{"report_id":"827a56cd-233f-491c-8b0b-af90bd10d9af","version":6,"status":"done","tags":[],"date":"2025-12-27T06:57:49Z","url":{"schema":"http","addr":"get.bunkrr.su/file/56775502","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"get.bunkrr.su/file/56775502","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"title":"Download madison_skyy_6.mp4","dom":{"size":4843,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2375)","md5":"2c5470ebab5a8a30dbc1c46ca8c9bd2b","sha1":"fac79351b852a401000fa9f171d70e4659781994","sha256":"725d98a53ae2fc0e30efb4c977e4c00d26e42dd095a3aa04ab03669f137e4dca","sha512":"9bb0735ad9e7d44e632d0afa3df4cdac7b5a66b3ac3c198ffb947ec420ed57e26843d7336a1f80199bde024617e17379990da45f3dd862b8ab98ddb9b531da12","ssdeep":"96:K8jzJGCOeYMrzjeqdMOe44goanfWUDg4JB1b+7P8V:K8jzJFOeYKPf57XU4JB1b+7P8V","tlshash":"bca1d9617151121eb05bc9d239c7798e3e219e43646307b8fcfc1968cf83d9ab9a135a","dom_hash":"domhashb68906f2364bdad64f134b9ae1fa81d3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"get.bunkrr.su/file/56775502","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-31T06:57:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.wpadmngr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.wpushsdk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"na.nawpush.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"423e50637f.93a6ccad67.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-12-27T06:57:50.737629Z","last_seen":"2025-12-27T06:57:50.737629Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":475,"comment":"","tags":null,"fingerprints":null},{"fqdn":"assets.ahmybid.net","ip":{"addr":"45.133.44.24","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-12-26","domain_rank":171628,"first_seen":"2024-12-28T14:10:32Z","last_seen":"2025-12-25T19:44:01.648671Z","alert_count":0,"request_count":1,"received_data":4581,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"na.nawpush.com","ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2020-12-21","domain_rank":175362,"first_seen":"2020-12-23T08:18:12Z","last_seen":"2025-12-25T06:07:28.763442Z","alert_count":1,"request_count":1,"received_data":2813,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static.bookmsg.com","ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2020-09-15","domain_rank":169473,"first_seen":"2020-11-24T14:56:32Z","last_seen":"2025-12-25T05:59:49.059555Z","alert_count":0,"request_count":2,"received_data":2251,"sent_data":979,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ntvpforever.com","ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-11-18","domain_rank":18811,"first_seen":"2021-11-19T01:49:18Z","last_seen":"2025-12-23T18:36:17.349885Z","alert_count":0,"request_count":2,"received_data":700,"sent_data":1028,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"get.bunkrr.su","ip":{"addr":"186.2.163.80","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-06-02","domain_rank":273116,"first_seen":"2024-01-27T16:15:45Z","last_seen":"2025-12-16T05:16:09.458219Z","alert_count":0,"request_count":3,"received_data":16493,"sent_data":1590,"comment":"","tags":null,"fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}]},{"fqdn":"86c6dd5578.0fcf105177.com","ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-11-27","domain_rank":0,"first_seen":"2025-12-27T00:15:37.996244Z","last_seen":"2025-12-27T00:15:37.996245Z","alert_count":0,"request_count":4,"received_data":67355,"sent_data":10712,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"bunkr.ph","ip":{"addr":"91.149.226.80","port":443,"asn":201744,"as":"ByteFlare LTD","country":"Poland","country_code":"PL"},"domain_registered":"unknown","domain_rank":65129,"first_seen":"2024-09-18T19:06:25Z","last_seen":"2025-12-16T05:16:10.045157Z","alert_count":0,"request_count":3,"received_data":80414,"sent_data":1313,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"nereserv.com","ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2020-12-21","domain_rank":17097,"first_seen":"2020-12-21T11:07:56Z","last_seen":"2025-12-24T14:08:44.697857Z","alert_count":6,"request_count":3,"received_data":966,"sent_data":1714,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fp.metricswpsh.com","ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-10-29","domain_rank":154722,"first_seen":"2022-04-22T11:20:32Z","last_seen":"2025-12-24T09:25:49.388855Z","alert_count":2,"request_count":2,"received_data":816,"sent_data":1052,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"js.wpushsdk.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-05-07","domain_rank":210235,"first_seen":"2021-05-07T12:03:12Z","last_seen":"2025-12-25T05:53:08.828297Z","alert_count":2,"request_count":2,"received_data":861641,"sent_data":842,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2025-12-22T00:11:36.619976Z","alert_count":0,"request_count":3,"received_data":6913,"sent_data":1786,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"js.wpadmngr.com","ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-06-02","domain_rank":77954,"first_seen":"2021-06-02T14:43:46Z","last_seen":"2025-12-25T05:25:14.694348Z","alert_count":1,"request_count":1,"received_data":148121,"sent_data":421,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"enrtx.com","ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-10-07","domain_rank":18023,"first_seen":"2024-11-04T09:19:58Z","last_seen":"2025-12-25T12:44:41.202874Z","alert_count":0,"request_count":1,"received_data":8714,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"js.capndr.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-08-30","domain_rank":156902,"first_seen":"2021-08-30T12:51:01Z","last_seen":"2025-12-25T17:28:37.783588Z","alert_count":2,"request_count":2,"received_data":104961,"sent_data":843,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pointcontinentrtb.com","ip":{"addr":"148.251.254.36","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-10-14","domain_rank":16265,"first_seen":"2025-04-20T21:33:16.477453Z","last_seen":"2025-12-25T19:40:34.430315Z","alert_count":0,"request_count":1,"received_data":4484,"sent_data":1640,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"30b2635297.960021c71c.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2025-11-27","domain_rank":0,"first_seen":"2025-12-27T00:15:37.988014Z","last_seen":"2025-12-27T00:15:37.988014Z","alert_count":0,"request_count":1,"received_data":345,"sent_data":837,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"get.bunkrr.su/js/src.enc.js?0991231","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"9051ecb3dc27be666c3cc5c01ae69de4","sha1":"a1f56eaf67052f856b05625aa1850b73c04c6be4","sha256":"e412bd0840616253480c162bb97ca31e3c49615be8a9417e39b4c901119982e1","sha512":"e921e26e257f8662711dbef4734032273cc188518b5263a919a1c2517b06cd831f90b90722f0cb7d0b73c295e6cd14307b2fb6b37966b92e54823fc6f8e68ed4","ssdeep":"96:CCJIduwuy8SdRWJTzOE1ycHsAIiBGuXL8Pg71srgaWrYfogIZN9OQlpAN4xLtBh0:CNuyR4HsADBvgeN9OQlpAN4xLtBhkPz3","tlshash":"4ec11b413dc1b4a12302ebe7752b70e4d03d6ada74618c8fe218b9e1b8a1366f7d3634","size":6079,"data":"","first_seen":"2025-06-30T03:55:50.225959Z","last_seen":"2026-04-03T12:43:26.367752Z","times_seen":144,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/popunder-admanager/build.m.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2f32802c43a8d95bb13e2bf58e3f0a4","sha1":"15246a9eb4cb7cde52369bd1fdc35908f5279d00","sha256":"4668d1c4351ace7e86b543c992cb17cdd15407847b207edf6dfab101ff57e25c","sha512":"1fe832cab8641e1fec4ef84f31ec835d53f51d757a93e56c58da574b1879e9d5b0822f14d9b7a8a2a02ef98a55fb8e5963fe69e74bc1d1144ac78c9556859951","ssdeep":"768:uAiyOOIGF3vRzxnR0i+bhLrhL5xub8JwfPsEIyp+dZIioT9FeWVbuoUfwqNl1iWJ:zOOlBB0FuM0Xi77Jc/sknkU8JRVUi","tlshash":"74a3298a32a1f4b006e244da943b0216f33e1929740e905cb7adddd5791ad4fa236f7e","size":104174,"data":"","first_seen":"2025-12-18T08:36:30.965351Z","last_seen":"2026-01-06T08:03:45.153096Z","times_seen":315,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"get.bunkrr.su/file/56775502","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e1a3cf46b2e82bf56065ec2065c6071","sha1":"93fcf2d14da16c09938c51aea15083c1237aa16a","sha256":"368201cfb48652e2d97dd54c75e5236faf79b12b0aa6c063be2c802fffc0fde7","sha512":"0ee06ebfa22e1ec0708fc030dc7770ab4af1df378d5ee20eec5d5547d9b29a033f1ecd9362919bb6c773e329657b8cfff1998acbe91a60aee9a3e32f7df3098e","ssdeep":"","tlshash":"2980041310357403530c140010d014400545d043050550044100c0cfc0d7f53d75451d","size":34,"data":"","first_seen":"2025-12-27T06:57:56.212249Z","last_seen":"2025-12-27T06:57:56.212249Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpadmngr.com/static/adManager.js","fqdn":"js.wpadmngr.com","domain":"wpadmngr.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bf20c44981795047ce2c610a2100a35a","sha1":"24c225c700d3f4208417651f6779de9758cd90a1","sha256":"0ec0d01651f974e70dc3c7d4cc50599dbd3a818863b7011ef052c3a0641dc161","sha512":"97612ed9de3cfb245c7e6a70420ca817b99f7b6db0dae1395fbc16c1eef8e4cb4ff993954fbddc4917563840baeef269a9edea324b06e0131fc2e2e833266e7a","ssdeep":"1536:O18MdnC5OPz8QP9r2RcZSgtK8sBggHhO12FoX50FtQySd8uj6DzKEVKf7lbe0etc:mFSGSgtqZXqd8uODG0K5y0etsz","tlshash":"c8e34adcb2d2b07407e75099d83f1206b73a1a16b80c9058f6a6e9c17878ddb5237f7a","size":147733,"data":"","first_seen":"2025-12-24T08:41:20.196676Z","last_seen":"2026-01-15T08:09:34.935655Z","times_seen":438,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpushsdk.com/npc/sdk/wpu/npush.m.js","fqdn":"js.wpushsdk.com","domain":"wpushsdk.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5971e1aea23eb692c8ba321767e3d616","sha1":"573f09736f6f905afafc2c19c5f6eb4984aa9f80","sha256":"6cd87ca3f3fa6e118e5cdfca3e2f1120a9e2326574e3de7448aecdf8012ab8d5","sha512":"256c2cabfe3651ea7cc1410c5deea1944344a6442894e55b997ba7f3cb1af177a79cefff5e0d84bb65b27a8b7912a3dec518d8d64352ac3a22cb1e808ef24673","ssdeep":"3072:hfB/9Xkw+QIsv7iIB7xz2/3UepiBz3oQrcQ7clZyQ5CO3ABWV+PQc:hfF9XBz2scQ7iCOwBWV+Pj","tlshash":"88446cd1368478b40593c0aee0770201b2382609f52db56cbabddee96586dce2377f79","size":255991,"data":"","first_seen":"2025-12-11T16:15:42.321021Z","last_seen":"2026-01-29T09:34:31.743224Z","times_seen":825,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpushsdk.com/skins/nmain.m.js","fqdn":"js.wpushsdk.com","domain":"wpushsdk.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc975e803629b2688e2e36525ce024c9","sha1":"6ac03bb75a489cd0a49fb67b5b53513d61b0d1a1","sha256":"e2b93e3762332c11ea5ea691614926d6bd50ad11e162434699fc56eca9405e5d","sha512":"10efae7e45a6a456818e53fc52ab7ae9b1f550c4ca6adb3ec1e9d40e66cf0b9671e4e68ef8a699339e615d5161b38b3e794e6c782012d72e8b632f4169abb20b","ssdeep":"12288:bO6w3S6RowOCoO68XFxz9CuIgoQfKjbTxoWbPOSbvVTQBUfRLsddHxchOXEJOOzu:bOxVqufz9CNgoRbxdZUWZW","tlshash":"66d45a3132911139b0bfc8c6aa66278d336cf247e9170f55f96faaa483dbd54f625380","size":604874,"data":"","first_seen":"2025-12-11T16:15:42.358852Z","last_seen":"2026-01-29T09:34:31.702939Z","times_seen":800,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"get.bunkrr.su/file/56775502","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"a7e958a4637aa6885bc8b6b015651d49","sha1":"2ca66d4be8d4911c8ec3be595350dc3d99b2e54a","sha256":"e4e9377431d5e2ea46b2bc60940a61bc59ef5e0851af9e5a7295e5f24c9283b7","sha512":"7678dc866cc8feb82cb77609c1138e66df39b38ea3b1c23563b354a498e708bd7331b1afb29938f88d16825d39aecc9a56b9578674bc9fe48736fc69fdb783e3","ssdeep":"96:HWJnG7Vvxkh0NhBaJzOHp+G1EbCQiQZAJ1tTBl0yXS+tpTQxA:2o7hxf9H9eWQVAhBm8TH","tlshash":"9cd1f2f6b97b374d979371ea2d161141500098a903adbc98fa64f2d6fcb4cfe192b350","size":6403,"data":"","first_seen":"2024-08-17T19:59:08Z","last_seen":"2026-04-03T12:43:26.371108Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bunkr.ph/js/lv.js","fqdn":"bunkr.ph","domain":"bunkr.ph","tld":"ph"},"ip":{"addr":"91.149.226.80","port":443,"asn":201744,"as":"ByteFlare LTD","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":false,"md5":"41f274e2642b9420f6efe07ae11b099e","sha1":"55158752256d379c27da8f9528e652ddfd56aa0d","sha256":"e1dd4c18cfcce709cb37c3fab0277fd556c31cf7c3ea9b060499e6664a160b43","sha512":"5663ff36285a977cd0e20791b083e9d596f4459c8d25ef8ee31af1211c4836b6e68fe8c4d6ba936c9cec2f5d0b2bb8b5156a124ccd88dacd113135b71f80dd07","ssdeep":"","tlshash":"4141eb5929e231f1153330be871b71423621a0936946cd157e8d93842f9a63eeaf5bce","size":2410,"data":"","first_seen":"2025-01-30T16:12:20.34901Z","last_seen":"2026-04-04T10:08:20.098486Z","times_seen":262,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-282535986%3A1766818648698933\u0026hl=en\u0026ifkv=Ac2yZaVm8qUWsRF9cVcCfmE_yZGMmN3ZTbg_CCOt2ShfBVKu-Y6CA-AkfnrF1zVIeQKwQmULOiPClQ\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"47:99:FB:97:02:C2:03:A6:B6:60:07:03:D3:B7:37:4B:99:D1:7F:1F","sha256":"01:72:D6:C3:FA:E5:7E:F5:EF:15:83:1F:EE:A5:BF:37:4C:78:02:B4:CD:BF:8D:EF:62:9F:53:B1:B3:1A:B6:EB"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-282535986%3A1766818648698933\u0026hl=en\u0026ifkv=Ac2yZaVm8qUWsRF9cVcCfmE_yZGMmN3ZTbg_CCOt2ShfBVKu-Y6CA-AkfnrF1zVIeQKwQmULOiPClQ\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-ETBdfWhapexIpI4vB5tN8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.jam3aJYHpRA.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":63,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpadmngr.com/static/adManager.js","fqdn":"js.wpadmngr.com","domain":"wpadmngr.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.wpadmngr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 01 Nov 2025 03:32:41 GMT","end":"Fri, 30 Jan 2026 03:32:40 GMT"},"fingerprint":{"sha1":"E3:9D:D3:89:FB:90:7B:AA:8C:19:20:0E:65:8F:8A:B8:25:1C:19:1C","sha256":"DA:2F:33:FE:DB:D4:DD:3C:4D:80:E7:DE:2D:70:4B:D7:61:B4:0C:64:DA:A2:78:BB:8F:0B:66:29:AA:A3:2F:37"}}},"request":{"raw":"GET /static/adManager.js HTTP/1.1\r\nHost: js.wpadmngr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:27 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Wed, 24 Dec 2025 08:35:28 GMT\r\netag: W/\"694ba5d0-24115\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 27 Dec 2025 07:02:27 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147733,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"bf20c44981795047ce2c610a2100a35a","sha1":"24c225c700d3f4208417651f6779de9758cd90a1","sha256":"0ec0d01651f974e70dc3c7d4cc50599dbd3a818863b7011ef052c3a0641dc161","sha512":"97612ed9de3cfb245c7e6a70420ca817b99f7b6db0dae1395fbc16c1eef8e4cb4ff993954fbddc4917563840baeef269a9edea324b06e0131fc2e2e833266e7a","ssdeep":"1536:O18MdnC5OPz8QP9r2RcZSgtK8sBggHhO12FoX50FtQySd8uj6DzKEVKf7lbe0etc:mFSGSgtqZXqd8uODG0K5y0etsz","tlshash":"c8e34adcb2d2b07407e75099d83f1206b73a1a16b80c9058f6a6e9c17878ddb5237f7a","first_seen":"2025-12-24T08:41:20.196676Z","last_seen":"2026-01-15T08:09:34.935655Z","times_seen":438,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":104,"dns":58,"connect":21,"send":0,"wait":41,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.wpadmngr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 02:02:57 GMT","end":"Wed, 25 Mar 2026 02:02:56 GMT"},"fingerprint":{"sha1":"C4:80:D6:E8:F3:2B:FD:8A:89:D9:CF:8B:78:3F:74:35:34:B3:68:8A","sha256":"DF:07:A2:74:C6:6C:63:AA:37:DD:AA:4F:E0:F5:C5:D7:9C:B8:28:C4:9C:45:3F:F7:BC:1B:0A:AE:7F:38:FF:B1"}}},"request":{"raw":"OPTIONS /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":88,"dns":2,"connect":25,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?site=native-push\u0026wl=1\u0026event_id=d73129db-a4a0-489d-87e8-f49da670351c\u0026subid=1122206845\u0026sid=3328635113\u0026spot_id=518960\u0026created_at=2025-12-27\u0026timezone=0\u0026ver=8.244.2\u0026is_native=1","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 02:02:57 GMT","end":"Wed, 25 Mar 2026 02:02:56 GMT"},"fingerprint":{"sha1":"C4:80:D6:E8:F3:2B:FD:8A:89:D9:CF:8B:78:3F:74:35:34:B3:68:8A","sha256":"DF:07:A2:74:C6:6C:63:AA:37:DD:AA:4F:E0:F5:C5:D7:9C:B8:28:C4:9C:45:3F:F7:BC:1B:0A:AE:7F:38:FF:B1"}}},"request":{"raw":"GET /in/dip?site=native-push\u0026wl=1\u0026event_id=d73129db-a4a0-489d-87e8-f49da670351c\u0026subid=1122206845\u0026sid=3328635113\u0026spot_id=518960\u0026created_at=2025-12-27\u0026timezone=0\u0026ver=8.244.2\u0026is_native=1 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"get.bunkrr.su/js/src.enc.js?0991231","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app.bunkrr.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 14:45:30 GMT","end":"Wed, 11 Feb 2026 14:45:29 GMT"},"fingerprint":{"sha1":"68:3F:1B:80:F9:B1:65:E8:E7:36:EE:48:0C:E2:F5:E7:C1:96:19:FF","sha256":"9B:18:48:92:4D:06:C6:01:BA:89:18:AC:95:3B:D8:A5:D8:5B:B7:F8:85:F3:D3:FB:CF:50:F8:10:5E:D1:B5:92"}}},"request":{"raw":"GET /js/src.enc.js?0991231 HTTP/1.1\r\nHost: get.bunkrr.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/file/56775502\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __ddg8_=Yz41Byk5kyS6okNk; __ddg10_=1766818647; __ddg9_=91.90.42.154; __ddg1_=ApTO61KpL5Wnt4ACIpq8\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=t2WQHQkOFbDJS0RN; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\n__ddg10_=1766818647; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\n__ddg9_=91.90.42.154; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\ndate: Wed, 17 Dec 2025 07:20:07 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-headers: Content-Type, Authorization, X-Requested-With\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\nlast-modified: Sat, 28 Jun 2025 21:14:15 GMT\r\nx-rate-limit-enabled: True\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\nage: 862641\r\ncontent-length: 2331\r\nddg-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":6079,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6079), with no line terminators","md5":"9051ecb3dc27be666c3cc5c01ae69de4","sha1":"a1f56eaf67052f856b05625aa1850b73c04c6be4","sha256":"e412bd0840616253480c162bb97ca31e3c49615be8a9417e39b4c901119982e1","sha512":"e921e26e257f8662711dbef4734032273cc188518b5263a919a1c2517b06cd831f90b90722f0cb7d0b73c295e6cd14307b2fb6b37966b92e54823fc6f8e68ed4","ssdeep":"96:CCJIduwuy8SdRWJTzOE1ycHsAIiBGuXL8Pg71srgaWrYfogIZN9OQlpAN4xLtBh0:CNuyR4HsADBvgeN9OQlpAN4xLtBhkPz3","tlshash":"4ec11b413dc1b4a12302ebe7752b70e4d03d6ada74618c8fe218b9e1b8a1366f7d3634","first_seen":"2025-06-30T03:55:50.225959Z","last_seen":"2026-04-03T12:43:26.367752Z","times_seen":144,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=155061","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 11:47:47 GMT","end":"Sun, 08 Feb 2026 11:47:46 GMT"},"fingerprint":{"sha1":"05:1E:63:2F:40:1F:87:C3:0D:F0:42:C7:EA:E8:B1:D8:6F:76:7C:FC","sha256":"1C:13:0E:F6:58:8A:8C:D7:DE:1F:9F:20:D5:17:50:15:02:D5:C8:8E:39:40:68:3F:01:24:F2:73:14:BA:25:0F"}}},"request":{"raw":"OPTIONS /fp?tag_id=155061 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.20.1\r\nDate: Sat, 27 Dec 2025 06:57:28 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type\r\nAccess-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nAccess-Control-Allow-Origin: https://get.bunkrr.su\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":193,"timings":{"blocked":83,"dns":1,"connect":27,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"86c6dd5578.0fcf105177.com/in/show/?tag_ab=d\u0026site_id=31518960\u0026adblock=0\u0026testab=0\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fget.bunkrr.su%2Ffile%2F56775502\u0026refdom=get.bunkrr.su\u0026auction_time=1766818648\u0026subid=1122206845\u0026sid=3328635113\u0026tcid=0\u0026ver=8.244.2\u0026ver_c=\u0026spot_id=518960\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-27\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=98.84504162691874\u0026kubik_score=94.181\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1122206845%26spot_id%3D518960%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fget.bunkrr.su%252Ffile%252F56775502%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252Ffhvfd.com%252Fapi%252Fsubmit_form_request%253Fp%253D68e777e9-0780-4e80-88b6-b53061e0cea8%2526ts%253D1766818649%2526z%253D10188189\u0026icons=6WjzNp2C7tN6gBSyX43Td8U3MDhbNyWy6vleZQCNiuFSFBbsKvNTLBztLzI_b9WdNFrldp5mbjuL00oDa2gdF5GVM9MU51kCoST6uHHxZbs5QUFvcSJJR_dtvxh_LIu4G_kvP76MJ6vaXFSUCJd-FlwCjApGMk1vklLYhklVdNSucjFaSQ\u0026ext_cid=0\u0026px_id=121631181\u0026min_cpm=0.0597965836001735\u0026out_id=1\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=8355940422373315510\u0026skin_id=55\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.10108929470037162\u0026cpm=0.00671761002797615\u0026verify_hash=39e1e2820c25aa60fb9667c2f25dfec5\u0026verify_hash_v2=41b4a39a3c971593c2ff54a18f24a2048a6e6750012d5c7f5dcc743b169604a9\u0026is_native=2\u0026real_bid=0.00143592192\u0026original_bid_usd=0.00143592192\u0026original_bid=0.00143592192\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=108,4,89,20,27,150,0\u0026need_redirect_show=0\u0026applied_features=main-skins-settings,coef_095\u0026show_count=1\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.00143592192\u0026hostname=auc-inpage-hz-15-c\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=movies,torrents\u0026pop_cpc=0.00143592192\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=general\u0026tma_wallet_balance=0\u0026processed_keywords=Movies%2CTorrents\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.004678255784253332\u0026social_network=\u0026publisher_id=8654\u0026advanced_pub_id=1010804\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=datingNotification-view-m_m-body\u0026mlf=1\u0026mlc=1\u0026cpa=aa81079f-7913-4573-92d7-f2e338e52258\u0026prev_step_diff=422\u0026st=0.02","fqdn":"86c6dd5578.0fcf105177.com","domain":"0fcf105177.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"0fcf105177.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Dec 2025 14:04:15 GMT","end":"Mon, 23 Mar 2026 14:04:14 GMT"},"fingerprint":{"sha1":"29:B4:01:B6:87:D2:83:2D:E4:FA:DC:2B:3F:A0:C9:13:06:D4:94:A9","sha256":"04:67:F4:DD:27:99:71:79:1B:3F:B1:11:3D:C0:30:17:4F:2C:1D:0A:7E:3B:07:B3:8C:23:11:53:7A:DC:87:8B"}}},"request":{"raw":"GET /in/show/?tag_ab=d\u0026site_id=31518960\u0026adblock=0\u0026testab=0\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fget.bunkrr.su%2Ffile%2F56775502\u0026refdom=get.bunkrr.su\u0026auction_time=1766818648\u0026subid=1122206845\u0026sid=3328635113\u0026tcid=0\u0026ver=8.244.2\u0026ver_c=\u0026spot_id=518960\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-27\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=98.84504162691874\u0026kubik_score=94.181\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1122206845%26spot_id%3D518960%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fget.bunkrr.su%252Ffile%252F56775502%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252Ffhvfd.com%252Fapi%252Fsubmit_form_request%253Fp%253D68e777e9-0780-4e80-88b6-b53061e0cea8%2526ts%253D1766818649%2526z%253D10188189\u0026icons=6WjzNp2C7tN6gBSyX43Td8U3MDhbNyWy6vleZQCNiuFSFBbsKvNTLBztLzI_b9WdNFrldp5mbjuL00oDa2gdF5GVM9MU51kCoST6uHHxZbs5QUFvcSJJR_dtvxh_LIu4G_kvP76MJ6vaXFSUCJd-FlwCjApGMk1vklLYhklVdNSucjFaSQ\u0026ext_cid=0\u0026px_id=121631181\u0026min_cpm=0.0597965836001735\u0026out_id=1\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=8355940422373315510\u0026skin_id=55\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.10108929470037162\u0026cpm=0.00671761002797615\u0026verify_hash=39e1e2820c25aa60fb9667c2f25dfec5\u0026verify_hash_v2=41b4a39a3c971593c2ff54a18f24a2048a6e6750012d5c7f5dcc743b169604a9\u0026is_native=2\u0026real_bid=0.00143592192\u0026original_bid_usd=0.00143592192\u0026original_bid=0.00143592192\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=108,4,89,20,27,150,0\u0026need_redirect_show=0\u0026applied_features=main-skins-settings,coef_095\u0026show_count=1\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.00143592192\u0026hostname=auc-inpage-hz-15-c\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=movies,torrents\u0026pop_cpc=0.00143592192\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=general\u0026tma_wallet_balance=0\u0026processed_keywords=Movies%2CTorrents\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.004678255784253332\u0026social_network=\u0026publisher_id=8654\u0026advanced_pub_id=1010804\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=datingNotification-view-m_m-body\u0026mlf=1\u0026mlc=1\u0026cpa=aa81079f-7913-4573-92d7-f2e338e52258\u0026prev_step_diff=422\u0026st=0.02 HTTP/1.1\r\nHost: 86c6dd5578.0fcf105177.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"86c6dd5578.0fcf105177.com/in/show/?tag_ab=d\u0026site_id=31518960\u0026adblock=0\u0026testab=0\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fget.bunkrr.su%2Ffile%2F56775502\u0026refdom=get.bunkrr.su\u0026auction_time=1766818648\u0026subid=1122206845\u0026sid=3328635113\u0026tcid=0\u0026ver=8.244.2\u0026ver_c=\u0026spot_id=518960\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-27\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=98.84504162691874\u0026kubik_score=94.181\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1122206845%26spot_id%3D518960%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fget.bunkrr.su%252Ffile%252F56775502%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=255176\u0026crtid=cca0c002af00964eac21c59597b75c0b\u0026url=https%3A%2F%2Fpointcontinentrtb.com%2Fv1%2Ftrack%2Fclick%3Fdata%3DeyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImVuLVVTIiwiYXQiOjE3NjY4MTg2NDkwMjAsImJ2IjoiMTM0LjAuMCIsImNjIjowLCJjciI6MCwiY3JzIjowLCJjcnNlZyI6InVua25vd24iLCJjcyI6Ilczc2liQ0k2TUN3aWRDSTZJbTV2Ym1VaUxDSmtJam93ZlYwPSIsImN0cCI6ZmFsc2UsImN1IjoiaXArdWEiLCJkcCI6ImRpcmVjdCIsImR0IjoxNzY2OTA1MDQ5MDIwLCJlY3BhIjowLCJlciI6IjgzNTU5NDA0MjIzNzMzMTU1MTAiLCJlcyI6IjE3OTExIiwiaSI6IjMxNTE4OTYwOjE4NzoxMzAzOTY4NDU0OTM1MDM4OTc2Nzo4MTM0NzoyNTUxNzY6NjM3NzkyNjMxMTg1NDIyNTU3MToxOTUxMDo6IiwiaWNzIjowLCJpcCI6IjkxLjkwLjQyLjE1NCIsImlwdjYiOiI6OiIsImp0aSI6IjdhODYwZjM2LWUzMDAtNDI3Yi04Njk5LWU1MDdkZDAyMGMyMiIsInAiOjAuMDAwMDQ1LCJwciI6ZmFsc2UsInJwIjowLjAwMDA0NSwicyI6ZmFsc2UsInNkIjotMSwic3AiOiJ7fSIsInQiOiJpbnBhZ2VfYWR1bHRfbXFfdjI6Y3BjIiwidHAiOjAuMDAwNDgzNTU5NTQ2NzQ5MzAwNTYsInRyaWQiOiJ0Y2ItZHNwLWh6LTE3IiwidSI6Imh0dHBzOi8vaHlwZXJhbm9kaXplcmVlci5jb20vNC8yNTk3OTk_dXRtX3NvdXJjZT1odHRwczovL3R1YmUtdG9hZC5jb21cdTAwMjZhdWN0aW9uX2lkPXslYXVjdGlvbl9pZCV9IiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzQuMCIsInVoIjoiMmM3YjcxYWZmNjRiYTA0N2MxOGU5ZWZkZWM3MDcyOTMiLCJ1aSI6IjdiNmRhYTU2LTQxZjQtNTYyMC1iZTNjLTc4NmU4NGRiMDI5OSIsInVyIjoiMTg3OmlucGFnZV9hZHVsdF9tcV92MjozMTUxODk2MDp0cnVlOiIsInYiOiIiLCJ2ZiI6IiJ9.IR7YBO75ZowHMljkfct098r-SqafFVH-3rCqnds-Yuo%26sp%3D4.5e-05%26skin_id%3D55\u0026icons=7P_K83JQsKo1LOirsSsRZyBQYHL4_DHjzJhdNt6jpx01heV2qb09j1FAeZZfQJFFP-T1ibaeS54BIC8s0thSsrtWkMxYAZT-O7tmQsOdMs8pWCaeOnsgslYlA4E0amNei7ZxVbhhbNKGIsgDC34mZOCu8xD9KKNr46_09mp9kqHmw9DFYuoV7ZAPycUVvRDIn9VxSGNbqmPnLA30XcmEFz35jVulONi1HeQ_plTgkGa-4ZYI1sjaJQo4eDFlFO1wX2P1CDoKoH0cGJEiNWaTDiwdXwtxvTOHna_5Oz-q2r456ucQGZ_5HyjpBLBx0Lz-ZOi1EpfwLaZPnEYQ687BFcshC4g5ZGl1UnDThvXRE37Pa42idxLwXh-ljkRFZOz6FRuCMtODjb1dSzCAJLshDEoGg7R8l63Cp9JCqKn7Z13WcyO4vheYqILRyfFROaoICi3cbLr7RMMsoQRfKIiqBcKhdg5ByXsuSmHQ1ssOOW0Irb0dj3OlOi0HkY5v3jk7FW9NoDqxDlmhPkjJpAzZWcZo7_OOI9WUFcfofEb3rCOv6Ua_Dp0SpAXXyDk5ZGqoxENyAv5csr4QFPBg1p2SNUrqGj5EqjpGJvRLXp8WJxBqEu4t6FV574fSSAnYJxL8G5yPOcfFRF9Q7ORSGInm4FclFda22GN8MCr79HxQq1bbcVwV4jUM756RLUXdhvoKCXJaRc8j_-e5OfTtcmeFRXiUuhmmfFKs1GE-oxn1nJgcPs4gjJqY9313nQgCT1ggiXM20p0bICplRe-3TuAkIZQe0SnUmLG8UcOXT8gFnR16eVioPaO5QEZMFJwyN7Ng_J81fQO618KTjgcP6ZAWpkXm2WQGOrOaix5lOozIuxkkfr6k8rC3C92XYw1sUWEwM5ApIfhxpZn3cay16E6ZdBWECPKnFNNwngXoFTjE79HWZHqyBKjBp79LeBtS4hSuJ6eVR7C-WgHXfcfMTkfMw1vcVJ6jVMspw9eMEQhgcDIGwNcSr1djSOSDKaQbwf58mxnNAwbbrKqFinabBYcJtaocM9U-7Wy9WYJoJM70ywjBuk_cMTKMTJMN5H4FZYPnkQD2aitXrtT2-ddQfXtoBlqwB-UCMn1wJE7_BvRG92Vz883IEu5erHAmTuTra6Ax6BHB6tslby4kJzQijikOdutBI_7aXAQBF63hqmZ6AO2FpKPpDz7xgslj8bhr2mmc2rTy3I-1wSu8NBKloD75TLRFZq6rXroBxFF46fdcES6IcygL44CeoZPl8FK-ji-ahE7QtkZ-sR4VVVXi-U8Q3Iw6ujadwFwcTOx_WVRzpfa9kgoLRqToNCnTkNKVfI25UAoEJMi1lFa-02juZjykDkZd0QLqMsr8WLmUOM4B-WJD-67RP06nfRYcMGMF4uRpGB-KXcXKNid097lRlaOLW180HPTK9t7GKQyhKQ6WaDDfUKeCuRqgch21REhjFatTMzFOSh0-tYiauDlNoBpmIRwZsT4b4BVcmKzGwii42AUU71XMgjqwMrsCFdoxgAJTISZcRuKB_gaPxXJMZCTcwOJpvGyWRKu65qiwddUPlTJpaLxWrJG8xnFnJ7cVV-Ts3TMFO7BWZD2iZ9rWXP4eOLVm1hSjVHmM_4KhqghyF0ifZ1aHDVOnAg4-WkYeWYtFRMDXiVgoWge9VOswl9Rzq24qzS3aV1dAO0cEZlvc0bC5SiMrSjnDaInAv9veoHciuNxtYAlmf22cCYiVa5APqQDq\u0026ext_cid=81347\u0026px_id=31518960\u0026min_cpm=0.026855431170607458\u0026out_id=0\u0026campaign_type=mq\u0026aid=3296\u0026cid=17911\u0026uniq=e38eb155754d1729394e4d42a3653e0fdbb1973b3f3fd30bf04619b4d205c822\u0026mid=8355940422373315510\u0026skin_id=55\u0026vertical_id=19\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.0013443998356357746\u0026cpm=0.0014227959248832509\u0026verify_hash=d1534cf8cd0df2b505a381ffd84416ba\u0026verify_hash_v2=539eccf19be3b5d47e61ba9a5bfa8307fe545c6c89bb60e1a0abc624dd426958\u0026is_native=1\u0026real_bid=4.2520498931407954e-05\u0026original_bid_usd=0.000045\u0026original_bid=4.5e-05\u0026show_type=0\u0026exp=180\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=19,98,123,101,4\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=1766905048\u0026image_url=https%3A%2F%2Fassets.ahmybid.net%2Ff88c0af9-7cd8-4b64-bb90-8fafdf0e1fa7.jpg\u0026site=native-push-adult\u0026price=0.000045\u0026hostname=auc-inpage-hz-15-c\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=movies,torrents\u0026pop_cpc=0.000045\u0026ext_campaign_id_str=81347\u0026is_webview=0\u0026client_price=0.000042520498931407954\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=cpc\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=general\u0026tma_wallet_balance=0\u0026processed_keywords=Movies%2CTorrents\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.031617687219627794\u0026social_network=\u0026publisher_id=8654\u0026advanced_pub_id=318654\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpc\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=datingNotification-view-m_m-body\u0026cpa=bad22df4-078d-4f3b-9134-dd0dd1f61fc0\u0026prev_step_diff=422\u0026st=0.02","fqdn":"86c6dd5578.0fcf105177.com","domain":"0fcf105177.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"0fcf105177.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Dec 2025 14:04:15 GMT","end":"Mon, 23 Mar 2026 14:04:14 GMT"},"fingerprint":{"sha1":"29:B4:01:B6:87:D2:83:2D:E4:FA:DC:2B:3F:A0:C9:13:06:D4:94:A9","sha256":"04:67:F4:DD:27:99:71:79:1B:3F:B1:11:3D:C0:30:17:4F:2C:1D:0A:7E:3B:07:B3:8C:23:11:53:7A:DC:87:8B"}}},"request":{"raw":"GET /in/show/?tag_ab=d\u0026site_id=31518960\u0026adblock=0\u0026testab=0\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=0\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fget.bunkrr.su%2Ffile%2F56775502\u0026refdom=get.bunkrr.su\u0026auction_time=1766818648\u0026subid=1122206845\u0026sid=3328635113\u0026tcid=0\u0026ver=8.244.2\u0026ver_c=\u0026spot_id=518960\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2025-12-27\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=98.84504162691874\u0026kubik_score=94.181\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1122206845%26spot_id%3D518960%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fget.bunkrr.su%252Ffile%252F56775502%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=255176\u0026crtid=cca0c002af00964eac21c59597b75c0b\u0026url=https%3A%2F%2Fpointcontinentrtb.com%2Fv1%2Ftrack%2Fclick%3Fdata%3DeyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImVuLVVTIiwiYXQiOjE3NjY4MTg2NDkwMjAsImJ2IjoiMTM0LjAuMCIsImNjIjowLCJjciI6MCwiY3JzIjowLCJjcnNlZyI6InVua25vd24iLCJjcyI6Ilczc2liQ0k2TUN3aWRDSTZJbTV2Ym1VaUxDSmtJam93ZlYwPSIsImN0cCI6ZmFsc2UsImN1IjoiaXArdWEiLCJkcCI6ImRpcmVjdCIsImR0IjoxNzY2OTA1MDQ5MDIwLCJlY3BhIjowLCJlciI6IjgzNTU5NDA0MjIzNzMzMTU1MTAiLCJlcyI6IjE3OTExIiwiaSI6IjMxNTE4OTYwOjE4NzoxMzAzOTY4NDU0OTM1MDM4OTc2Nzo4MTM0NzoyNTUxNzY6NjM3NzkyNjMxMTg1NDIyNTU3MToxOTUxMDo6IiwiaWNzIjowLCJpcCI6IjkxLjkwLjQyLjE1NCIsImlwdjYiOiI6OiIsImp0aSI6IjdhODYwZjM2LWUzMDAtNDI3Yi04Njk5LWU1MDdkZDAyMGMyMiIsInAiOjAuMDAwMDQ1LCJwciI6ZmFsc2UsInJwIjowLjAwMDA0NSwicyI6ZmFsc2UsInNkIjotMSwic3AiOiJ7fSIsInQiOiJpbnBhZ2VfYWR1bHRfbXFfdjI6Y3BjIiwidHAiOjAuMDAwNDgzNTU5NTQ2NzQ5MzAwNTYsInRyaWQiOiJ0Y2ItZHNwLWh6LTE3IiwidSI6Imh0dHBzOi8vaHlwZXJhbm9kaXplcmVlci5jb20vNC8yNTk3OTk_dXRtX3NvdXJjZT1odHRwczovL3R1YmUtdG9hZC5jb21cdTAwMjZhdWN0aW9uX2lkPXslYXVjdGlvbl9pZCV9IiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzQuMCIsInVoIjoiMmM3YjcxYWZmNjRiYTA0N2MxOGU5ZWZkZWM3MDcyOTMiLCJ1aSI6IjdiNmRhYTU2LTQxZjQtNTYyMC1iZTNjLTc4NmU4NGRiMDI5OSIsInVyIjoiMTg3OmlucGFnZV9hZHVsdF9tcV92MjozMTUxODk2MDp0cnVlOiIsInYiOiIiLCJ2ZiI6IiJ9.IR7YBO75ZowHMljkfct098r-SqafFVH-3rCqnds-Yuo%26sp%3D4.5e-05%26skin_id%3D55\u0026icons=7P_K83JQsKo1LOirsSsRZyBQYHL4_DHjzJhdNt6jpx01heV2qb09j1FAeZZfQJFFP-T1ibaeS54BIC8s0thSsrtWkMxYAZT-O7tmQsOdMs8pWCaeOnsgslYlA4E0amNei7ZxVbhhbNKGIsgDC34mZOCu8xD9KKNr46_09mp9kqHmw9DFYuoV7ZAPycUVvRDIn9VxSGNbqmPnLA30XcmEFz35jVulONi1HeQ_plTgkGa-4ZYI1sjaJQo4eDFlFO1wX2P1CDoKoH0cGJEiNWaTDiwdXwtxvTOHna_5Oz-q2r456ucQGZ_5HyjpBLBx0Lz-ZOi1EpfwLaZPnEYQ687BFcshC4g5ZGl1UnDThvXRE37Pa42idxLwXh-ljkRFZOz6FRuCMtODjb1dSzCAJLshDEoGg7R8l63Cp9JCqKn7Z13WcyO4vheYqILRyfFROaoICi3cbLr7RMMsoQRfKIiqBcKhdg5ByXsuSmHQ1ssOOW0Irb0dj3OlOi0HkY5v3jk7FW9NoDqxDlmhPkjJpAzZWcZo7_OOI9WUFcfofEb3rCOv6Ua_Dp0SpAXXyDk5ZGqoxENyAv5csr4QFPBg1p2SNUrqGj5EqjpGJvRLXp8WJxBqEu4t6FV574fSSAnYJxL8G5yPOcfFRF9Q7ORSGInm4FclFda22GN8MCr79HxQq1bbcVwV4jUM756RLUXdhvoKCXJaRc8j_-e5OfTtcmeFRXiUuhmmfFKs1GE-oxn1nJgcPs4gjJqY9313nQgCT1ggiXM20p0bICplRe-3TuAkIZQe0SnUmLG8UcOXT8gFnR16eVioPaO5QEZMFJwyN7Ng_J81fQO618KTjgcP6ZAWpkXm2WQGOrOaix5lOozIuxkkfr6k8rC3C92XYw1sUWEwM5ApIfhxpZn3cay16E6ZdBWECPKnFNNwngXoFTjE79HWZHqyBKjBp79LeBtS4hSuJ6eVR7C-WgHXfcfMTkfMw1vcVJ6jVMspw9eMEQhgcDIGwNcSr1djSOSDKaQbwf58mxnNAwbbrKqFinabBYcJtaocM9U-7Wy9WYJoJM70ywjBuk_cMTKMTJMN5H4FZYPnkQD2aitXrtT2-ddQfXtoBlqwB-UCMn1wJE7_BvRG92Vz883IEu5erHAmTuTra6Ax6BHB6tslby4kJzQijikOdutBI_7aXAQBF63hqmZ6AO2FpKPpDz7xgslj8bhr2mmc2rTy3I-1wSu8NBKloD75TLRFZq6rXroBxFF46fdcES6IcygL44CeoZPl8FK-ji-ahE7QtkZ-sR4VVVXi-U8Q3Iw6ujadwFwcTOx_WVRzpfa9kgoLRqToNCnTkNKVfI25UAoEJMi1lFa-02juZjykDkZd0QLqMsr8WLmUOM4B-WJD-67RP06nfRYcMGMF4uRpGB-KXcXKNid097lRlaOLW180HPTK9t7GKQyhKQ6WaDDfUKeCuRqgch21REhjFatTMzFOSh0-tYiauDlNoBpmIRwZsT4b4BVcmKzGwii42AUU71XMgjqwMrsCFdoxgAJTISZcRuKB_gaPxXJMZCTcwOJpvGyWRKu65qiwddUPlTJpaLxWrJG8xnFnJ7cVV-Ts3TMFO7BWZD2iZ9rWXP4eOLVm1hSjVHmM_4KhqghyF0ifZ1aHDVOnAg4-WkYeWYtFRMDXiVgoWge9VOswl9Rzq24qzS3aV1dAO0cEZlvc0bC5SiMrSjnDaInAv9veoHciuNxtYAlmf22cCYiVa5APqQDq\u0026ext_cid=81347\u0026px_id=31518960\u0026min_cpm=0.026855431170607458\u0026out_id=0\u0026campaign_type=mq\u0026aid=3296\u0026cid=17911\u0026uniq=e38eb155754d1729394e4d42a3653e0fdbb1973b3f3fd30bf04619b4d205c822\u0026mid=8355940422373315510\u0026skin_id=55\u0026vertical_id=19\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.0013443998356357746\u0026cpm=0.0014227959248832509\u0026verify_hash=d1534cf8cd0df2b505a381ffd84416ba\u0026verify_hash_v2=539eccf19be3b5d47e61ba9a5bfa8307fe545c6c89bb60e1a0abc624dd426958\u0026is_native=1\u0026real_bid=4.2520498931407954e-05\u0026original_bid_usd=0.000045\u0026original_bid=4.5e-05\u0026show_type=0\u0026exp=180\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0%29%20Gecko%2F20100101%20Firefox%2F134.0\u0026ip_mismatch=91.90.42.154\u0026geo=NO\u0026carrier=-\u0026label_ids=19,98,123,101,4\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=1766905048\u0026image_url=https%3A%2F%2Fassets.ahmybid.net%2Ff88c0af9-7cd8-4b64-bb90-8fafdf0e1fa7.jpg\u0026site=native-push-adult\u0026price=0.000045\u0026hostname=auc-inpage-hz-15-c\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=movies,torrents\u0026pop_cpc=0.000045\u0026ext_campaign_id_str=81347\u0026is_webview=0\u0026client_price=0.000042520498931407954\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=cpc\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=general\u0026tma_wallet_balance=0\u0026processed_keywords=Movies%2CTorrents\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.031617687219627794\u0026social_network=\u0026publisher_id=8654\u0026advanced_pub_id=318654\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpc\u0026final_source_id=0\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=datingNotification-view-m_m-body\u0026cpa=bad22df4-078d-4f3b-9134-dd0dd1f61fc0\u0026prev_step_diff=422\u0026st=0.02 HTTP/1.1\r\nHost: 86c6dd5578.0fcf105177.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bunkr.ph/css/master.css","fqdn":"bunkr.ph","domain":"bunkr.ph","tld":"ph"},"ip":{"addr":"91.149.226.80","port":443,"asn":201744,"as":"ByteFlare LTD","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bunkr.ph","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 00:39:22 GMT","end":"Tue, 03 Feb 2026 00:39:21 GMT"},"fingerprint":{"sha1":"FB:06:2E:19:94:C9:26:24:51:96:7F:88:AA:BE:33:B3:A5:21:C1:95","sha256":"CC:0C:B0:B5:67:83:B6:E5:21:87:43:65:D9:5C:16:70:12:4D:99:3C:71:51:1C:5E:71:21:E4:4B:AD:FE:11:A3"}}},"request":{"raw":"GET /css/master.css HTTP/1.1\r\nHost: bunkr.ph\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Dec 2025 06:57:27 GMT\r\nContent-Type: text/css; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Mon, 06 Jan 2025 22:01:43 GMT\r\nX-Rate-Limit-Enabled: True\r\nX-Content-Type-Options: nosniff\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53154,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Algol 68 source, ASCII text, with very long lines (53154), with no line terminators","md5":"fd173d7008fdc784564ed9bea00306d4","sha1":"90e270555d1e6f781a340b95d6e1d53c573a352d","sha256":"b586a0a37a9d408de124398dd9559075d522e84bd19c6b1dbc4488d5d3e33c1c","sha512":"880323adbbc26d6f0528f987e03435b74a64af69740170498c9d674361bd85f49acb4520ce21c845399c4e0850468cd9ce0d9d7e989a8cd2724956652a0122c5","ssdeep":"768:HXN9Dwc2EZNRc85WdUk6uKK5dMeojTxZNvv8:sP78sdUkrpgTO","tlshash":"cf33b6ddbb45007e7c27c5f9e718ba5da006b1c0ee255799edaa022486c23f32de3578","first_seen":"2025-01-20T18:29:54.466784Z","last_seen":"2026-04-04T10:08:20.103343Z","times_seen":342,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":48,"dns":34,"connect":2,"send":0,"wait":3,"receive":1,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"get.bunkrr.su/favicon.ico","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app.bunkrr.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 14:45:30 GMT","end":"Wed, 11 Feb 2026 14:45:29 GMT"},"fingerprint":{"sha1":"68:3F:1B:80:F9:B1:65:E8:E7:36:EE:48:0C:E2:F5:E7:C1:96:19:FF","sha256":"9B:18:48:92:4D:06:C6:01:BA:89:18:AC:95:3B:D8:A5:D8:5B:B7:F8:85:F3:D3:FB:CF:50:F8:10:5E:D1:B5:92"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: get.bunkrr.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/file/56775502\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __ddg8_=t2WQHQkOFbDJS0RN; __ddg10_=1766818647; __ddg9_=91.90.42.154; __ddg1_=ApTO61KpL5Wnt4ACIpq8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=6AacKtkh8nLD565r; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\n__ddg10_=1766818647; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\n__ddg9_=91.90.42.154; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\ndate: Sat, 27 Dec 2025 06:57:27 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 19\r\nx-content-type-options: nosniff\r\nx-rate-limit-enabled: True\r\nreferrer-policy: strict-origin-when-cross-origin\r\nage: 0\r\nddg-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":19,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"595e88012a6521aae3e12cbebe76eb9e","sha1":"da3968197e7bf67aa45a77515b52ba2710c5fc34","sha256":"b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793","sha512":"fd13c580d15cc5e8b87d97ead633209930e00e85c113c776088e246b47f140efe99bdf6ab02070677445db65410f7e62ec23c71182f9f78e9d0e1b9f7fda0dc3","ssdeep":"","tlshash":"1270000c0a0202082020002822800020080802022a802220000aa00882008000800888","first_seen":"2023-04-05T03:13:11Z","last_seen":"2026-04-05T08:32:01.687548Z","times_seen":29438,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":138,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"30b2635297.960021c71c.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjcwOTk0OTMxMjQ3NzQwMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjQwLjIiLCJ0YWdfaWQiOjE1NTA2MSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI2LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9","fqdn":"30b2635297.960021c71c.com","domain":"960021c71c.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"30b2635297.960021c71c.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 02:47:53 GMT","end":"Tue, 24 Mar 2026 02:47:52 GMT"},"fingerprint":{"sha1":"C9:F4:4A:52:42:4F:E8:EF:0E:7F:F8:17:EB:A7:4A:08:0C:46:85:D7","sha256":"5E:D5:75:5C:76:73:7E:3B:96:5F:2A:00:0F:EF:BE:3B:DF:7B:CD:1E:85:ED:B4:1F:B8:30:D5:23:EE:53:C3:2F"}}},"request":{"raw":"GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjcwOTk0OTMxMjQ3NzQwMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjQwLjIiLCJ0YWdfaWQiOjE1NTA2MSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI2LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1\r\nHost: 30b2635297.960021c71c.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nx-cdn-host-id: AH1747\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":130,"dns":83,"connect":21,"send":0,"wait":32,"receive":5,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"86c6dd5578.0fcf105177.com/in/multy","fqdn":"86c6dd5578.0fcf105177.com","domain":"0fcf105177.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"0fcf105177.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Dec 2025 14:04:15 GMT","end":"Mon, 23 Mar 2026 14:04:14 GMT"},"fingerprint":{"sha1":"29:B4:01:B6:87:D2:83:2D:E4:FA:DC:2B:3F:A0:C9:13:06:D4:94:A9","sha256":"04:67:F4:DD:27:99:71:79:1B:3F:B1:11:3D:C0:30:17:4F:2C:1D:0A:7E:3B:07:B3:8C:23:11:53:7A:DC:87:8B"}}},"request":{"raw":"OPTIONS /in/multy HTTP/1.1\r\nHost: 86c6dd5578.0fcf105177.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":111,"dns":30,"connect":25,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"enrtx.com/get/","fqdn":"enrtx.com","domain":"enrtx.com","tld":"com"},"ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"popunder-base.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:48:33 GMT","end":"Tue, 03 Feb 2026 02:48:32 GMT"},"fingerprint":{"sha1":"DF:80:3A:A1:4E:A7:47:86:A1:5F:68:2B:5B:AF:F5:A8:BC:15:A6:70","sha256":"4D:BD:57:8F:2B:73:C5:49:EE:D9:2E:BE:D6:03:16:1E:BD:42:5D:7E:AA:12:FA:BF:8D:DF:AA:CB:5D:D0:5F:CD"}}},"request":{"raw":"POST /get/ HTTP/1.1\r\nHost: enrtx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1745\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1745,"data":"{\"imp\":[{\"secure\":1,\"ext\":{\"user_keywords\":\"\",\"tag_ab\":\"d\",\"id\":2612,\"spaceid\":2612,\"type\":\"pop\",\"subid\":\"2021707380\",\"utm1\":\"\",\"utm2\":\"\",\"utm4\":\"\",\"spot_id\":518958,\"labels\":\"\",\"blocked_verticals\":\"\",\"allowed_labels\":\"\",\"ad_tags\":\"Download%2Cmadison_skyy_6.mp4\",\"refdomain\":\"\",\"is_iframe\":false,\"gyr\":0,\"features\":\"\",\"accel\":0,\"ssp\":3758,\"rchange\":true,\"otype\":2,\"stratagem\":\"\",\"v2_track\":0,\"cla\":0,\"v2\":0,\"mn\":0,\"timezone_olson\":\"UTC\",\"event_id\":\"dc115207-7c03-4674-8ac0-488e79377a65\",\"testab\":0,\"approved_mainstream\":0,\"ver\":\"1.170.4\"},\"pext\":{\"ab\":0},\"metrics\":{\"sp_scr\":0,\"intes\":[],\"high_fr_clicks\":false,\"dev_cons_act\":false,\"scroll_percent\":0,\"empty_clicks\":0,\"prev_step_diff\":344,\"act_su\":1,\"izb\":\"0\"}}],\"site\":{\"id\":\"518958\",\"cat\":[\"IAB25\"],\"page\":\"https%3A//get.bunkrr.su/file/56775502\"},\"device\":{\"w\":1280,\"h\":1024},\"user\":{\"id\":\"59af962887f337d7299b142fa6337684\",\"fp\":null,\"fp_str\":\"\",\"ua_data\":null,\"interest_ids\":[],\"is_webview\":false,\"is_inapp\":false,\"social_network\":\"\",\"device_specs\":{\"brand\":\"\",\"gpu_brand\":\"\",\"gpu_version\":\"\",\"os_name\":\"Windows\",\"cpu_cores\":48,\"device_memory\":0,\"width\":1024,\"height\":1280}},\"fp_params\":{\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"languages\":[\"en-US\",\"en\"],\"fonts\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"fontPreferences\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"platform\":\"Win32\",\"colorDepth\":24,\"deviceMemory\":0,\"hardwareConcurrency\":48,\"indexedDB\":true,\"sessionStorage\":true,\"localStorage\":true,\"cookiesEnabled\":true,\"colorGamut\":\"srgb\"},\"ext\":{\"dt\":1766818649200}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-type: application/json\r\ncontent-length: 2845\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8335,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ee198734cd744fc0057e60827ba876a6","sha1":"91712e64d824659eabf08b7dea2a91394aa53b13","sha256":"32e3b735132a9f80474e0ef74e482d5d84d4260ba09918d74435d55b47b83cc8","sha512":"b2551e37dcc7e97505f55aa171e190e34bfddfd3f57eeccced60a97b221d66efa79c54e659fbf48babc3c2b9a971de914debccdd648b5132844f065ad60f2eca","ssdeep":"192:yMpJdGGPeSm3UDxomED/YZfMpJdGGP3xomED/YRL:xJdVmSm3axkD/YZQJdV/xkD/YRL","tlshash":"78022bc20cb36e29b494691e7109de6816c891a36fcd886cc0f94e4f494a37fd1ae57c","first_seen":"2025-12-27T06:57:56.191032Z","last_seen":"2025-12-27T06:57:56.191032Z","times_seen":1,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":90,"dns":4,"connect":27,"send":0,"wait":179,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"get.bunkrr.su/file/56775502","fqdn":"get.bunkrr.su","domain":"bunkrr.su","tld":"su"},"ip":{"addr":"186.2.163.80","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T06:57:26.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app.bunkrr.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 14:45:30 GMT","end":"Wed, 11 Feb 2026 14:45:29 GMT"},"fingerprint":{"sha1":"68:3F:1B:80:F9:B1:65:E8:E7:36:EE:48:0C:E2:F5:E7:C1:96:19:FF","sha256":"9B:18:48:92:4D:06:C6:01:BA:89:18:AC:95:3B:D8:A5:D8:5B:B7:F8:85:F3:D3:FB:CF:50:F8:10:5E:D1:B5:92"}}},"request":{"raw":"GET /file/56775502 HTTP/1.1\r\nHost: get.bunkrr.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ddos-guard\r\nset-cookie: __ddg8_=Yz41Byk5kyS6okNk; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\n__ddg10_=1766818647; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\n__ddg9_=91.90.42.154; Domain=.bunkrr.su; Path=/; Expires=Sat, 27-Dec-2025 07:17:27 GMT\n__ddg1_=ApTO61KpL5Wnt4ACIpq8; Domain=.bunkrr.su; HttpOnly; Path=/; Expires=Sun, 27-Dec-2026 06:57:27 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\ndate: Sat, 27 Dec 2025 06:57:27 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-headers: Content-Type, Authorization, X-Requested-With\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\nx-cache: HIT\r\nx-rate-limit-enabled: True\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":7881,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (6448)","md5":"ef80a707b29818ccaf131efa383381c2","sha1":"1db1346f8b9fb79432269431d0dc2342276e4416","sha256":"09421ecedca604b09ee306b8bce3e3c56157ac6db7f41b096df0635f04eb25f0","sha512":"e2d191c69da69f595c6e996bb3d348fcfb9c6891eab286cef8336ba412273f40dfdfebbbf6b156cd4277268e1819f6fac5afb30e86980d57731ffda139c9a6f5","ssdeep":"96:SA5nSur7PTXWJnG7Vvxkh0NhBaJzOHp+G1EbCQiQZAJ1tTBl0yXS+tpTQxZ:SkSuGo7hxf9H9eWQVAhBm8TO","tlshash":"f1f133f2bdbb334d869371d97d1611015400946a02aabc98fa9cf2d6bfb4dfe5927310","first_seen":"2025-12-27T06:57:56.19345Z","last_seen":"2025-12-27T06:57:56.19345Z","times_seen":1,"resource_available":false,"data":null}},"time_used":633,"timings":{"blocked":249,"dns":182,"connect":28,"send":0,"wait":135,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"423e50637f.93a6ccad67.com/e24ac9fc210e67879db5e471c86de7f5.js","fqdn":"423e50637f.93a6ccad67.com","domain":"93a6ccad67.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.645Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /e24ac9fc210e67879db5e471c86de7f5.js HTTP/1.1\r\nHost: 423e50637f.93a6ccad67.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-282535986:1766818648698933\u0026ifkv=Ac2yZaWYTt2_bGglWTjlAoGA5OA0u7AOZVngCHhAhW6CryhJGIcLbHcAVwowjNUTo8EZrtFkya-sbw","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:21 GMT","end":"Wed, 25 Feb 2026 15:57:20 GMT"},"fingerprint":{"sha1":"D5:E1:28:04:A2:5B:9C:21:BA:4A:37:C4:BB:E4:7D:93:53:75:26:02","sha256":"11:38:E4:46:CD:40:CF:56:D7:CE:A5:4A:87:26:DF:58:92:54:80:79:8D:FE:8D:33:0E:9D:5E:53:C9:19:6C:20"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-282535986:1766818648698933\u0026ifkv=Ac2yZaWYTt2_bGglWTjlAoGA5OA0u7AOZVngCHhAhW6CryhJGIcLbHcAVwowjNUTo8EZrtFkya-sbw HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:6ay6qlQ29mDH0qfhY7Bxn52o-aqdow:ZlPkMrY7JFQo5FkN;Path=/;Expires=Mon, 27-Dec-2027 06:57:28 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-282535986%3A1766818648698933\u0026hl=en\u0026ifkv=Ac2yZaVm8qUWsRF9cVcCfmE_yZGMmN3ZTbg_CCOt2ShfBVKu-Y6CA-AkfnrF1zVIeQKwQmULOiPClQ\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-1UrYXxDA-B_a92jZhNpauA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 419\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":63,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpushsdk.com/skins/nmain.m.js","fqdn":"js.wpushsdk.com","domain":"wpushsdk.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.wpushsdk.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 07:32:11 GMT","end":"Sat, 31 Jan 2026 07:32:10 GMT"},"fingerprint":{"sha1":"5D:B0:51:22:B4:86:47:42:74:7D:68:50:E7:C9:08:D7:7B:41:91:8C","sha256":"09:01:AE:7A:8E:97:6A:90:A0:1C:ED:8A:B0:05:D4:B3:89:1C:C9:7F:8A:21:8B:8D:59:7F:5C:48:74:65:0E:99"}}},"request":{"raw":"GET /skins/nmain.m.js HTTP/1.1\r\nHost: js.wpushsdk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Thu, 11 Dec 2025 12:18:05 GMT\r\netag: W/\"693ab67d-93aca\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 27 Dec 2025 07:02:28 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: DS8137\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":604874,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"dc975e803629b2688e2e36525ce024c9","sha1":"6ac03bb75a489cd0a49fb67b5b53513d61b0d1a1","sha256":"e2b93e3762332c11ea5ea691614926d6bd50ad11e162434699fc56eca9405e5d","sha512":"10efae7e45a6a456818e53fc52ab7ae9b1f550c4ca6adb3ec1e9d40e66cf0b9671e4e68ef8a699339e615d5161b38b3e794e6c782012d72e8b632f4169abb20b","ssdeep":"12288:bO6w3S6RowOCoO68XFxz9CuIgoQfKjbTxoWbPOSbvVTQBUfRLsddHxchOXEJOOzu:bOxVqufz9CNgoRbxdZUWZW","tlshash":"66d45a3132911139b0bfc8c6aa66278d336cf247e9170f55f96faaa483dbd54f625380","first_seen":"2025-12-11T16:15:42.358852Z","last_seen":"2026-01-29T09:34:31.702939Z","times_seen":800,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.wpushsdk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.ahmybid.net/b58a6655-180d-46a5-95df-3634f3b0c9d7.jpg","fqdn":"assets.ahmybid.net","domain":"ahmybid.net","tld":"net"},"ip":{"addr":"45.133.44.24","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"assets.ahmybid.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Dec 2025 02:33:55 GMT","end":"Sat, 21 Mar 2026 02:33:54 GMT"},"fingerprint":{"sha1":"F2:BA:3F:0A:E5:B4:FC:41:6D:3B:86:AD:1D:A6:DA:35:9A:22:C9:F3","sha256":"E1:6A:44:45:9C:2C:97:99:D5:3E:C2:99:E7:1C:2A:48:C0:DD:9D:14:86:90:E4:BA:A6:7D:4D:9D:CE:CA:7E:1A"}}},"request":{"raw":"GET /b58a6655-180d-46a5-95df-3634f3b0c9d7.jpg HTTP/1.1\r\nHost: assets.ahmybid.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 4226\r\nserver: nginx/1.24.0\r\nlast-modified: Tue, 16 Dec 2025 13:26:24 GMT\r\netag: \"69415e00-1082\"\r\ncache-control: public, max-age=43200\r\nx-cdn-host-id: AH1742,DS5058\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4226,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 75\", baseline, precision 8, 192x108, components 3","md5":"78af8c0036afa9f150b8909dd688e098","sha1":"0151bf344222644aba98653b06d24985a284ea3a","sha256":"65f6c9b0454ae658daba5a66e6bceaa7676521fef15cdfc87884b9ee3c24dbc4","sha512":"d591bdaab3090cf0d9d30fdd704db9cf9a39c646d56fd820ee921793f6bfdee8d1bbabe8b9b19d840985ab6b162c12921be8a81a46053640208e831dde8669a8","ssdeep":"96:GhOE4ZFY99PNy7tfK1Tz0eJGdHNJ4GoFO871WXkyi46K:UO709itOTz0eE+9546K","tlshash":"13916d055ff26612eb2bcc3285557162f9e0493e791a533c68e2f6a13315df091bd40d","first_seen":"2025-12-21T06:47:35.012346Z","last_seen":"2025-12-29T08:55:44.158421Z","times_seen":5,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":119,"dns":73,"connect":19,"send":0,"wait":19,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"na.nawpush.com/tags/155061?version_name=d\u0026domain=get.bunkrr.su","fqdn":"na.nawpush.com","domain":"nawpush.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"na.nawpush.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 02:32:21 GMT","end":"Mon, 16 Feb 2026 02:32:20 GMT"},"fingerprint":{"sha1":"2B:B2:C7:E4:0C:35:8B:EA:A3:45:09:54:58:1F:96:D4:28:92:9E:24","sha256":"5D:DA:64:89:43:2F:60:A7:F1:43:BE:04:58:13:73:0E:73:99:6E:4B:50:A4:E4:06:23:B2:73:B0:E0:22:86:AF"}}},"request":{"raw":"GET /tags/155061?version_name=d\u0026domain=get.bunkrr.su HTTP/1.1\r\nHost: na.nawpush.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-type: application/json\r\nserver: nginx/1.24.0\r\ncache-control: max-age=300, public\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2574,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"97e32ffac6d3209f5a66c8f47dcd06d4","sha1":"15e5cfa94725cb48300ace10e25fa960b8027b13","sha256":"af48f59a9190709ece403b7e7f93ad2ea8d7fe4da8056c67f7cfb0f50f8706f8","sha512":"14c240206e2b5a393cc6776e255b10ad62b6dfea39079de1adc25cd4a2ea5c555282e623e65e419c084325823d95c4675433c4a5fc6cbc9488b47d80f3f01712","ssdeep":"","tlshash":"ef51a5e49674ecb6c0e0028684ca3f8d126822a7b0c8b85af5bc49bc05cf4661e6b11f","first_seen":"2025-09-09T09:11:50.720662Z","last_seen":"2026-01-01T21:00:23.985361Z","times_seen":14,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":135,"dns":88,"connect":19,"send":0,"wait":19,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"na.nawpush.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/advertising.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.capndr.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 12 Dec 2025 02:32:13 GMT","end":"Thu, 12 Mar 2026 02:32:12 GMT"},"fingerprint":{"sha1":"5D:9C:D7:15:7D:69:8C:F7:40:12:0E:10:F1:FF:68:59:A6:F6:E2:38","sha256":"7D:0B:09:36:73:70:FE:A2:CB:1A:80:52:3B:1A:C0:0D:64:38:DA:DC:AB:9E:7A:95:F4:55:F2:6A:A4:F0:A8:FE"}}},"request":{"raw":"GET /advertising.js HTTP/1.1\r\nHost: js.capndr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:27 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nlast-modified: Fri, 14 Jul 2023 08:23:25 GMT\r\netag: \"64b105fd-0\"\r\nexpires: Sat, 27 Dec 2025 07:02:27 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":79,"dns":31,"connect":21,"send":0,"wait":21,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/popunder-admanager/build.m.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.capndr.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 12 Dec 2025 02:32:13 GMT","end":"Thu, 12 Mar 2026 02:32:12 GMT"},"fingerprint":{"sha1":"5D:9C:D7:15:7D:69:8C:F7:40:12:0E:10:F1:FF:68:59:A6:F6:E2:38","sha256":"7D:0B:09:36:73:70:FE:A2:CB:1A:80:52:3B:1A:C0:0D:64:38:DA:DC:AB:9E:7A:95:F4:55:F2:6A:A4:F0:A8:FE"}}},"request":{"raw":"GET /popunder-admanager/build.m.js HTTP/1.1\r\nHost: js.capndr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Thu, 18 Dec 2025 08:08:09 GMT\r\netag: W/\"6943b669-196ee\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 27 Dec 2025 07:02:28 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104174,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d2f32802c43a8d95bb13e2bf58e3f0a4","sha1":"15246a9eb4cb7cde52369bd1fdc35908f5279d00","sha256":"4668d1c4351ace7e86b543c992cb17cdd15407847b207edf6dfab101ff57e25c","sha512":"1fe832cab8641e1fec4ef84f31ec835d53f51d757a93e56c58da574b1879e9d5b0822f14d9b7a8a2a02ef98a55fb8e5963fe69e74bc1d1144ac78c9556859951","ssdeep":"768:uAiyOOIGF3vRzxnR0i+bhLrhL5xub8JwfPsEIyp+dZIioT9FeWVbuoUfwqNl1iWJ:zOOlBB0FuM0Xi77Jc/sknkU8JRVUi","tlshash":"74a3298a32a1f4b006e244da943b0216f33e1929740e905cb7adddd5791ad4fa236f7e","first_seen":"2025-12-18T08:36:30.965351Z","last_seen":"2026-01-06T08:03:45.153096Z","times_seen":315,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=155061","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 11:47:47 GMT","end":"Sun, 08 Feb 2026 11:47:46 GMT"},"fingerprint":{"sha1":"05:1E:63:2F:40:1F:87:C3:0D:F0:42:C7:EA:E8:B1:D8:6F:76:7C:FC","sha256":"1C:13:0E:F6:58:8A:8C:D7:DE:1F:9F:20:D5:17:50:15:02:D5:C8:8E:39:40:68:3F:01:24:F2:73:14:BA:25:0F"}}},"request":{"raw":"POST /fp?tag_id=155061 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 1972\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1972,"data":"{\"timezoneOlson\":\"UTC\",\"incognito\":true,\"fonts\":{\"value\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"duration\":148},\"fontPreferences\":{\"value\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"duration\":135},\"languages\":{\"value\":[[\"en-US\"],[\"en-US\",\"en\"]],\"duration\":0},\"colorDepth\":{\"value\":24,\"duration\":0},\"deviceMemory\":{\"duration\":0},\"screenResolution\":{\"value\":[1280,1024],\"duration\":0},\"hardwareConcurrency\":{\"value\":48,\"duration\":0},\"timezone\":{\"value\":\"UTC\",\"duration\":16},\"sessionStorage\":{\"value\":true,\"duration\":0},\"localStorage\":{\"value\":true,\"duration\":0},\"indexedDB\":{\"value\":true,\"duration\":1},\"platform\":{\"value\":\"Win32\",\"duration\":0},\"plugins\":{\"value\":[{\"name\":\"PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Chrome PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Chromium PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Microsoft Edge PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"WebKit built-in PDF\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]}],\"duration\":0},\"vendor\":{\"value\":\"\",\"duration\":0},\"cookiesEnabled\":{\"value\":true,\"duration\":0},\"colorGamut\":{\"value\":\"srgb\",\"duration\":0},\"rendererUnmasked\":{\"value\":\"\",\"duration\":70},\"brand\":\"\",\"device\":\"\",\"os_type\":\"desktop\",\"os_family\":\"Windows\",\"front_browser_family\":\"Firefox\",\"front_browser_name\":\"Firefox 134\",\"pixel_ratio\":1}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sat, 27 Dec 2025 06:57:28 GMT\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 58\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://get.bunkrr.su\r\nSet-Cookie: id=4534323457873089491; Expires=Sun, 27 Dec 2026 06:57:28 GMT; Secure; SameSite=None\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c4efc1d6d16235d9433cd2565d887460","sha1":"22d069a5f536640e46122475c79db933e82d7f2e","sha256":"f0a6b8c736b7d8c5d3304a9ccd10d2114a0f25f2ba946cce62204df3384a131f","sha512":"af1cfe529f3173efdc7f4aff67355529095e775d8edb38d8a7c9565e09807aff470a465ffdf89ef6555f06cc88efa675823becc942896c63fa64a3140858f539","ssdeep":"","tlshash":"5ba00294c5c00e3c80200c3a73cf901628e4d304120217880ca66b5108822abe333c91","first_seen":"2025-07-26T17:44:43.174102Z","last_seen":"2026-04-05T07:14:52.513577Z","times_seen":6000,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":2,"connect":24,"send":0,"wait":28,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=dc115207-7c03-4674-8ac0-488e79377a65\u0026subid=2021707380\u0026spot_id=518958\u0026created_at=2025-12-27\u0026timezone=0\u0026ver=1.170.4","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 02:02:57 GMT","end":"Wed, 25 Mar 2026 02:02:56 GMT"},"fingerprint":{"sha1":"C4:80:D6:E8:F3:2B:FD:8A:89:D9:CF:8B:78:3F:74:35:34:B3:68:8A","sha256":"DF:07:A2:74:C6:6C:63:AA:37:DD:AA:4F:E0:F5:C5:D7:9C:B8:28:C4:9C:45:3F:F7:BC:1B:0A:AE:7F:38:FF:B1"}}},"request":{"raw":"GET /in/dip?event_id=dc115207-7c03-4674-8ac0-488e79377a65\u0026subid=2021707380\u0026spot_id=518958\u0026created_at=2025-12-27\u0026timezone=0\u0026ver=1.170.4 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 02:32:10 GMT","end":"Tue, 24 Feb 2026 02:32:09 GMT"},"fingerprint":{"sha1":"29:5C:89:52:D7:80:3C:68:75:40:DE:B6:BD:B5:5F:35:72:C7:1D:EF","sha256":"D8:38:DC:B0:0F:D6:AA:DF:02:2B:D2:7C:72:6A:97:38:42:7A:02:CE:89:F1:AE:0B:95:0B:DF:F4:4D:18:1E:DE"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 486\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-1e6\"\r\nexpires: Sun, 27 Dec 2026 06:57:29 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":486,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ceeb4e8840c24621c0e0352b42b38a5b","sha1":"03cbceb0134a39267014595938705e2916580644","sha256":"50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3","sha512":"80d4128488580567597ba5eb65dbff2dd4a8efc625c64cac6a027a1bb5c229545206669f04a50a252b54f471bee4fdc892e6bfe8347a50dd216bba67bd671a03","ssdeep":"","tlshash":"9bf00544191cd36c2a3c607afd74eb74a4074aa459226017cce447b08956811e856c1c","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-05T06:35:49.702084Z","times_seen":10797,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":101,"dns":56,"connect":20,"send":0,"wait":19,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bunkr.ph/fonts/inter.woff2","fqdn":"bunkr.ph","domain":"bunkr.ph","tld":"ph"},"ip":{"addr":"91.149.226.80","port":443,"asn":201744,"as":"ByteFlare LTD","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bunkr.ph","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 00:39:22 GMT","end":"Tue, 03 Feb 2026 00:39:21 GMT"},"fingerprint":{"sha1":"FB:06:2E:19:94:C9:26:24:51:96:7F:88:AA:BE:33:B3:A5:21:C1:95","sha256":"CC:0C:B0:B5:67:83:B6:E5:21:87:43:65:D9:5C:16:70:12:4D:99:3C:71:51:1C:5E:71:21:E4:4B:AD:FE:11:A3"}}},"request":{"raw":"GET /fonts/inter.woff2 HTTP/1.1\r\nHost: bunkr.ph\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://bunkr.ph/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Dec 2025 06:57:27 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 23692\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nLast-Modified: Mon, 23 Sep 2024 12:24:42 GMT\r\nX-Rate-Limit-Enabled: True\r\nX-Content-Type-Options: nosniff\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23692,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23692, version 1.0","md5":"f837d382a885a07c34a3d4bf4f49373d","sha1":"68ddceef1d164a48d9d01d4a74f26b7897323229","sha256":"dd05e326cf8eac3b55acecf29c842ed73e6e6dd06491cf47f7e8800680ab3e33","sha512":"ef010d89971c4f69af7bf541430364c56245a5b63ed730fe628e49f48fa9e201c7f42b1e104eb14c3193bf79dd7ce20244f6b963e9996eb8308c0d61f444ece6","ssdeep":"384:rfabeuzsqm+MAlOitodpHq9WS5TO+cig4RKuIc7OhiVaCcHKLgFT1GS:rfEeuzM+MFSoHqgS5TOjr+QTUVPuSQ5X","tlshash":"85b2e177a100a48ec93cc9ec53b1ea7b736f7941f02e5fad41fa50361c7e580a19a0a6","first_seen":"2024-08-02T10:23:33Z","last_seen":"2026-04-05T08:17:56.330613Z","times_seen":4429,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":11,"dns":1,"connect":2,"send":0,"wait":3,"receive":3,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.147.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:21 GMT","end":"Wed, 25 Feb 2026 15:57:20 GMT"},"fingerprint":{"sha1":"D5:E1:28:04:A2:5B:9C:21:BA:4A:37:C4:BB:E4:7D:93:53:75:26:02","sha256":"11:38:E4:46:CD:40:CF:56:D7:CE:A5:4A:87:26:DF:58:92:54:80:79:8D:FE:8D:33:0E:9D:5E:53:C9:19:6C:20"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:a_oHG7sqccW84YQCJkA7QbedjdVBNA:ZMOxZvUkYMjZBgxr; Expires=Mon, 27-Dec-2027 06:57:28 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-282535986:1766818648698933\u0026ifkv=Ac2yZaWYTt2_bGglWTjlAoGA5OA0u7AOZVngCHhAhW6CryhJGIcLbHcAVwowjNUTo8EZrtFkya-sbw\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: unsafe-none\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-BPpyuQyRAs9LsyfzTZZOtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":293,"timings":{"blocked":119,"dns":0,"connect":35,"send":0,"wait":54,"receive":1,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 02:32:10 GMT","end":"Tue, 24 Feb 2026 02:32:09 GMT"},"fingerprint":{"sha1":"29:5C:89:52:D7:80:3C:68:75:40:DE:B6:BD:B5:5F:35:72:C7:1D:EF","sha256":"D8:38:DC:B0:0F:D6:AA:DF:02:2B:D2:7C:72:6A:97:38:42:7A:02:CE:89:F1:AE:0B:95:0B:DF:F4:4D:18:1E:DE"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1066\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-42a\"\r\nexpires: Sun, 27 Dec 2026 06:57:29 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1066,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a11e13b2bd67bb9a6cb347d7c73df13","sha1":"b85460a33f9b229f42c08a6a94ae433a4d5c32ab","sha256":"1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56","sha512":"059dd018bbf13a669d73f07442288f165bc6b305afb0df955773a0efb7454b8204095196231179fab4cb625e189c7c735fe41dc5b67fb8666d584214277186e6","ssdeep":"","tlshash":"7511b56be46c4dfede41f0408dd80256f8324a5c8aaeaf39058bc7da4f584143a6f01a","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-05T06:35:49.70008Z","times_seen":10786,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":103,"dns":55,"connect":20,"send":0,"wait":19,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pointcontinentrtb.com/v1/track/impression?data=eyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImVuLVVTIiwiYXQiOjE3NjY4MTg2NDkwMjAsImJ2IjoiMTM0LjAuMCIsImNjIjowLCJjciI6MCwiY3JzIjowLCJjcnNlZyI6InVua25vd24iLCJjcyI6Ilczc2liQ0k2TUN3aWRDSTZJbTV2Ym1VaUxDSmtJam93ZlYwPSIsImN0cCI6ZmFsc2UsImN1IjoiaXArdWEiLCJkcCI6ImRpcmVjdCIsImR0IjoxNzY2OTA1MDQ5MDIwLCJlY3BhIjowLCJlciI6IjgzNTU5NDA0MjIzNzMzMTU1MTAiLCJlcyI6IjE3OTExIiwiaSI6IjMxNTE4OTYwOjE4NzoxMzAzOTY4NDU0OTM1MDM4OTc2Nzo4MTM0NzoyNTUxNzY6NjM3NzkyNjMxMTg1NDIyNTU3MToxOTUxMDo6IiwiaWNzIjowLCJpcCI6IjkxLjkwLjQyLjE1NCIsImlwdjYiOiI6OiIsImp0aSI6IjI2OWNiYWU4LTVmM2QtNGRlYi1iYmZhLWVmMGEyNTczMWMyMCIsInAiOjAuMDAwMDQ1LCJwciI6ZmFsc2UsInJwIjowLjAwMDA0NSwicyI6ZmFsc2UsInNkIjotMSwic3AiOiJ7fSIsInQiOiJpbnBhZ2VfYWR1bHRfbXFfdjI6Y3BjIiwidHAiOjAuMDAwNDgzNTU5NTQ2NzQ5MzAwNTYsInRyaWQiOiJ0Y2ItZHNwLWh6LTE3IiwidSI6Imh0dHBzOi8vYXNzZXRzLmFobXliaWQubmV0L2I1OGE2NjU1LTE4MGQtNDZhNS05NWRmLTM2MzRmM2IwYzlkNy5qcGciLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wIiwidWgiOiIyYzdiNzFhZmY2NGJhMDQ3YzE4ZTllZmRlYzcwNzI5MyIsInVpIjoiN2I2ZGFhNTYtNDFmNC01NjIwLWJlM2MtNzg2ZTg0ZGIwMjk5IiwidXIiOiIxODc6aW5wYWdlX2FkdWx0X21xX3YyOjMxNTE4OTYwOnRydWU6IiwidiI6IiIsInZmIjoiIn0.ZUCW1-lwB3opbrlHCdxcZ7zA2EXxRz2N42rQZ13eprc\u0026sp=4.5e-05","fqdn":"pointcontinentrtb.com","domain":"pointcontinentrtb.com","tld":"com"},"ip":{"addr":"148.251.254.36","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:29.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pointcontinentrtb.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 01:51:22 GMT","end":"Sun, 15 Mar 2026 01:51:21 GMT"},"fingerprint":{"sha1":"CB:20:B5:D9:74:2F:45:D3:B7:4F:C1:1B:44:A6:4F:E2:BC:96:A6:A3","sha256":"70:A4:86:51:73:57:83:47:D5:30:92:DC:C6:03:51:26:79:07:1B:D4:4C:0C:81:CC:35:FB:32:ED:CB:79:A1:5C"}}},"request":{"raw":"GET /v1/track/impression?data=eyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImVuLVVTIiwiYXQiOjE3NjY4MTg2NDkwMjAsImJ2IjoiMTM0LjAuMCIsImNjIjowLCJjciI6MCwiY3JzIjowLCJjcnNlZyI6InVua25vd24iLCJjcyI6Ilczc2liQ0k2TUN3aWRDSTZJbTV2Ym1VaUxDSmtJam93ZlYwPSIsImN0cCI6ZmFsc2UsImN1IjoiaXArdWEiLCJkcCI6ImRpcmVjdCIsImR0IjoxNzY2OTA1MDQ5MDIwLCJlY3BhIjowLCJlciI6IjgzNTU5NDA0MjIzNzMzMTU1MTAiLCJlcyI6IjE3OTExIiwiaSI6IjMxNTE4OTYwOjE4NzoxMzAzOTY4NDU0OTM1MDM4OTc2Nzo4MTM0NzoyNTUxNzY6NjM3NzkyNjMxMTg1NDIyNTU3MToxOTUxMDo6IiwiaWNzIjowLCJpcCI6IjkxLjkwLjQyLjE1NCIsImlwdjYiOiI6OiIsImp0aSI6IjI2OWNiYWU4LTVmM2QtNGRlYi1iYmZhLWVmMGEyNTczMWMyMCIsInAiOjAuMDAwMDQ1LCJwciI6ZmFsc2UsInJwIjowLjAwMDA0NSwicyI6ZmFsc2UsInNkIjotMSwic3AiOiJ7fSIsInQiOiJpbnBhZ2VfYWR1bHRfbXFfdjI6Y3BjIiwidHAiOjAuMDAwNDgzNTU5NTQ2NzQ5MzAwNTYsInRyaWQiOiJ0Y2ItZHNwLWh6LTE3IiwidSI6Imh0dHBzOi8vYXNzZXRzLmFobXliaWQubmV0L2I1OGE2NjU1LTE4MGQtNDZhNS05NWRmLTM2MzRmM2IwYzlkNy5qcGciLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wIiwidWgiOiIyYzdiNzFhZmY2NGJhMDQ3YzE4ZTllZmRlYzcwNzI5MyIsInVpIjoiN2I2ZGFhNTYtNDFmNC01NjIwLWJlM2MtNzg2ZTg0ZGIwMjk5IiwidXIiOiIxODc6aW5wYWdlX2FkdWx0X21xX3YyOjMxNTE4OTYwOnRydWU6IiwidiI6IiIsInZmIjoiIn0.ZUCW1-lwB3opbrlHCdxcZ7zA2EXxRz2N42rQZ13eprc\u0026sp=4.5e-05 HTTP/1.1\r\nHost: pointcontinentrtb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.24.0\r\nDate: Sat, 27 Dec 2025 06:57:29 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https://assets.ahmybid.net/b58a6655-180d-46a5-95df-3634f3b0c9d7.jpg\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4226,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":62,"dns":4,"connect":24,"send":0,"wait":24,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 02:02:57 GMT","end":"Wed, 25 Mar 2026 02:02:56 GMT"},"fingerprint":{"sha1":"C4:80:D6:E8:F3:2B:FD:8A:89:D9:CF:8B:78:3F:74:35:34:B3:68:8A","sha256":"DF:07:A2:74:C6:6C:63:AA:37:DD:AA:4F:E0:F5:C5:D7:9C:B8:28:C4:9C:45:3F:F7:BC:1B:0A:AE:7F:38:FF:B1"}}},"request":{"raw":"POST /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 90\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":90,"data":"{\"ad_tags\":\"Download%2Cmadison_skyy_6.mp4\",\"page\":\"https%3A//get.bunkrr.su/file/56775502\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-type: application/json\r\ncontent-length: 34\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fe7ae78a6299e7664446cc38d2732395","sha1":"55eb4208ed7777a586606549306f31a874cadd21","sha256":"a48bb749639192599189e9c767d345e6bfa3a2414a90d637672ac38c7ce8f6fc","sha512":"a5f085731c8bd9cf1d67f15f4d226184a063d58ea292e6beb67c401320e0c3b06f97ce2765c7cc6a02d3b7ccb179f14b9e98d0f4eb09522cf9d118ff15dc4df2","ssdeep":"","tlshash":"818004443105d435fc50714071004517505554015400cc1410710004470c3144045445","first_seen":"2025-08-24T14:36:24.312455Z","last_seen":"2026-04-04T13:32:32.725906Z","times_seen":69,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bunkr.ph/js/lv.js","fqdn":"bunkr.ph","domain":"bunkr.ph","tld":"ph"},"ip":{"addr":"91.149.226.80","port":443,"asn":201744,"as":"ByteFlare LTD","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:27.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bunkr.ph","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 00:39:22 GMT","end":"Tue, 03 Feb 2026 00:39:21 GMT"},"fingerprint":{"sha1":"FB:06:2E:19:94:C9:26:24:51:96:7F:88:AA:BE:33:B3:A5:21:C1:95","sha256":"CC:0C:B0:B5:67:83:B6:E5:21:87:43:65:D9:5C:16:70:12:4D:99:3C:71:51:1C:5E:71:21:E4:4B:AD:FE:11:A3"}}},"request":{"raw":"GET /js/lv.js HTTP/1.1\r\nHost: bunkr.ph\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Dec 2025 06:57:27 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Mon, 06 Jan 2025 20:30:04 GMT\r\nX-Rate-Limit-Enabled: True\r\nX-Content-Type-Options: nosniff\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2410,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"41f274e2642b9420f6efe07ae11b099e","sha1":"55158752256d379c27da8f9528e652ddfd56aa0d","sha256":"e1dd4c18cfcce709cb37c3fab0277fd556c31cf7c3ea9b060499e6664a160b43","sha512":"5663ff36285a977cd0e20791b083e9d596f4459c8d25ef8ee31af1211c4836b6e68fe8c4d6ba936c9cec2f5d0b2bb8b5156a124ccd88dacd113135b71f80dd07","ssdeep":"","tlshash":"4141eb5929e231f1153330be871b71423621a0936946cd157e8d93842f9a63eeaf5bce","first_seen":"2025-01-30T16:12:20.34901Z","last_seen":"2026-04-04T10:08:20.098486Z","times_seen":262,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":48,"dns":33,"connect":5,"send":0,"wait":3,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpushsdk.com/npc/sdk/wpu/npush.m.js","fqdn":"js.wpushsdk.com","domain":"wpushsdk.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.wpushsdk.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 07:32:11 GMT","end":"Sat, 31 Jan 2026 07:32:10 GMT"},"fingerprint":{"sha1":"5D:B0:51:22:B4:86:47:42:74:7D:68:50:E7:C9:08:D7:7B:41:91:8C","sha256":"09:01:AE:7A:8E:97:6A:90:A0:1C:ED:8A:B0:05:D4:B3:89:1C:C9:7F:8A:21:8B:8D:59:7F:5C:48:74:65:0E:99"}}},"request":{"raw":"GET /npc/sdk/wpu/npush.m.js HTTP/1.1\r\nHost: js.wpushsdk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Thu, 11 Dec 2025 12:18:11 GMT\r\netag: W/\"693ab683-3e7f7\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 27 Dec 2025 07:02:28 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: DS8137\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":255991,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5971e1aea23eb692c8ba321767e3d616","sha1":"573f09736f6f905afafc2c19c5f6eb4984aa9f80","sha256":"6cd87ca3f3fa6e118e5cdfca3e2f1120a9e2326574e3de7448aecdf8012ab8d5","sha512":"256c2cabfe3651ea7cc1410c5deea1944344a6442894e55b997ba7f3cb1af177a79cefff5e0d84bb65b27a8b7912a3dec518d8d64352ac3a22cb1e808ef24673","ssdeep":"3072:hfB/9Xkw+QIsv7iIB7xz2/3UepiBz3oQrcQ7clZyQ5CO3ABWV+PQc:hfF9XBz2scQ7iCOwBWV+Pj","tlshash":"88446cd1368478b40593c0aee0770201b2382609f52db56cbabddee96586dce2377f79","first_seen":"2025-12-11T16:15:42.321021Z","last_seen":"2026-01-29T09:34:31.743224Z","times_seen":825,"resource_available":true,"data":null}},"time_used":730,"timings":{"blocked":261,"dns":28,"connect":109,"send":0,"wait":210,"receive":0,"ssl":109},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"js.wpushsdk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=dc115207-7c03-4674-8ac0-488e79377a65\u0026subid=2021707380\u0026spot_id=518958\u0026created_at=2025-12-27\u0026timezone=0\u0026ver=1.170.4","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 02:02:57 GMT","end":"Wed, 25 Mar 2026 02:02:56 GMT"},"fingerprint":{"sha1":"C4:80:D6:E8:F3:2B:FD:8A:89:D9:CF:8B:78:3F:74:35:34:B3:68:8A","sha256":"DF:07:A2:74:C6:6C:63:AA:37:DD:AA:4F:E0:F5:C5:D7:9C:B8:28:C4:9C:45:3F:F7:BC:1B:0A:AE:7F:38:FF:B1"}}},"request":{"raw":"GET /in/dip?event_id=dc115207-7c03-4674-8ac0-488e79377a65\u0026subid=2021707380\u0026spot_id=518958\u0026created_at=2025-12-27\u0026timezone=0\u0026ver=1.170.4 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:28 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T09:47:05.247441Z","times_seen":13369813,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-26","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"86c6dd5578.0fcf105177.com/in/multy","fqdn":"86c6dd5578.0fcf105177.com","domain":"0fcf105177.com","tld":"com"},"ip":{"addr":"94.130.198.6","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://get.bunkrr.su/file/56775502","date":"2025-12-27T06:57:28.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"0fcf105177.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Dec 2025 14:04:15 GMT","end":"Mon, 23 Mar 2026 14:04:14 GMT"},"fingerprint":{"sha1":"29:B4:01:B6:87:D2:83:2D:E4:FA:DC:2B:3F:A0:C9:13:06:D4:94:A9","sha256":"04:67:F4:DD:27:99:71:79:1B:3F:B1:11:3D:C0:30:17:4F:2C:1D:0A:7E:3B:07:B3:8C:23:11:53:7A:DC:87:8B"}}},"request":{"raw":"POST /in/multy HTTP/1.1\r\nHost: 86c6dd5578.0fcf105177.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://get.bunkrr.su/\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 2070\r\nOrigin: https://get.bunkrr.su\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2070,"data":"{\"imp\":[{\"ext\":{\"utm1\":\"\",\"utm2\":\"\",\"utm4\":\"\",\"refdomain\":\"\",\"labels\":\"\",\"tcid\":0,\"site\":\"native-push\",\"screen_resolution\":\"1280x1024\",\"ve\":\"\",\"mo\":\"\",\"format\":\"default-view-b_r-body\",\"idzone\":0,\"testab\":0,\"timezone_olson\":\"UTC\",\"blocked_verticals\":\"\",\"after_video\":0,\"tu\":1,\"mm\":0,\"skins\":null,\"st\":0.02,\"spot_id\":518960,\"timezone\":0,\"subid\":\"1122206845\",\"wl\":1,\"event_id\":\"d73129db-a4a0-489d-87e8-f49da670351c\",\"sid\":3328635113,\"created_at\":\"2025-12-27\",\"ver\":\"8.244.2\",\"is_native\":1,\"device_theme\":\"light\",\"ad_tags\":\"Download%2Cmadison_skyy_6.mp4\",\"user_keywords\":\"\",\"v2_track\":0,\"default_keywords\":\"\",\"tag_ab\":\"d\",\"suggestive\":0,\"v2\":0,\"features\":\"\",\"yfriendly_always\":false,\"is_iframe\":false,\"approved_mainstream\":0,\"default\":1},\"pext\":{\"ab\":0},\"metrics\":{\"topics\":[],\"prev_step_diff\":926}}],\"site\":{\"id\":\"518960\",\"cat\":[\"IAB25-3\"],\"page\":\"https%3A//get.bunkrr.su/file/56775502\",\"is_publisher\":true,\"ct\":0,\"ctid\":1,\"script_type\":\"general\",\"auc_domain_type\":\"hash\"},\"ext\":{\"dt\":1766818648793},\"user\":{\"fp\":0,\"fp_str\":\"\",\"ua_data\":null,\"events\":[],\"interest_ids\":[],\"click_status\":\"unknown\",\"keywords_history\":{\"keywords\":[{\"keyword\":\"Torrents\",\"counter\":1},{\"keyword\":\"Movies\",\"counter\":1}],\"pages_count\":1},\"is_webview\":false,\"is_inapp\":false,\"telegram\":{\"user_id\":0,\"username\":\"\",\"is_premium\":false,\"color_scheme\":\"\",\"wallet_address\":\"\",\"wallet_balance\":\"\"},\"social_network\":\"\",\"audiences_ids\":[]},\"device\":{\"w\":1280,\"h\":1024},\"fp_params\":{\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"languages\":[\"en-US\",\"en\"],\"fonts\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"fontPreferences\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"platform\":\"Win32\",\"colorDepth\":24,\"deviceMemory\":0,\"hardwareConcurrency\":48,\"indexedDB\":true,\"sessionStorage\":true,\"localStorage\":true,\"cookiesEnabled\":true,\"colorGamut\":\"srgb\"},\"cached_mislead_offer\":{\"track_click_url\":\"\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Sat, 27 Dec 2025 06:57:29 GMT\r\ncontent-type: application/json\r\ncontent-length: 7222\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":66019,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"200e53deaa74290447d94b9b8573bb3a","sha1":"1148c946201343030198aa63934e3f6d894cfcca","sha256":"635c5116bab944afbaf0d70e6d435b48126bbd58a035dbc7466d651824181d1e","sha512":"d831e00a4e76ec8e947cf810da62d019b0512d08caee5a57f07b56f43cf17df46699befed8110fc8ddbf0d6f4cd306c46cec4cf80052db1b2f5878ec8412ef43","ssdeep":"768:SXB+XjXvmLjJmLjNXjXvmLjiXjXvmLjwXjXvmLjJXjXjPXjXvmLjoXjXvmLjNNeq:EBAjvisjvHjvljv0jjPjvljv0NDhx","tlshash":"b3537da31c73de632cf6572ba10bba5636c4c2071ec6089ccaf1856d996575f328b78c","first_seen":"2025-12-27T06:57:56.21027Z","last_seen":"2025-12-27T06:57:56.21027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}