4b707832cf7a66ba04952a43f8875057aa09a447ab579961ea4ade2","sha512":"1f323981df9f1b5bd3a85cb8edf4c3432e5a3d528499f2ef8d7602d10fd0f88a555e691052dc791ea8be6a91137fb93fa07fbfb5fe1a5978040500a0cfb89557","ssdeep":"","tlshash":"288163dbb8b7040696a7f1581fabd6587220e007a889dc697fdc26898f40bb44cd26a4","first_seen":"2025-11-21T01:46:50.528442Z","last_seen":"2025-11-21T01:46:50.528442Z","times_seen":1,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Lato","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","date":"2025-11-21T01:46:27.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Lato HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play.royalsea1.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 21 Nov 2025 01:46:27 GMT\r\ndate: Fri, 21 Nov 2025 01:46:27 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":774,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"98e279faae11b60b01b3fad919ce13be","sha1":"8ac03eee80ee8fd37129ee7500a5877642e45eb9","sha256":"eafe40853325aa2a8172690347ad08deabfbd918181feb135d7ba5817966d232","sha512":"77f31dcfeb5b47a3e5a9f377e65587b6230363e7f016e48464f371bbb4d0487e53245e66b5d5ddb59b00345c27372340a9aec7aa4671c1001a797fe2a60b58de","ssdeep":"","tlshash":"6f01bd91096ba40897830cc612cd7d32ef1f624064499821eeff14d8bc67c699362b0d","first_seen":"2025-09-17T00:10:35.559729Z","last_seen":"2026-05-31T17:32:07.164809Z","times_seen":22541,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":84,"dns":1,"connect":20,"send":0,"wait":34,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/lato/v25/S6uyw4BMUTPHjx4wXg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://play.royalsea1.com/gf_it/c_general_regform5_it_o_7/?qtag=a30346_t61332061_c5838_s33n4nuu1019hd\u0026x_pm_click=0ffdc2610d96c4504ede044e7d906444\u0026redirect_creative_id=5838","date":"2025-11-21T01:46:27.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/lato/v25/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://play.royalsea1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23580\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 19 Nov 2025 12:31:08 GMT\r\nexpires: Thu, 19 Nov 2026 12:31:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 134119\r\nlast-modified: Mon, 15 Sep 2025 17:09:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23580,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23580, version 1.0","md5":"e1b3b5908c9cf23dfb2b9c52b9a023ab","sha1":"fcd4136085f2a03481d9958cc6793a5ed98e714c","sha256":"918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537","sha512":"b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828","ssdeep":"384:dRkIAJ8pVwWTW5VVjdVn8+2yvAMdriCEOY0kfW9GkAPqpPHi2vUuUSzB8:dKIAJ8pVHTZ+riY9oCpPHiodUeK","tlshash":"91b2e1ce5d546e3a8028213785c17b488273572e9edf42c6dd83a6263a7092cfd3d96e","first_seen":"2023-04-05T13:28:45Z","last_seen":"2026-05-31T17:30:04.979541Z","times_seen":227020,"resource_available":true,"data":null}},"time_used":149,"timings":{"blocked":67,"dns":1,"connect":7,"send":0,"wait":8,"receive":6,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}