{"report_id":"84cd04e4-8caf-4e89-bbcd-c0e1b9cdb28a","version":6,"status":"done","tags":[],"date":"2025-12-19T03:32:08Z","url":{"schema":"http","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"title":"Ставки на спорт ᐉ Онлайн Парі на Гроші в Україні Parik24","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-23T03:32:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-19T03:31:45Z","timestamp":1766115105,"ip_dst":{"addr":"54.240.174.81","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.5","port":51384,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI)","source":"{\"timestamp\":\"2025-12-19T03:31:45.417560+0000\",\"flow_id\":385837432917360,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":51384,\"dest_ip\":\"54.240.174.81\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049251,\"rev\":1,\"signature\":\"ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_11_17\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_17\"]}},\"tls\":{\"sni\":\"openfpcdn.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":4622,\"start\":\"2025-12-19T03:31:45.413040+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"bonus.24parik.win","ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-13","domain_rank":0,"first_seen":"2025-12-16T17:31:36.797309Z","last_seen":"2025-12-16T17:31:36.797309Z","alert_count":43,"request_count":43,"received_data":4745757,"sent_data":23715,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.1.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"openfpcdn.io","ip":{"addr":"54.240.174.81","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-11-10","domain_rank":9255,"first_seen":"2021-11-11T13:02:44Z","last_seen":"2025-12-15T08:24:00.574542Z","alert_count":0,"request_count":1,"received_data":39555,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9829149774dc288ce3bc6f96fa0ff813","sha1":"7ffbb0605b0f288bebf2f9e03967c966ae78b0de","sha256":"2464915a783d3762da3b474aea03a0d051e7526f7779482aff5e263d09a95b9e","sha512":"8d9fb5e0c829d39b077b0a8a4acaf24efa8dbe911e95f7942908c91c2fdeb08087306c9d2e72b0a8d8c1fa8864f383841bf63928f842006b282dadc3ead9cbac","ssdeep":"","tlshash":"11c092a1b013919921f3508692977280a93221833230c0faf58fb0493f2ad8f5eef6d4","size":154,"data":"","first_seen":"2023-10-29T14:17:32Z","last_seen":"2026-05-04T21:31:42.165626Z","times_seen":131,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"48ee84bd1a3c72ae881ea806127494ad","sha1":"7ed6981389b9e57ae1a6f653f53cfd23d868cdd5","sha256":"2cda037bf95d34e805bd3a710d7cec12b97a7e0a676d38059df143808eb07fb5","sha512":"e29bed36ef4d1315bb4e4f2abb2210e79271eef0581c0ab0056a36a75e2e8152ae1edffec3b68adf2c89cda5e7b09576fd44e57b79677bf4ccb8bd17b3bc81f3","ssdeep":"","tlshash":"10d05eaf1966193415bbb0e15f1ffa88252b009b1442dc10bf9dda40af20a6f9399a99","size":289,"data":"","first_seen":"2025-06-16T14:44:18.23431Z","last_seen":"2026-05-04T21:31:42.166628Z","times_seen":120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ff08e02d2a21d7ea1e205e4cdebe7097","sha1":"67a4faf4a14dc0264f4155f4b1c9ed8e6fea6b8c","sha256":"8fcc77173b3f66b9312e633a174c07c25e1b2543c012ea2344713a4ae22e1ad5","sha512":"f75992ec9429a6313eefcd5542cfad20b95ec589426ed7673acdd7fe2b6ecce2080d2d8bbc6e41d35b3c3d16e4cb8bcb646d371a5dd6295dc423249c9d927901","ssdeep":"","tlshash":"81c012482ba60827003b34fb4adfb008302a827313888c103e8c55a29f6132966e1b88","size":183,"data":"","first_seen":"2024-04-20T18:55:20Z","last_seen":"2026-05-05T02:32:00.47942Z","times_seen":199,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f80849479b05502f4c2ad481030cf0c","sha1":"fa3cf6d309f8e4358e4cd1f08e842c918ff6ff19","sha256":"fd07b5d4e70fd2a2012307cac9c222915266721681eab4e6cd756ea868e7e36f","sha512":"a3deaee8ffb1ded3e765ce32cc6e60c92a85d5a42f8ae5efe358b60a7a08cc3e8794369e8da39e87a2ed9e17dd9b42a5e57c0ed86ecda7540456997a9d3ff0f5","ssdeep":"","tlshash":"ab31ce8e3aa2656235f3f41d279b72482133415f10cec8187d0d42a11f68e1e89f5bcd","size":1711,"data":"","first_seen":"2025-12-19T03:32:14.791424Z","last_seen":"2025-12-19T03:32:14.791424Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/framework/assets/jquery-3.1.1.min.js","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","size":86709,"data":"","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-05-05T15:11:42.738009Z","times_seen":140642,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/common/forms/dist/index.js?v=1.006","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9492023682c11f62a770be3ff35402cb","sha1":"44f0db545a3f66d6d00977ec0e3679c307507001","sha256":"1803fb663dfc0a0f52c0442279da29d70ded1b8070abe65ce9bb00818deaaaae","sha512":"39022baa108e2042419208071792d5d444897e0c8f4737b89303886313793b6f2f60301b88cdce7ce49474275b9e81bc4e75ed8ec42766557f0ed59b45812100","ssdeep":"192:QvbkESAMDfygoVg0LY78m4XMK52w4U7prvk3lzDBsForEyc:abkOKfyNDLCV4XMrw9g3FlsForEyc","tlshash":"d012b51c33947dfb03dba1fa501b6505f273882578469090a338dafa3d34d8e5262b6f","size":9089,"data":"","first_seen":"2025-10-30T11:31:39.257497Z","last_seen":"2026-01-19T21:48:02.060803Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/common/js/forms_redirect_p_so_mb_v2.js?v=2.006","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"66514e4770061685574921fa1e75dc27","sha1":"fc209ecf8b4bb2b6fa67bf3f68c9d970e57aefbc","sha256":"efd2f94c85979dde2ae5be51be6d7809a90e8839159213742de57338f701b371","sha512":"746c6b4255dc4b184c62058ee073bf3e6a3f64086716947141db6438c51228fad421bacdff245e960b6e91bf2458f50e410d1130f7636cd6eadce6dd9e7c25ef","ssdeep":"","tlshash":"0d41615c75d3716311b3d47d748bba08b037a41a264cf6b2f89c83881f2427842a3b8a","size":2074,"data":"","first_seen":"2025-10-29T09:01:43.625857Z","last_seen":"2026-05-03T20:01:46.504149Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.js?v=2.003","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7bbee01a840511f618898afde52b72ab","sha1":"f4638e5e576eff0ce1c9780e9aa9de736bfa9482","sha256":"a671013b2c1e3cf894fedbc475029176761f33a4378c6997fdc65b0961b23486","sha512":"90d10e1690c25fe4a6b6084a811619c6a623cc3c3f84ef0378a0bcf886eae55cd8861b58d0848b40a7caf94d564e828e6fc428b35384a8a49eacc7c0feec8056","ssdeep":"3072:a3fvXsrefzOSTCG+Gb2vPDsXKbIZpTYZVP2QBY4l:CMeLHCGBbwEKUP+","tlshash":"462409cd328570b243eb727a403f510fb237289a680e8414b569d8e93d78e996277f7d","size":218776,"data":"","first_seen":"2025-12-19T03:32:14.731286Z","last_seen":"2026-05-03T20:01:46.099671Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/mtapi/js/v2/mlibrary.js","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"46415bda7a1cd151c434cce69fceef08","sha1":"ee99b60119387d02e9e9cf9baf46b892dc9abdcc","sha256":"f574261d44074675f003ffcf83f3779bc681eca0bec598e394618b478296c1cc","sha512":"1ed63ada55dd141c32ec8264f5092ad7829ebc95fcb517a45850fccaead868dd9c7b84ed459e1efab20ca80e6fde31af2d8197531f8ae28c5201535ffcb15977","ssdeep":"1536:gg29q26JOSqE/5E3lVq/367zNxYLpCbm+ftuiDDSVtpIcejxZKT8iCynre:glKqE/eK6nnipCbmpjqjxZKT8Are","tlshash":"6ca3f89ca3847c8177866beb771bb0e0f899189ab6494c4af4c4fc0c7191737e5e4a36","size":105627,"data":"","first_seen":"2025-10-16T04:32:05.56778Z","last_seen":"2026-01-04T15:31:46.080418Z","times_seen":233,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3140d10a6169c24a6153bd2f9e1ef6d5","sha1":"9f71cadeb335aadfc41ef889f08aace8104172b9","sha256":"bd7140e321e230ba0d930fd41fe5d8d927949ffeacef08582584368e82f809ad","sha512":"5db24156a80d5e878273c45862d8d97b566b35b36773e8cc289e9e2ca4c03f3e0ff78a8decb77ce333111909aac958696ae1b6db54899c1c775cf55af84aa3d2","ssdeep":"","tlshash":"48e0c010ba1418388133c019276eb306513566b7e500c4303a3c9fbdbf5da0b85707d9","size":376,"data":"","first_seen":"2025-04-26T09:05:33.866249Z","last_seen":"2026-05-05T02:32:00.483429Z","times_seen":273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"53595549bf9ff8995ec5b85736964d1c","sha1":"ece3909a3cd8e476e29751a416cb17f2f53c2c2a","sha256":"2cbf5c88a117428ec7d55cf30100fdd0af6a220974fee18b3bdbd4e696fa1395","sha512":"b1f274846bb23f9d31a715b7c0b488366d15235e67dd30b9fe020f51740d443f7fea228bc6799c619d8422bd024063be110f990b4a020902fa60183b56b6dbfc","ssdeep":"","tlshash":"a6c08ce62a4a140185b830154b833b4a26330177100888817f2cc2462f20003c0b43e8","size":158,"data":"","first_seen":"2025-05-31T05:31:21.377466Z","last_seen":"2026-05-04T21:31:42.172993Z","times_seen":132,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e828e47e4aa9899e0f00d1d2cddeee6e","sha1":"d364153f2899c8655207869aada6f39fa9ebb517","sha256":"ddc80ee1fa2b1541a468ea5224201cee48fb43d24a54b3f3da43ef582bfbf5dc","sha512":"04e3f42fdd635237a030624014ce643168c69bcd88f939b561f0b29d4c3becbc8684ffbb20046b64705826fd2b76eb9b095a5cc0ddc63c52b06886cc38256bc8","ssdeep":"","tlshash":"28e0c603bc8a88580a3b0a678bbb93692082310f18928404b8adc0d82f10dc94687b9c","size":390,"data":"","first_seen":"2025-07-19T18:44:56.48551Z","last_seen":"2026-05-04T21:31:42.173816Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c7991fb6e6919c120c0599927588b831","sha1":"4dde996978bbb7cf394065a4e19c69f43c66b888","sha256":"c1f88da357df1909ab8c22c9960c3044d012fd2d898cca7379f87b653d0cd6e8","sha512":"b8cdf8086c348e29c66becb651e9c0aa0510be813929ed169955fbf8208096fe19b307f4b4d31751e58d4d649df1a93551abfb9fddf14796ee7a0fd0e890c2a9","ssdeep":"","tlshash":"b9e02625479204a829b374a4da0af540e571603b310cca02fe5cbe41df8cf2c39f2f94","size":394,"data":"","first_seen":"2023-10-29T14:17:32Z","last_seen":"2026-05-04T21:31:42.176309Z","times_seen":163,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/common/js/authHelper.js?v=2.004","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"24dcdf34a17bac123c1a06b1463db597","sha1":"f06de128d0c61bd9ea21a7d6853ff7264b019e43","sha256":"ec85bb5194778287047264dcbf761f43ca404cfea708109b703fc9ff91de3e0e","sha512":"42a38833c9a1d70e936e5450b1fd9ae5f69a36bf08ce2d307de7afd2e8a0fe47bcbb6762fcff8937e31eda1a1d932b3bee5c8a6d7acb092c3373c36b746aa2b7","ssdeep":"768:7y/i7RKzezjIAoMRcPdykJ8dx7XVak5gb+bBy/3EXh8+J42k:757YEIr+cPokWVXIkm3","tlshash":"2ee2d85d26b6213201b3a0fb69872e04313340237a59ed55bb7c42942fca51fab72bdf","size":32859,"data":"","first_seen":"2025-07-12T20:02:06.296273Z","last_seen":"2026-01-19T21:48:02.056325Z","times_seen":112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/fingerprintjs/v4","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"54.240.174.81","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dbedc7274a2f03b28cab86a88c50684f","sha1":"c69c09de367560625ade11e042cbc15defa8b283","sha256":"dceecee491e0029e101d4d1e77318c115fe2433ff681ba864e4afa091801b2f4","sha512":"42f6696c97e492e4c31009edfde9f4f2cddaba8d3ce984ad394e5e3d139746482f6c5346f313a183944982704894189a320ecc3c11e25e1d4acca6d7f35df4d3","ssdeep":"384:NxcDKdRZKgEaMRMBp5iKQID95wH3KqwzrWmKj5+pCqNFaiE8E0QIQfJWbkhGYKom:EaRBp5Kjnc9NwlJWbhSu9A8","tlshash":"930316d8b2c3b06e227368b5407f6006b23a7d54346d8842c523e5d57ca9e6e913bfbc","size":38855,"data":"","first_seen":"2025-04-11T02:03:59.120104Z","last_seen":"2026-05-05T04:28:55.286285Z","times_seen":1820,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/vendor.js?v=2.003","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"de06d5306079c6822acac2aec019075b","sha1":"0cc1f0d2eb22159c3ee2971c5a7c05d30b969035","sha256":"aebfaca0abecbf8be689c72ba9fd36e7d2f389e05e0d5ccc460b74e7a5c38754","sha512":"111223820d0a7795493c2b1490423ba10cdb4c86e5cbc58b1332572929c1eaa1ce44f7c50650537ae866ded2d0f91349c773dd62469de841d889437a60425c7f","ssdeep":"1536:yLiBgPWGdWLOczB4bx60BWEVkWGhXmlagpDHcdEr88HBj2jquHBmEO+kV3gcJ:PdYagZc6mJs3gcJ","tlshash":"4a831add72c7b06247a771ba007f550bf2361999684d8410f129e4e9bc78b8a823bf7d","size":88450,"data":"","first_seen":"2023-03-12T07:45:33Z","last_seen":"2026-05-05T02:32:00.287028Z","times_seen":365,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bonus.24parik.win/mtapi/promo/timestamp","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /mtapi/promo/timestamp HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Origin, Origin,Accept-Encoding\r\nx-krakend: Version 1.0\r\nx-krakend-completed: false\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-d0c15bcd-4a97-435e-879c-403235d8e739\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zgvYd%2FYI5Mrc63HkmNJhMggAV%2BYEncBoGJDlZy0hWxBjLwGJomZicW3A2qQ4Lc0kINb9OQV8t9meVOqAEBU1xoOrqFOORoOPb%2FJl%2FBuO8V2x\"}]}\r\ncf-ray: 9b03d42f48261ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b52202132c1f140e89903b1d00ef0231","sha1":"5fd803a0d11844382b07d7f0091f35c9a8be6af8","sha256":"d04444b2a282cc35fec492cc352649762d76535e1b3b38bcc0e9a11ba2780fd6","sha512":"b11ce72ff425174143df647704d9cfc9b94da60ec96a61efaf5f71f4e8aee97677af7daf58b11e590fc607a0c7610406782a2393e2ec4648e1dd1d2f30175e57","ssdeep":"","tlshash":"a7a022c0202028a8a00fa8238c0030ecab0cf32b08b0a022288883800cfcc323208283","first_seen":"2025-12-19T03:32:14.723181Z","last_seen":"2025-12-19T03:32:14.723181Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-sprite2.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-sprite2.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"18484-64189df1f9bc5\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-a0d15bf0-4ba3-4437-9968-4777ad458e71\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bz7awPohld8TOfLGwxytSE6mBi6fA8QBDynfCpvbzxsSVEJwxNsbtqqm9VYbPdQVdG%2Bc4SRDIyWz2J32P4J24nVv3Qq3Ee2fos5ejxsRhJ2s\"}]}\r\ncf-ray: 9b03d42fe8421ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99460,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 680 x 680, 8-bit colormap, non-interlaced","md5":"cf0b391452faff58732bead5a0c6a0b6","sha1":"086ec3c5e9f41574bfb1333c1a896c7bd1e6e7e7","sha256":"73fbf448703f3f1e0d0e6ef2f11f125c6f15b9cac2e561fb0fa26d6b21aa118d","sha512":"55e495931b290f305d606ba8dee1942daf9f0292b9c6ad7b0a52b8ea4028cc38ebb54467d9536789f7706e2281778f49b815496f20d58b1f02d4990822a0ccca","ssdeep":"3072:2TXjuHH2QMBmkJD6VDe/WIScYBT0KXJMmk:ijIH2QMAHHXcvKZk","tlshash":"07a312f4ca59bfb079b8a344c77c2fcbcab30d6e143534666c3922664d10a63ae70587","first_seen":"2025-06-16T19:32:53.294727Z","last_seen":"2026-05-03T20:01:46.483712Z","times_seen":40,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/money-win.mp3","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/money-win.mp3 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 54887\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"d667-64189df1f612d\"\r\nray-id: 867fdbf776-r2km6-1a64d537-d2e0-4401-b590-42180a99c231\r\ncf-ipcountry: NO\r\ncontent-range: bytes 0-54886/54887\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P%2BGNwZv86rY9KwjxBpyHuk1szLsK9%2Fgczu2QMpIbPpsMZJuOYXCZ0D3syAVGVepj1lqIN7g6N7fU%2FPYXQezBcDcgq%2B95XIp0%2BliZgGD8dgTg\"}]}\r\ncf-ray: 9b03d430d8781ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54887,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"3cb2981dc3f7469315bae93ddd82c0fe","sha1":"e5110ba0db6aca6db58db067903b93d6bb7a789c","sha256":"9675a1cc6f355e7dd7f08f17d2132873418b3382e61f923f346f362cb2f75277","sha512":"57d048af83172015f5fbb374ef41c8994bd343748d93df2a13b76017be26a935b5448f336edcd5f3f27503e3973131038f49977104cc067187dbe00d4faa1e7e","ssdeep":"768:mNToaBgofinKkKwXrLh7t8H5XqJCXA4tpspGx4PUPjUBOEoQLpJjAjXS9AD2WtMg:myPKwX505acQ4tpgGYYwY6LpvAqWtL","tlshash":"7633d0a7cb514114f63d1bbe62a37509c3887c469189bfcfba9ec7606f4b0602f54b46","first_seen":"2024-06-24T07:52:30Z","last_seen":"2026-05-03T20:01:46.497687Z","times_seen":56,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.js?v=2.003","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/bundle.js?v=2.003 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 20 Nov 2025 16:30:32 GMT\r\netag: \"35698-64409373b4f42-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-3e3769fe-adce-49c3-85b5-98f5c91de865\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=poFRVUBD7ICtHDj2wcKikYbnsrbp412rrJgRVFWxBZ5LDzQVRN1aI2PCBNkVRHQX42WlmkyrIlI%2BQwu9N9XjlBzyVN8Y98Mdcxo3Aftq2rZk\"}]}\r\ncf-ray: 9b03d42d8fd21ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":218776,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33133)","md5":"7bbee01a840511f618898afde52b72ab","sha1":"f4638e5e576eff0ce1c9780e9aa9de736bfa9482","sha256":"a671013b2c1e3cf894fedbc475029176761f33a4378c6997fdc65b0961b23486","sha512":"90d10e1690c25fe4a6b6084a811619c6a623cc3c3f84ef0378a0bcf886eae55cd8861b58d0848b40a7caf94d564e828e6fc428b35384a8a49eacc7c0feec8056","ssdeep":"3072:a3fvXsrefzOSTCG+Gb2vPDsXKbIZpTYZVP2QBY4l:CMeLHCGBbwEKUP+","tlshash":"462409cd328570b243eb727a403f510fb237289a680e8414b569d8e93d78e996277f7d","first_seen":"2025-12-19T03:32:14.731286Z","last_seen":"2026-05-03T20:01:46.099671Z","times_seen":12,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/fonts/FiraSans-Bold.woff2","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/fonts/FiraSans-Bold.woff2 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 137612\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"2198c-64189df1dee17\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-fwvxg-1f3b510b-db5a-4ea7-93f0-b54c9447710e\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SjXXiDIZ2YuAXIFUKkUNl50dCJBgw9PjRb6vuNkU%2FRs8fWbgDx1PSQMWFLl%2BuqidU2Ro%2BqtgcExmPluSCn1Fe62sIHlkNDNzmtJYcpSwPmxs\"}]}\r\ncf-ray: 9b03d42ff8451ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":137612,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 137612, version 1.0","md5":"fcf36a609258b031f3fde56261b546b8","sha1":"6be51fc1026c264f214f0c604409472ed3fd7b00","sha256":"ce5f27b27c4a5d6ae88fe6dfad039d88a37c1e53afa7603af73ca086ba518f1e","sha512":"b9980cf8a5415efe7606fb6ea4a3666bfb9f2c265a6cb8801f170aa7c83c4ed7deb300ac84413400b704221adf34ba7f4877d2b287cdb6d22d9ecec8311cffec","ssdeep":"3072:f315eqP0sZgYXV4JuzJu18ZN3W85bV+Lsa29cvk9kIGL+bQ2bYo9HL2n:f3ik0sZvEuzA105nu+hGKvEo9m","tlshash":"37d312e7cd03679e3d912d9968279f0b8ef32a52bca55790dccffa131da04d161a041e","first_seen":"2025-02-03T20:58:11.637338Z","last_seen":"2026-05-03T20:01:46.460094Z","times_seen":65,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/framework/frontend/images/telegram.svg","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /framework/frontend/images/telegram.svg HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:17 GMT\r\netag: W/\"413-64189de59bc41\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-f47444da-8b2e-4aab-b89b-125b3104ddb8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GpUOrQGWsPPpcqGAv2JYVZHRG%2BD%2BVIz06sED9ZOqH9rmGWIMX%2Bi%2FNu2sizwDn%2Bh%2BoFSNawp2%2BhPWo6Ip2Wd5ISjCQEy0RzpKgsrm8j%2F%2BK43r\"}]}\r\ncf-ray: 9b03d42d8fcb1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1043,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"172d8c198965a353e8c54385770dec39","sha1":"91c2768d64961b432823e5f2706f25acbcdb93c4","sha256":"b00656dc1b51ef4fa87c686193c7be849ac07a2aa0e8aaea4f7bc2598ea94e75","sha512":"85a3da3e4a4ef49663ee29314f45402397262cde0314bd12cd34d046e98c5d9f3d543af4ba8428dedcd05c2acc577a1b15a2bdcc314be56e562849eecc18466a","ssdeep":"","tlshash":"b0111fb662b862a8fc808344d67130a919bf3afa5d32c0844b85ca82c3579bf5c449c1","first_seen":"2025-05-31T05:31:21.342225Z","last_seen":"2026-05-04T21:31:42.098521Z","times_seen":164,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/common/js/forms_redirect_p_so_mb_v2.js?v=2.006","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /common/js/forms_redirect_p_so_mb_v2.js?v=2.006 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 895\r\nserver: cloudflare\r\nlast-modified: Tue, 28 Oct 2025 10:24:42 GMT\r\netag: \"81a-642356c91d2b0-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-sxqwq-8f7e5075-6d04-49c8-9ad6-f063d5642b8f\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TpqRDAvxaVN71ybJUFqKtmYPt8lGqVfguPTvNe%2FoiJDHW8X80lYwapAzKDgRLQ0LspoIY0vHxSBsFfI045V38GjFz1n%2FMCpLK0NPlr2O87lq\"}]}\r\ncf-ray: 9b03d42d9fd71ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2074,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"66514e4770061685574921fa1e75dc27","sha1":"fc209ecf8b4bb2b6fa67bf3f68c9d970e57aefbc","sha256":"efd2f94c85979dde2ae5be51be6d7809a90e8839159213742de57338f701b371","sha512":"746c6b4255dc4b184c62058ee073bf3e6a3f64086716947141db6438c51228fad421bacdff245e960b6e91bf2458f50e410d1130f7636cd6eadce6dd9e7c25ef","ssdeep":"","tlshash":"0d41615c75d3716311b3d47d748bba08b037a41a264cf6b2f89c83881f2427842a3b8a","first_seen":"2025-10-29T09:01:43.625857Z","last_seen":"2026-05-03T20:01:46.504149Z","times_seen":59,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/common/js/authHelper.js?v=2.004","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /common/js/authHelper.js?v=2.004 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 7895\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:15 GMT\r\netag: \"80ac-64189de3e58a3-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-7bb23e7e-e74f-45fd-924e-23f15b89a7ef\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QtxRWBqrcMlRuSVeBRHxfJ1l%2BpWemPDeK9Qdn%2F1%2F3LqjP41Z2EMfBjS65d8P0lGukGVZpk1iMY%2Bsep2UHg11hTVGh2XxLoocoElzcfHF%2B9nY\"}]}\r\ncf-ray: 9b03d42d9fd51ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32940,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text","md5":"24dcdf34a17bac123c1a06b1463db597","sha1":"f06de128d0c61bd9ea21a7d6853ff7264b019e43","sha256":"ec85bb5194778287047264dcbf761f43ca404cfea708109b703fc9ff91de3e0e","sha512":"42a38833c9a1d70e936e5450b1fd9ae5f69a36bf08ce2d307de7afd2e8a0fe47bcbb6762fcff8937e31eda1a1d932b3bee5c8a6d7acb092c3373c36b746aa2b7","ssdeep":"768:7y/i7RKzezjIAoMRcPdykJ8dx7XVak5gb+bBy/3EXh8+J42k:757YEIr+cPokWVXIkm3","tlshash":"2ee2d85d26b6213201b3a0fb69872e04313340237a59ed55bb7c42942fca51fab72bdf","first_seen":"2025-07-12T20:02:06.296273Z","last_seen":"2026-01-19T21:48:02.056325Z","times_seen":112,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/fonts/on.svg","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/fonts/on.svg HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"718-64189df1efb9e\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-sxqwq-41ab6a7b-3495-46e6-8c82-1d6bb012a964\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=05wBoFeW%2BBQX3kCjFi1uuobjLI0GJjUYZdMqobx9W%2FMk615rhKs%2BdQpb30C5KcDkRVQuUvbnyL4V1gXStqAKkRVGdNL8xHFjXlNRTUwByZ8H\"}]}\r\ncf-ray: 9b03d42fd83b1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1816,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5fcb569b63ee3abf114c5e4f0d8b682c","sha1":"adb60e55d4d8a9d2341df38610e69a35bfe97342","sha256":"59736b646d736a20235066184d655c7b513c653587ba4d583ddd42f23590f849","sha512":"62d7c8063846881cfc47150cd2198aa05055f9ed53954ba681bc31ffe988e613bf7aac71661e9f815cf8a00baffa34428d53297074d55b89aceb9dfaf932f055","ssdeep":"","tlshash":"ed311be84a71338c548f8f74ef242472076eb47bf176028cbdae62288817942f99b814","first_seen":"2024-06-24T07:52:30Z","last_seen":"2026-05-03T20:01:46.515575Z","times_seen":68,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/title-bg.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/title-bg.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"d3ad-64189df1f93f5\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-f6d3cb96-16e1-4056-9770-f47e391c7847\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jAl2iIrr0E0mQA9RnOLUEInPtvIHx1lelSIHCaj35oT5d2pOjIhUbZJIRh76UyAgO87Yn2NiSHU5QOKlgPJ9%2FIky0ylc%2FgevfyZ7h3OCMged\"}]}\r\ncf-ray: 9b03d42fd83c1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54189,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 868 x 264, 8-bit colormap, non-interlaced","md5":"e8cf8244b5b67291f21e5092708ecb25","sha1":"01c13ed5119910e1a1d2c86828867f6e644c8773","sha256":"456260a08138056b1cf829425300da33e61158525519e8cc85cad1865e101e8a","sha512":"789271b757784c96d99e9a988091d81dbc8cd3f41fbb2df2f6283263c204cb694b5cd41bda27f7e02ce402ac82847f20fbdcd312364322be34fcd4af4b0fa920","ssdeep":"1536:lbqofKNY4VDk106V9ALd9YDJZDCmGHPDhdLD+RE7g:leofKTDE06V9ALb4CNHF1Dot","tlshash":"f23302a55209e72a0b150afca45f64a5980f8406eef885be399614240ef7efffc4120c","first_seen":"2024-12-25T07:35:59.954891Z","last_seen":"2026-05-03T20:01:46.487898Z","times_seen":44,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/fingerprintjs/v4","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"54.240.174.81","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openfpcdn.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 29 Oct 2025 00:00:00 GMT","end":"Fri, 27 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:88:9B:B1:7C:CB:A7:14:49:10:D6:FC:A3:64:23:03:9F:CC:6A:B0","sha256":"6A:98:96:56:64:4A:39:7A:9F:12:CE:F5:99:D3:C8:24:ED:17:AF:92:3F:E3:AC:C7:7D:1F:2D:74:46:2F:95:D9"}}},"request":{"raw":"GET /fingerprintjs/v4 HTTP/1.1\r\nHost: openfpcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bonus.24parik.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: CloudFront\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\ndate: Fri, 19 Dec 2025 00:59:36 GMT\r\ncache-control: public, max-age=617657, s-maxage=10406\r\netag: W/\"xpwJ3jZ1YGJa3hHgQsvBXe+osoM\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: VbsZOAelQmN9OViUyjd98MzLq39SW_9oKCoY9Mm0IIPQn7hIyOQWsA==\r\nage: 9932\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":38855,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38323)","md5":"dbedc7274a2f03b28cab86a88c50684f","sha1":"c69c09de367560625ade11e042cbc15defa8b283","sha256":"dceecee491e0029e101d4d1e77318c115fe2433ff681ba864e4afa091801b2f4","sha512":"42f6696c97e492e4c31009edfde9f4f2cddaba8d3ce984ad394e5e3d139746482f6c5346f313a183944982704894189a320ecc3c11e25e1d4acca6d7f35df4d3","ssdeep":"384:NxcDKdRZKgEaMRMBp5iKQID95wH3KqwzrWmKj5+pCqNFaiE8E0QIQfJWbkhGYKom:EaRBp5Kjnc9NwlJWbhSu9A8","tlshash":"930316d8b2c3b06e227368b5407f6006b23a7d54346d8842c523e5d57ca9e6e913bfbc","first_seen":"2025-04-11T02:03:59.120104Z","last_seen":"2026-05-05T04:28:55.286285Z","times_seen":1820,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":54,"dns":40,"connect":1,"send":0,"wait":1,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-spin.mp3","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-spin.mp3 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 149765\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"24905-64189df1f97dd\"\r\nray-id: 867fdbf776-r2km6-a75b5225-1e86-490e-8f66-ebf022d8866f\r\ncf-ipcountry: NO\r\ncontent-range: bytes 0-149764/149765\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vp61txlIu%2F2k2978PhIawE7hv%2Bl68pVLdxPb73VTsJsDj5GMHINZ4bpKqgIPSZcJ%2BfJJQCVCU68wzD60AFM%2FuN6E7nazMBmXFvDE4Yil8ocD\"}]}\r\ncf-ray: 9b03d430b8761ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":149765,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"f46b0cb6ad88b5f17bba1195206aa125","sha1":"44d7c39f49d0bfd866195f1f6c57186cafc07252","sha256":"a6d0cbcdafc4af470695eb9deb7ab6bba68a10bdd9c469ff67e62a4036cf9965","sha512":"f27d1e30a156e509b2e924d5d85e4c5b5e8734f9b684899cc71f46d4f585e11b0b542dee3606083ead7cf8d9422bf2beed5a3ead034177ba79c58c345f3ba5fd","ssdeep":"3072:AfRh3k73vkkTYfpMtrDwTPja8cfS+IEfNkO6A:AjU73vkke6twTPja88lf","tlshash":"cce3f1979b60411df09543fa7bab9158e1495caf4ea4ff86335def20a7bb6202f27040","first_seen":"2024-06-24T07:52:31Z","last_seen":"2026-05-03T20:01:46.474025Z","times_seen":56,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/common/css/loader.css?v=3.001","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /common/css/loader.css?v=3.001 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/css\r\ncontent-length: 247\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:13 GMT\r\netag: \"1f0-64189de22ca0e-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-sxqwq-5b8a2fe6-5ecd-46cd-ba8d-33043d15788d\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QfB%2B8qV%2BlR54zC2a7nBHkfGlCycxjfBzouPTvw44VbeRQCWiWcQaLHKuCuqlvjPd4yPr0jfO3Vk3PzaSgc%2BvgqtgwQ0MQ1LTLH2HDBL5k3GN\"}]}\r\ncf-ray: 9b03d42d6fb81ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":496,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"22275f47deb87d44e229c86f2597efe5","sha1":"e47bcc4160606108f92f80ad0d0fb0eecf60799c","sha256":"aefe61ddaafdc3320513be4eb4eabd5c03c2d22559204cd1ae04a48c0b5a5990","sha512":"85b379f1d2bbb67b0993b8386fd16b145a961aff4aef5d5dedafb5cfe798e2b5cda25486d39adddc7efb916d100d1cb5b587014823cd8893969fa88d97cb23c6","ssdeep":"","tlshash":"edf059644b3d2208645fe2ba38a57b2813795041bb2fdc3c82d3214dcec6206d073ba9","first_seen":"2023-12-30T14:08:37Z","last_seen":"2026-05-05T02:32:00.40862Z","times_seen":288,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/framework/assets/jquery-3.1.1.min.js","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /framework/assets/jquery-3.1.1.min.js HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 30080\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:15 GMT\r\netag: \"152b5-64189de411ba9-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-446be2bd-4f29-4d56-97a0-930caa7596e1\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qPBDiPw8t%2FCd6D8v4PJVfNpQTWbfJSU2jzz6idFU4ugxrfPspForEvm302n96nqPr7oetL4lKs9PYqDn7EiEr3NrnTNse7dlINSBVatq6ahG\"}]}\r\ncf-ray: 9b03d42d6fba1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86709,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32030)","md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-05-05T15:11:42.738009Z","times_seen":140642,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":239,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/framework/frontend/images/visa.svg","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /framework/frontend/images/visa.svg HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:17 GMT\r\netag: \"4ea-64189de59bc41\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 599df8f78d-jrgkq-e9463d29-7723-43c2-966a-1f07144b42fb\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9Nk1taxx7C9Co7TLu868%2FCXDAX7bZJI9UvIB7zRAFNJqdq7GSQsrW0%2FDKQ44B%2FaQbocOrHuokTiuQEzPT7z%2FWlYLKLhdY%2B8mtVFSuphxn8b8\"}]}\r\ncf-ray: 9b03d42d7fc71ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1258,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"02681fa43d5d375e48d56f9c93de5bfc","sha1":"18e8005aa95489dbe367143a4e89032eae1ee0ac","sha256":"722adaadc1bb5c1cada25f294f3d53c91f609d3b2e473b7db290f3f46fa714e9","sha512":"265d1279a403c8db0d730aaf8be8d28e0fcffc6578de0c8cb1255362374ec1d338f324e898aa0cdde33240b7344743642f57febee4717d89a255caba347a7c0b","ssdeep":"","tlshash":"0c2112d2a1d8dbd8e044aa24d9260558257a38fe2f9dc4cc47c6e920a2634edc469c99","first_seen":"2025-10-16T04:32:05.611837Z","last_seen":"2026-05-04T21:31:42.153448Z","times_seen":92,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/framework/frontend/images/social-icon-1.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /framework/frontend/images/social-icon-1.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:17 GMT\r\netag: \"580-64189de59bc41\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 599df8f78d-b85kh-20fbd789-eab7-4ad5-86ab-eee01b6ef243\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=567caXgSEDjfkZkQV1Ufa4Hq3Hfti2bsnQhlEydFz68Fhx%2FvhkRRbkMa77sUDW5ANX5lts6YMex1cOSEYNPwGmBYsSyiiBPwrr2VTMx0ZbjH\"}]}\r\ncf-ray: 9b03d42d8fcd1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1408,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced","md5":"7d9fe319c8acec72220c31237346cbad","sha1":"43f3cd441c75d5e85277bdb025c7023740f797f1","sha256":"21a42239c7642fe184c071eec8c91f4882c2899f030745ad6c5ff6888f3f1cdf","sha512":"16dcffde18ff7eb1b89c365f77545c3eeb21355d3141be23a34ad09173a62acca253ee86fe2ef4ddf6a4d5150ea1da8da6a95f92861fb815363002a4d34d0e8b","ssdeep":"","tlshash":"692196a39a7288e37b79921500135a6bbeb6289c63e49a2fbe241d8e19044859d14267","first_seen":"2023-10-29T14:17:32Z","last_seen":"2026-05-04T21:31:42.137196Z","times_seen":345,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/favicon.ico?v=2","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /favicon.ico?v=2 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nCookie: adtag=1rbdp9hnssaud; adtag_t=1766115105198; entrance_url=https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud; dhash=cdc22d89-1331-4e8f-994c-9c2bbdf6d5e9; registerUrl=https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:15 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LIAvzkYRbjD2l%2FkuYMPFEWDg2WhKNGjO1KK7PFgner6FWGJGjlYPl0uJexlsbnNUqa7feKZvRrLa%2BHh2aBiHIS5iTJxB7W78Nr4Fu1cjIS3m\"}]}\r\ncf-ipcountry: NO\r\nray-id: 599df8f78d-b85kh-ad8d12aa-6cd4-45d8-bcd4-87e469a529da\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\netag: W/\"3aee-64189de3e645b\"\r\ncontent-encoding: br\r\ncf-ray: 9b03d43238bc1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"1b14c0b2fef5b3dae3a50600e372a102","sha1":"6467fadf3bb144cbdf8d80b0a9899ca814887ec5","sha256":"c1741e2fa39545458331b41e9027bff3fc25f35427dac6cff312e716c9947d79","sha512":"d045267d37a969a4ec6e526bfd490ed656a8727bd42d2643fe6ee7233affc0ed8279d99421c4d7cbe0d0be8756aef3674e2a31c4bfc1bb650d4e25d333a15da8","ssdeep":"192:jXLM2s1a5kpVMCfSN9dsAtOFF5+1DjrfRqMK:jX2YI3JD2RA","tlshash":"a6628d64f2107751cb58be37e152cf3051277aa6cc4062676d756ecb78bae8aba0c313","first_seen":"2025-05-31T05:31:21.367489Z","last_seen":"2026-04-19T22:02:38.59054Z","times_seen":149,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/img2.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/img2.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"40f8-64189df1f5d45\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-sxqwq-fcac345c-292f-46b9-80b8-3fa536b810c9\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=phAECkXXjkcBzPyUHV0id56Rh2P87xtt1a61EQTpcC1SDwMGFcqg84LDJHPdypV%2FuP3HtZ37usRCt8qqo5CJl2k%2F44pfeMUodWh9H5%2FrxuEA\"}]}\r\ncf-ray: 9b03d42d6fbc1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16632,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 255, 8-bit colormap, non-interlaced","md5":"4e40c7a994f498cd36cd52c27f1c5f74","sha1":"cf344879ea9e4cba3a685d20a9859b46f4bd2a60","sha256":"b51dc4fb4be4b5f4a98386ae88189f611ebe6e4118c6028e4933a99b2a56435d","sha512":"dbdd0f73acf8bf32b26b4f9938431cc13806027dee3d3d80958bb14a49a8c386053e32b9afceb9e7e2021ddcd7d91cd3e43351a4b06e9c547e27d31e8e6bcd38","ssdeep":"384:XjmIb21s/hab2qo31oRbRXywwkXq6dlTWDPVFkUp+lOuVwX3m8:Xj1mdb9pVXWDsn6m8","tlshash":"f472d0cf69c9fca58cf69573450226bf410d546bc8f64e1264b8d829d2cb9c678d8bb0","first_seen":"2024-12-25T07:35:59.917311Z","last_seen":"2026-05-03T20:01:46.485347Z","times_seen":45,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/img3.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/img3.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"50d1-64189df1f5d45\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-sxqwq-a4206f1f-87c8-4d08-b007-0d1f0eb84452\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OWI0cBxEx59J3S2mw4ikql%2BmkjG5%2FSg4WGTY%2FurLnjJjSsXIW039epYj68jHfQC2mBaFD%2BFhEsVLhahEhHsdMx13GsPpiKM5uQiosm0OdPGg\"}]}\r\ncf-ray: 9b03d42d6fbd1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20689,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 330 x 330, 8-bit colormap, non-interlaced","md5":"e49f8e04589aa754d4c686aca2c9f3ec","sha1":"70e630a1fe92c797663b39cba39097ae310d3cbf","sha256":"286aafac25ce0ad31a7c5e2ff07975b5394dd510d7353edecf06afbe3e89773e","sha512":"0a3e530fed50746954c6941eda38059a1ef36bdc35fec71d1ce882a86d3ac79d8fba4a7b8c14d7c98ca0a90cb37c25e624e565149b7eab832ae132c6cdc8395f","ssdeep":"384:wjXOBjGnpuboMdGqewmE+fDokyeHrcYBujJS4HoSoNzPyocAUy:G+BpdGqgB0kytWujJrHSNbyot","tlshash":"8b92d034827728a173c3d3786997901295290f1efa8bb059571045df882bfad4b32fbb","first_seen":"2024-12-25T07:35:59.921966Z","last_seen":"2026-05-03T20:01:46.482522Z","times_seen":45,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/arrow.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/arrow.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"b72-64189df1efb9e\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-39c43740-4eb8-4653-bedb-e0072a0e6873\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EJRx5HUyE2DugBt3WVK4PxBIPDQnzz126fKWGKFkbUT29DipYGM%2B%2Br9KGDw%2BjOpHXqhfe9IWC%2BqFa6kmg4m52Gsa5oMv%2FlTcilhaffzIM%2B%2Bz\"}]}\r\ncf-ray: 9b03d42d7fc21ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2930,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 46 x 47, 8-bit/color RGBA, non-interlaced","md5":"a397eeb10fb7b935bd5f041ffdf9bf36","sha1":"1e7ec3dc032e95961fe03a2163f76c5f85f8ad29","sha256":"52637c7031348862deed7c79eddf04b8467d4565b832b65aa0df49747b051092","sha512":"0c1fc0407482c97fba6042e3932dbf88452c4d2e8d49fbddaab3adb3d383cf1a22f358c284401e63e75917cdc39a3c81da437e9c69db1d19c3255c1a1ba75acb","ssdeep":"","tlshash":"dc513ddbbdf1d83cd8ea13bf1330c820b39579f8114151a39c474023fe24e2952ad912","first_seen":"2024-12-25T07:35:59.927358Z","last_seen":"2026-05-03T20:01:46.102203Z","times_seen":42,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/common/forms/dist/index.js?v=1.006","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /common/forms/dist/index.js?v=1.006 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 3253\r\nserver: cloudflare\r\nlast-modified: Thu, 30 Oct 2025 09:08:17 GMT\r\netag: \"2381-6425c96fc4cbb-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-085ccbb0-0001-4275-bf39-2fb216d27b85\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UaOtgpTZ6uIlH9%2BopNVUndq9VGv4gfYAIt1N8mDMkI3RtaoFvM0G1Vf%2B88Fa4%2Bk1bpvFHwC99%2F5i3Gi8P8XGc7v5zyS4lqydXWBFwBzgf63V\"}]}\r\ncf-ray: 9b03d42d9fd41ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9089,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8848), with no line terminators","md5":"9492023682c11f62a770be3ff35402cb","sha1":"44f0db545a3f66d6d00977ec0e3679c307507001","sha256":"1803fb663dfc0a0f52c0442279da29d70ded1b8070abe65ce9bb00818deaaaae","sha512":"39022baa108e2042419208071792d5d444897e0c8f4737b89303886313793b6f2f60301b88cdce7ce49474275b9e81bc4e75ed8ec42766557f0ed59b45812100","ssdeep":"192:QvbkESAMDfygoVg0LY78m4XMK52w4U7prvk3lzDBsForEyc:abkOKfyNDLCV4XMrw9g3FlsForEyc","tlshash":"d012b51c33947dfb03dba1fa501b6505f273882578469090a338dafa3d34d8e5262b6f","first_seen":"2025-10-30T11:31:39.257497Z","last_seen":"2026-01-19T21:48:02.060803Z","times_seen":36,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/bg.jpg","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/bg.jpg HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/jpeg\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"41d7a-64189df1f595d\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-r2km6-da5a6246-a56f-47f6-93a7-0f51a426f378\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9lQar1fO9EXf%2BRg1%2BZ6xkxUGHuL3RV7C6Wle6M8NO0qEzh4aXiJFG%2B6NqKHyyd9K24GwXzD9olUfHvjjvcEoX1ymGh99gFRmPGoIiiYasNM7\"}]}\r\ncf-ray: 9b03d42fd8381ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":269690,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"b2e43b185a39b6801728f2f92b2cbcea","sha1":"56a4e29466384952947f70a984339c259b51de21","sha256":"4dcb7bcb8f574eb000cdd522520c2e68659eecc959e3a986ec209b46953d1812","sha512":"b540dd4ceee98136a9c195eb191e1706da23f96bdea2f5f102bb34fe0a5e5023d8f19a970931aa1149c612f6d225984dce58d5f514fc00ef48d60812d1d6c377","ssdeep":"6144:MIbf89Bfy9mDIl29Qw7vEy7c8pYYGi8v3wZZpSwrrZi9ijdFhPlyxE:Hk9BfyIUE9QYJ7c8pNk3wZyMi90dnNyG","tlshash":"034423495f691cc4d3d8c9385e5f32866abf503bc8be03988f0c18dadd466ac9e37619","first_seen":"2024-12-25T07:35:59.952098Z","last_seen":"2026-05-03T20:01:46.110041Z","times_seen":42,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/img4.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/img4.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: W/\"3283-64189df1f5d45\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-9534361c-4a7e-4e93-a86f-29c13f0f9413\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U1O2R2fqt9UOF599a7S40bwYdp%2FbHB5ggAcRw68HVjqnKrq2daYgCM98dyK1iWyEjeuhSFbvaOwbJWqBHV5YMKsaJ6OMl0QSDK1Qq1Bdwy2V\"}]}\r\ncf-ray: 9b03d42d6fbe1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12931,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 196 x 196, 8-bit colormap, non-interlaced","md5":"c34bbd7efe22864d507a48a88008da56","sha1":"ea72641b576f0efc42765cbc930fc5d951069247","sha256":"79cbefd9500a8889cf5be67a6d21001b566850e648349c1377d27e6a56d872f9","sha512":"81c690644d34d46303e8be7fd64808cf38fd58320d6f6dc920199390fdd3c82d0432a2cc4e3c47aa4445786a509bd4ab9236f666a7884ceed3c7ebd4d0d0e4d4","ssdeep":"192:pZ+0ZJS+zXSvxpLZH/37wQBWfQ7b2QD20+mGZ1WLLiNWDMQZKiU1Mtl:pg0ZlzivPBK4GQamGfwYOhZKR1Mv","tlshash":"df42b0f8be9b6917d5454012830b79a2f4fae0d02e9c6ecd6253143a1b61221f5f5f8f","first_seen":"2024-12-25T07:35:59.925345Z","last_seen":"2026-05-03T20:01:46.486036Z","times_seen":45,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/img6.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/img6.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"537b-64189df1f5d45\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-r2km6-fb1b34d6-ead5-4ff1-b973-b464ccc841ac\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qyYJakE9QoxlUElQglfIBawWNk2rYsXmKMi8taeWOR0P4rDMbA3MpLyNQUnMroovieLJ7FsTZ%2FY%2BG9jPrtr3%2FjD6EO19kd3T%2FEI7XZ5yfGXi\"}]}\r\ncf-ray: 9b03d42d7fc01ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21371,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 329 x 300, 8-bit colormap, non-interlaced","md5":"b113f01e12dd269d4744b87d0b8e5717","sha1":"c25fe4463a92a623ef373b37b4667cf2ecf84305","sha256":"cb4c737f9add1282fe9d87824bfb8a08dbb2a627115430cdf50ceae9e872eac7","sha512":"3de1caf9abf57404cb19e806749e7109b4b37e62c807964cdcb57a4896aab70f7a82c920cddfb008182eda05af0670cfe157a6665e2d8850de1cbc1336cb2cc5","ssdeep":"384:mkllX2hKlzuNaXVGFR/ROHsgsnvevMLq14AAFNiJ+lcESaPRLf2ekDzbKG0ssI:nX2hK+oGFR0HGY1HGBlRHPNffUbK6T","tlshash":"f1a2d02472bdff606672cbea4fd1c761276d24ba6716f61cce0704aba10653f3760680","first_seen":"2024-12-25T07:35:59.929499Z","last_seen":"2026-05-03T20:01:46.469581Z","times_seen":45,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/god.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/god.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"29eba-64189df1f5d45\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-sxqwq-af997972-d673-411b-bdd1-6134a5f847f0\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o9f2U4D%2BpZZnWnHWzhLAfYVbJePrKkYN2Qx%2BnZsB9qMgoC4u5iQqnLnKNVpZ6WaliJ6swCSp%2FnbHmhi27oD6mz0kmr%2Fq3H91WnRdCyPF0wok\"}]}\r\ncf-ray: 9b03d42d7fc51ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":171706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 772 x 902, 8-bit colormap, non-interlaced","md5":"1fe0405fe784aee8e70471c7e29a6d43","sha1":"0d754f8769728ab724eb89e517edd8cd4e7a211e","sha256":"80e983419f46eb41dc5f374cc228b43cb265e97a76064908fb7356c2eda30bea","sha512":"821ef530eae8b75b59ccc4e63079f6877543f432672addad3d547745d7506a0580ef2876da42d0f8a8103648c8f79c83a37973cceadd1decc430933f7d67432c","ssdeep":"3072:rCeU5wKluC1yP7q7ip8yMNOP2ZCaAGTlYXhC9ZDlnCdDjoXRj98N6TRxP:OFHlagipHjP2ZCazPRlqDox8ORJ","tlshash":"4af323afb95effd50e92124c0325d37c3b616a6ce0483402b31a698ff6b587249ad467","first_seen":"2024-12-25T07:35:59.939229Z","last_seen":"2026-05-03T20:01:46.089401Z","times_seen":42,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-sprite.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-sprite.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"1ab9f-64189df1f97dd\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-18f88533-4da4-41c4-974d-0162e3f5ed0b\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Db9Sx4TovznPgFJMnCIS2LCO%2BVJzXFRX4NUQ54V9j3zkfQcUlhm2PO%2FMsALCEegGzONzoIUPPjzr0VZENPCjjjcur8%2FPwTZ9AKs51zHvXA28\"}]}\r\ncf-ray: 9b03d42fd83f1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":109471,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 682 x 682, 8-bit colormap, non-interlaced","md5":"31d154b010a0ee502a6174a5ce3d1016","sha1":"2a1f48c9d51b97d099019ce810b490d2db3bf469","sha256":"d98cf86b836b18eeec6c4d4cf97738ab4a026555f6d25ac74646d1cefea671f1","sha512":"6d77bf6bec8b856b69563c8c7c25d2728f30dbe35c7c8f957e17d4bfb35742de6e585703f9f5ed155ed249af7e78af620bd04a316f7064fca9aaf5a791f5db93","ssdeep":"3072:xMrTw0xZHn642vgpIp+5E3GDzzZtUPuQh:eTw0xZHEIpIs22vt0uy","tlshash":"55b312b17ca2d461ce308c98f55c1bf5263298cd190c03bbca758abebb6e2411e75c63","first_seen":"2025-06-20T08:25:30.823367Z","last_seen":"2026-05-03T20:01:46.504899Z","times_seen":39,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/center.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/center.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"2ba4-64189df1f595d\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-sxqwq-bf6ad775-abba-4461-b058-209c15d8a6ac\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dr4E8T591PkiphD2sm%2BNkPlYVAlne9R2mxXVhgHc83%2B2WA3Mwz9NBEkpQME2QtAPSvqO%2Fu9ghFV%2BQEwJAgFWC5mVGXbuiDgFO0n4BgaZHOgm\"}]}\r\ncf-ray: 9b03d42d7fc31ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11172,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 360 x 360, 8-bit colormap, non-interlaced","md5":"ae6fe55e5696a859a57123de2a2d74c2","sha1":"25f54f2c85cafabf792e6c348a0451b7ad3d30e1","sha256":"650b6720e6fe4aa890af2595dcccbcddd14847087c9f93d8a1c17afc1236c553","sha512":"656f0d922907e1ecace293c81dfbb9cc4bc61552ec6de25af36c61bd9ec0a9c928a18557f87c8623e181511c98907c26816a806a6e0856fad2a60b1bbed0b4db","ssdeep":"192:UPU0zRMZpDiP5tlW8OjCIeBENS5SKUPTclCWRMXr4KcRQKWo928Z9uqfuCr/i9R:uzRMZoBOjCDBEE5nUPTc4kKr4DRDPj9A","tlshash":"5832b06d7f635215895d806324a9c96b058f068b6ff3b2dc3cb6323424eadc5d25d8b2","first_seen":"2025-06-16T19:32:53.323895Z","last_seen":"2026-05-03T20:01:46.487008Z","times_seen":40,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/vendor.js?v=2.003","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/vendor.js?v=2.003 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 30822\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"15982-64189df1f9fad-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-bd3730bb-a3e7-44f8-8fea-f74d757807ca\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L0HeKdeZx5YwIm9DY5GFjAVgaENQLEztE90UkqhQuXNFow49UK78V9BXrvVmM8FEsSHD2k6A0zBdAlI%2B9%2BObVezC%2FjZ%2Fno32Mri%2Bs2DELjSx\"}]}\r\ncf-ray: 9b03d42d8fcf1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88450,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (59957)","md5":"de06d5306079c6822acac2aec019075b","sha1":"0cc1f0d2eb22159c3ee2971c5a7c05d30b969035","sha256":"aebfaca0abecbf8be689c72ba9fd36e7d2f389e05e0d5ccc460b74e7a5c38754","sha512":"111223820d0a7795493c2b1490423ba10cdb4c86e5cbc58b1332572929c1eaa1ce44f7c50650537ae866ded2d0f91349c773dd62469de841d889437a60425c7f","ssdeep":"1536:yLiBgPWGdWLOczB4bx60BWEVkWGhXmlagpDHcdEr88HBj2jquHBmEO+kV3gcJ:PdYagZc6mJs3gcJ","tlshash":"4a831add72c7b06247a771ba007f550bf2361999684d8410f129e4e9bc78b8a823bf7d","first_seen":"2023-03-12T07:45:33Z","last_seen":"2026-05-05T02:32:00.287028Z","times_seen":365,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/img5.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/img5.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"362f-64189df1f5d45\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-r2km6-ddb654b4-ddc0-40f8-82ed-deb77fd8a1d0\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E9%2B92hXeInaqAfKnKDbl%2FFD5grTPDU0PPmo3%2BxQOscOOFwC8AJt10X1oZp6I0OiD3yRV5R02I%2Bm0VLmhPjhXYTppMW50GmTNbQNIerpo4Cfv\"}]}\r\ncf-ray: 9b03d42d7fbf1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13871,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 249 x 249, 8-bit colormap, non-interlaced","md5":"ef001b0ef8ad8c2f0b2de319a15cc709","sha1":"832fa88bd117f8d46eee51157b6e033dc1b25d36","sha256":"4c4a767fc1e577b06b064244d8ba950f9e8b4e711732d683b13c7dd057447638","sha512":"edb125243f77803622208398f57dc9028432c058838277ebb2764303a485c9a01fee66efc189fa43effbc824976b88c55b64c812e24c7130befb548ae649b2fb","ssdeep":"384:jzx30zmep9qTDYREM7Nr8QK6uc02GVe1F:jz6zx9qTO5NBt02L","tlshash":"ac52c075f4e8ace0eb5a060f683c1454ba1f3e9c9c688516f12e4ad89d934c58e48f7c","first_seen":"2024-12-25T07:35:59.923533Z","last_seen":"2026-05-03T20:01:46.52963Z","times_seen":45,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-bg.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/wheel-bg.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"1fe94-64189df1f93f5\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-r2km6-642a844c-2e49-49b3-bf0d-645bac8ccfc9\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fa4yZuzKBlltV8FBcteF5AJQzE7VsC8GpB0fGvZjfDrUVRQrR%2BWc6kOLFFz5AhjA3GJuFw2wogNFNsL9BiOMw1%2F%2FeCHs3DMsoZYya%2FmUFaFa\"}]}\r\ncf-ray: 9b03d42fe8411ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130708,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 654 x 654, 8-bit colormap, non-interlaced","md5":"304ffbebf5a9ef20eeec9670f33db7b7","sha1":"1a97b8cedd9889afdc384d8b64e8b7db0d3342f3","sha256":"ced116b46d16764d2b71192677e714bb4c0f41f2ede67241dc343c49c3b705ed","sha512":"e31d0300a2800986560121c294f3c5b635a2ac44a642c7f8799ffe53fe8396ee95639d5d84b3e051864279f884492aba636ca829431b3d63d834ce094408b6ba","ssdeep":"3072:gxMQu4c01Fxiknc0TTxvuFWsFZ3hbhWQsSn:Xtt01Dikc0TTxvuIEhJhWQ5n","tlshash":"dbd31282c8d37abce19212d1e1144bd44e6b9f4e2c917b1e4eb75f0e404a82d9a83d6f","first_seen":"2024-12-25T07:35:59.957376Z","last_seen":"2026-05-03T20:01:46.100303Z","times_seen":42,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/css\r\ncontent-length: 19836\r\nserver: cloudflare\r\nlast-modified: Fri, 28 Nov 2025 13:41:08 GMT\r\netag: \"235e8-644a7c8265c3b-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-sxqwq-fab8f88d-49ce-43a5-9f22-ced127c88c5d\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AhRW0vTqXw%2FcZRSs1P6A3LMGIUoTpoLFqH9C09crP4vI1pgI0xYGz7gUQ%2FHWAioiLrvKxt%2BMSjI1R0Fnl2o7sGMNDSBnQIx64kAK8spqErlE\"}]}\r\ncf-ray: 9b03d42d6fb71ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":144872,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65319)","md5":"9176094997ad94b2c300c30d8c786337","sha1":"6eb59f6cd34463498d0617e649f529fbceac54d9","sha256":"a8299eaeac0a87c100857b044e4e2574a1925a2e29cdbd52f59c0c8b38c67af6","sha512":"9ab66f4e7a9f6df8b315850e8df33d291724695c6529b65e2ce9ab2bbb44a1181738c9c4ad3fe1ecbd64ebb4f77826c4b13bb5a7ce9348d97004d359efd59894","ssdeep":"3072:3PY3q3SYiLENM6HN26IStSRsmYd7Zg9tcRnELKRVfG:3PY3q3SYiLENM6HN26c9zL4VfG","tlshash":"67e393d3ba5231cfe29f812ea6c13bbc01be914697121eeeb4932b7887843e7157550d","first_seen":"2025-12-19T03:32:14.774206Z","last_seen":"2026-05-03T20:01:46.075421Z","times_seen":12,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/logo.svg","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/logo.svg HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: W/\"1c38-64189df1f612d\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-26e6f644-d9b5-4392-8b6e-feff152a4fa9\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j8KUhUK8xE7uM38ugbuJkWi85S2g1OcTIROGLTpnCoLFRWJsfri4a%2F%2BNIxghr1nstYOlHMVEvt9XObmqvKTCU8V7YKhGcjXh%2FGejosS7SE9T\"}]}\r\ncf-ray: 9b03d42d7fc11ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7224,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a217a2f764e47410f76894e50c41759c","sha1":"4ab2149b08a1687096c2942dc36f87f9c0e080ae","sha256":"7ba5ed1d7f533ee78c5b0f80ec118d97012956a209db292f6fbb57b7511f1054","sha512":"dcad16678a2b0fe9efc0829966bfa8ab09e7c52a6626e871c2e9541daddd7dcd6e0ef68b66aec659aafe65fa04dd3faf01dc2b7d14ec963ba07307914dde8886","ssdeep":"96:EjPjJhE7D6uUbikRW0AJfcDET7qBjWXWP2WDBnD3+AS5RSMlR3boQ:EjHEfl2oJJfCEqdSw2GD3zS5IMH38Q","tlshash":"dfe1c7cc33a406f0e580b3e6db1550aa7d1378fab5c28570c6982d9530939fe8c69dea","first_seen":"2025-05-31T05:31:21.368297Z","last_seen":"2026-05-04T21:31:42.096826Z","times_seen":162,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/framework/frontend/images/inst.svg","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /framework/frontend/images/inst.svg HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:17 GMT\r\netag: \"7b0-64189de59bc41\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 599df8f78d-jrgkq-f041fe45-d809-4a40-a018-74131b8f1b4d\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zbVn9hNqYR%2B%2F%2FvU7LTaoTsZt6rgj2TWQ%2FoYmFYV85hjVF%2BpMCE4liJZxJlWuUzyaG3hOkMWg%2BUGHk%2FhYMx55dlAS88e7gXSMRi5J4MHNrZXS\"}]}\r\ncf-ray: 9b03d42d8fca1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1968,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"05c51644b33e296055cb4868a6245683","sha1":"a53ce574d289ad2db0b37df33c6c63b66451712b","sha256":"ecfbe5aa2e14234c9f794d1291b92c21fb326b260bf64df70849115bf5ba5226","sha512":"6d86084fd20bcfd5859521108d99d0f0d68f98a06670b925db6ddcc58afb1e78f8d1737f4c02123968d5165220e2de3e1d6c657a8063e4e0669b63868279e3ad","ssdeep":"","tlshash":"794101f593f9f2f8910aeb94d5368c70f67a34b96a52c5da52a58f94c1010cdd8cc445","first_seen":"2025-05-31T05:31:21.346025Z","last_seen":"2026-05-04T21:31:42.128648Z","times_seen":164,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/button-click.mp3","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/button-click.mp3 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 16018\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"3e92-64189df1f595d\"\r\nray-id: 867fdbf776-fwvxg-ad05f104-052e-4fcb-9db5-c1004dcf7735\r\ncf-ipcountry: NO\r\ncontent-range: bytes 0-16017/16018\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BNOg7lo82WDp9Tre8w8j6h3tq8LLkvC%2FzK3zvyqHaAeOgDH7QnHPL9%2BhM7HEHW30d1n1OYPbRU%2FtA4gn%2BgH82ViPhxshLi9rw9CTcSqDRwOY\"}]}\r\ncf-ray: 9b03d430b8741ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16018,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"07a0f2d7d6033eb63ab4f676e7777061","sha1":"2d03aaa488216b7b7520e45ba8f61a07b645dadd","sha256":"8dad70b4a23c4ed80c2574ed0995e4da3ebabb9e7b694b54f10ad0451b51c6ee","sha512":"9d0942e9c8937b50fa752d8ea52bbd5139a7744be5a98c7c7cef3f4b90a66fff9b3291c13681fcd61be3e3b4be77155622427ead8576964370f28a3149bfb04a","ssdeep":"192:hFktALoHLrXTT7+Hpi0z2qpAGUtVCv29SOqpQA1zu6OKEeHF:hWtAL8LTTT7bjYu9uOKzWKEeHF","tlshash":"94726db2d82220a0c44d6bfe54fb421d672249c3abc49fccb5ccd656ffb45a5ad4a680","first_seen":"2024-06-24T07:52:30Z","last_seen":"2026-05-03T20:01:46.500484Z","times_seen":56,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":201,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/button-vibro.mp3","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/button-vibro.mp3 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 22287\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"570f-64189df1f595d\"\r\nray-id: 867fdbf776-sxqwq-52655ded-4642-41dd-9af3-75fb8b92a4cc\r\ncf-ipcountry: NO\r\ncontent-range: bytes 0-22286/22287\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=svj6rroIZzM3roarjkB1%2BG6pjMzjJVo8XSzajVvHY0bcNVceUW2xxL5tZc7L1CjQ7EM8bl9iTmc1yjDGSRYgA8W1qbTRab1RI3HKXMdEdgqO\"}]}\r\ncf-ray: 9b03d430b8751ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22287,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"f42fd71a73c7bbb00563da18f0d904ed","sha1":"09cf6952dcc406774b5f2097bf9ace5416b046f4","sha256":"eaf6466a9f7679f902fc08831ae3df389a0f9db2d93379bdd8dc69aa4db197b7","sha512":"25c456265270f492d251d5969577b6a0038eb0905e5585d891536eea7d803f81f97a6371ee2a341826001fd4ab3f7af266b02226b765e1e84d8baeaae0e47ce6","ssdeep":"384:qWtFLXL+TrTCHeWna/8hZwJu2BMpG8Ccvdye49qdre3ezaPeRiZLJaGt/:BCTrTC+NCZyuYx8Ccvdy/NVPE2tj/","tlshash":"04a2b0b12c2474d0f4dd64b944ef41ded92a0a97da81edc8b8ddc3842f8b3965b427c9","first_seen":"2024-06-24T07:52:30Z","last_seen":"2026-05-03T20:01:46.489763Z","times_seen":56,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-19T03:31:44.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j0YdZd48OavJkGN2oABbZpdhuvcVBw%2B1mRHlWAoq3EvMB%2BgZHn49yI2N5EUiqTDxM4zoEHzE%2BVHekONOx6iVe%2FgUznwsfT1BGRr22ePBDdli\"}]}\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-d6c4357e-1750-4ddf-9e49-67409fdf5578\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ncf-ray: 9b03d42b3f591ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.1.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35102,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (754)","md5":"7e5b18bd53f01efbc0111f7c2474d2a2","sha1":"3fbc3807e8affa50d4c199e46d8fb8ab3b808e47","sha256":"98a4c38e3f2eb1f0b451ab308c418ea49b346088eee8adb8e1d134a80d30b510","sha512":"8a16b5e7487edcf2ac8c3852342ee52225ebb9b01d15fa334e091b4ebcf6dbdbc28cc41843a75a0225d410bdc32154bf6863b3531e6949ab502ffd68bc555c1a","ssdeep":"768:4wS4MJ6dvmAji6o4RxqIgqxvg5nkBDQarA:4N4MJ6dG6o4TqEvg5kJQa0","tlshash":"f0f2206468f904eb4116e186e9457b0d79e181bfb757970631bc3aef1fe2820ca3e319","first_seen":"2025-12-19T03:32:14.780689Z","last_seen":"2025-12-19T03:32:14.780689Z","times_seen":1,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":36,"dns":17,"connect":1,"send":0,"wait":193,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/img1.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/img1.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"2810-64189df1f5d45\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-fwvxg-06ac889a-f892-44d3-8fa4-ed6c48d6018b\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y2oES5FYjM4qqQP5chTNyFLzQbfmKMuZvsr4D%2BeDQzZ03VNvdqeQbVv%2F758WlY3piWVTFpWRiSlITIRPfBxKJq5oRJC9aOyM3pw%2BPgpncQea\"}]}\r\ncf-ray: 9b03d42d6fbb1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10256,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 176 x 176, 8-bit colormap, non-interlaced","md5":"ddc09200d052609b81d07f7fe9981483","sha1":"9c830b06085bbfc787d0c7e6b676f43739873b7c","sha256":"b91b055af831114ac9aa4c2a7a838dd27c473c5069f6a0b39ca15acab7d39d9b","sha512":"bff748d34c00dbf85d2ea89f31e95fe411471c8671a3775236e5e150ab4ce525ec653fd3c59af82e81e0c43a29ecfe06d17146f6d03ebfdf231922bf1955abf1","ssdeep":"192:2oBnFSqnrKxxmVDwyR/99JXS5xDNYftjwWwBYA1:2YnUxMru1NYfBwWaYC","tlshash":"bb22af219f3866df9fe3fdcc68e9b72f76c04136a8c15e4150aad3201e4935816d269f","first_seen":"2024-12-25T07:35:59.919932Z","last_seen":"2026-05-03T20:01:46.476315Z","times_seen":45,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/girl.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/girl.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"1a478-64189df1f595d\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-fwvxg-86fffe38-bb7d-4419-a402-3c794a71ea1c\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UBk11Ujw1o%2FUQgyQU1Eh7a4xmTNU%2ByTciS1sauETE44wQb06xh%2Bgi8zvdpkOhESVSEWgTGAJLUQUEKJAikYqvQc6v0Tto%2BZ40Q7lr77ZXKdJ\"}]}\r\ncf-ray: 9b03d42d7fc61ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":107640,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 477 x 838, 8-bit colormap, non-interlaced","md5":"c6f84b6dba6e51b801b848a9b4a8e8da","sha1":"4eac007f1d0a0c3e216a505e9a8d0a32f00ded98","sha256":"c78d55bfc1b99cc11f37debcb8b9be648fae1d6ae107ccc581c55db5d9cc9459","sha512":"7a01fd3095dbb5b6b0b88c890aadd3d9169dc515829e8096e204e3b2ad512bcc0afeefe9770671180b764b8657dd49fdf011cfa32c4e0c92697e2818714e7e99","ssdeep":"3072:7l0hV+Jcjqe484UKmfAiNMGnIsk/PqwIz:7lg4f8rFfAiFI4","tlshash":"07b3122f115dfe2229d2ec541198663c6ac39df2bf72df8a7eee8bb648541904101cde","first_seen":"2024-12-25T07:35:59.940812Z","last_seen":"2026-05-03T20:01:46.106188Z","times_seen":42,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/framework/frontend/images/mastercard.svg","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /framework/frontend/images/mastercard.svg HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:17 GMT\r\netag: \"190a-64189de59bc41\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-sxqwq-64cb7811-5f71-4e7a-9af6-0646c12468eb\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Yw1aJKyy5gnaSXikPxCEVwe%2FwRvkL2%2BGJhmhlLiWnGsV7uaTeX0OwV6vrLGQumVXY63%2Bg4mKW1sQ1fb4tItSrXpAT%2B9hsIZN3TXwUa0CzBWw\"}]}\r\ncf-ray: 9b03d42d8fc91ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6410,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dbac0e196e99c14ca25126e2ff704346","sha1":"8e37d638c47194e1861c25982d61619b756c87a3","sha256":"93dda1bb80fa9bbfa7715d24438174db585298a0054fe5e06c822a9bb5f5f86f","sha512":"020a65ebd2ee4edeed56d7968dc7115008b2f2d03444e87dec58726f3b1231071a87d2ad776ab8c6964c4ee504f645361bf3702de02dee96693d15004ee5655d","ssdeep":"96:wq6XKWu5Ixn+T7bz8vh5pcNSSz8RtMxE1LqSQ2domXqYpxANvj+L89EXYaLw3faP:x6ju5QE7g/czECmZpSvOYtf3S","tlshash":"a2d1cfed52d0f3d5b2b9f7348d22a8b4655538bb1f77d63e4143ea96b762050884ccc8","first_seen":"2025-10-16T04:32:05.652002Z","last_seen":"2026-05-04T21:31:42.120511Z","times_seen":92,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/center-2.png","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/center-2.png HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"2c31-64189df1f595d\"\r\naccept-ranges: bytes\r\ncf-ipcountry: NO\r\nray-id: 867fdbf776-fwvxg-073d32db-6660-45e1-80af-e8cd3431732a\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FvtFSP9zxDho3SyJN7lGOAhTZ6QxJGhFpPM7bcSEc8fXUzpYzVB2eB%2FPMl7NLDyPHtaLoeYsrPiOmMqHC35NtNeQaoMNZZgN6L2BSlXwq1KM\"}]}\r\ncf-ray: 9b03d42d7fc41ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11313,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 360 x 360, 8-bit colormap, non-interlaced","md5":"7514b86128f8f0bb68984622b059db4a","sha1":"04a3058672ea399172e00c52a593d4812aa30a49","sha256":"91dad0eda6ba37ed3261cdcd30f87da7b167ee06cd264413f7013b32f409e2e4","sha512":"16c90aa88b611b9ba979004ff77f23481807890bce718dd0a4dd041d726cb4f5ed1bacd4cf75fdf8949cbc58dba4ee52c2305febe0b35f5330fdd467ec6dc1b9","ssdeep":"192:Aku3oFJMIcw0IdMWgpmY8IMuPxyG7jlZ1GHfk6sQY8ZmLNmhquqyuTVhh7jl1tLC:3u4Sw0YMLmxIt5yG/h+fk6xYGmUhqjyv","tlshash":"8e32afba18044f50a7c3662cf64aead4782a4bfdcb1d369d712d4f3617e5440e463b21","first_seen":"2025-06-16T19:32:53.336088Z","last_seen":"2026-05-03T20:01:46.506454Z","times_seen":40,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/fonts/FiraSans-Regular.woff2","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/fonts/FiraSans-Regular.woff2 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/bundle.css?v=3.005\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 135024\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"20f70-64189df1df5e7\"\r\naccept-ranges: bytes\r\ncf-ipcountry: UA\r\nray-id: 867fdbf776-sxqwq-02aeccce-4b0e-41a5-85d4-3d6ec1d138db\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BXJk%2B64bXXAUi3rMBcKBUa6ep3%2B6oDYTpyvI%2BuKkkImMINqsB14gtRM84xQyk09eQvR62ocpFnC%2BmGXFRvl0Jmjxia4IxU1SrVh3s6NlQtRm\"}]}\r\ncf-ray: 9b03d42fe8431ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":135024,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 135024, version 1.0","md5":"ba0909b4681d0cc97e41e693fedbbe36","sha1":"1d1001ccff3f0b2460c7f6228f43f127b7681f6d","sha256":"7fa00831331beddef3e96bfb075b76fb15db41cf1dcf83ad1ce59fa60de6a3c7","sha512":"97abc17849f4a883655473e416404ce7e64c719b510c891e70886db8b65e1f67401d516e73b0f5700dad63eb5a729fd97e516d47122d45eec0beec03d27093a1","ssdeep":"3072:+5FQDSca1xxQUn4AEkaIps+OS/+dKbVFhEvD/sHkk7ZzoHpj2KDf:/ePxnnJEkaMXLhm+k8zoJj2Q","tlshash":"6dd3131a9a459b8a47201cf900ea6461d0c0a7a7feec3afdf08074f756a5f9130793f6","first_seen":"2025-06-16T19:32:53.278738Z","last_seen":"2026-05-03T20:01:46.488901Z","times_seen":57,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/bg-space.mp3","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/bg-space.mp3 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 2333601\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"239ba1-64189df1f5575\"\r\nray-id: 867fdbf776-r2km6-748fb8f4-8840-4c1d-89ca-c6d64ef66006\r\ncf-ipcountry: NO\r\ncontent-range: bytes 0-2333600/2333601\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ch6i7PDnPDSOML96rRJI%2BsW3EPYkNvvD7ZrA5MgGQbyJULPJTV0eBgu9%2Fc0qjHbxMwDOsK4gXxgletDvzwhlH4Ynd9JP5f3FqJCDnQIblGKP\"}]}\r\ncf-ray: 9b03d430b8721ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2333601,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"555baa651257d8de9c046c8433f247e3","sha1":"2c6cd735fc4a8291ad1a8c1c444c26ec999bc308","sha256":"ab45d58bfb992402b82ed6be0b76c99b1203eb7e09f218513be2e6d590742e0c","sha512":"207d046ff61b8c0e74fc78b8a006086c03e4dad458b899cc1f9c043f1de37aca2d4cac0ffc9186b05410b38a6f87402e2de010b0fce9933faa90ed964037f8ff","ssdeep":"24576:LFnzSgjg0HKlt+8YNthlSfzM1YBwS/mSWXCgHCd2pj5d:5nzS70qWFTSfVSS/QXFiA1","tlshash":"872523e3b0d8c563ec48a3355f80276de9219f122884ff85302ca7e94b7d57ab4a6d81","first_seen":"2025-08-06T09:42:16.038418Z","last_seen":"2026-05-03T20:01:46.484326Z","times_seen":45,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":148,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/public/images/fs-win.mp3","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:45.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /p24/c_mb_neonWheel_p_uk_m_33/public/images/fs-win.mp3 HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 35662\r\nserver: cloudflare\r\nlast-modified: Sun, 19 Oct 2025 21:44:29 GMT\r\netag: \"8b4e-64189df1f595d\"\r\nray-id: 867fdbf776-r2km6-b2b480c7-b5b8-40dd-a80c-bf2fbdd3e4d5\r\ncf-ipcountry: NO\r\ncontent-range: bytes 0-35661/35662\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KtZBLtaKPMMG%2BTC5EFQZQVMeTwYktAQcSw9wWK6Z6DPlMJk3mrrAES1sHoMKcALfMoJKNyl3alPRyO6Fi2S8CCVB4qigfW%2B4zGn%2BxLstFCN9\"}]}\r\ncf-ray: 9b03d430c8771ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35662,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"7488a8ebdb0d4660829acbd89c9f5653","sha1":"9f101224eebcc18de2c9107a2410bdf053afbdf3","sha256":"adcaef8945204cc0b13cf90975f944e4754f99773190cf75216133bf2ad85401","sha512":"fa1712f17db4bb7f8385d1547d0654eb52d093e8a6308ae4a580d2e3c764a5a8b59543412aeb8a8075e5e2008b007125285a797c48fd40810e985f641f40429b","ssdeep":"384:aWtw0LErLNT99BsFofi4OvKm1KwXnmxLIcFML8MCK7bRBzINMnqzFxB42e:RKf1T99BgofinKkKwXrLh7thbq3B","tlshash":"82f2bfa6cb622152d06e373fa1d76a0e12a15d89c1c4efcff5eecb406f5c0b01e94a85","first_seen":"2024-06-24T07:52:30Z","last_seen":"2026-05-03T20:01:46.502041Z","times_seen":56,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bonus.24parik.win/mtapi/js/v2/mlibrary.js","fqdn":"bonus.24parik.win","domain":"24parik.win","tld":"win"},"ip":{"addr":"172.67.162.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud","date":"2025-12-19T03:31:44.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"24parik.win","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 09 Nov 2025 00:40:40 GMT","end":"Sat, 07 Feb 2026 01:37:14 GMT"},"fingerprint":{"sha1":"0A:BB:40:CE:15:DF:78:9E:11:06:7B:5D:B9:B5:CD:B6:9E:8D:30:75","sha256":"5A:32:AD:05:21:3E:C5:14:60:47:DB:04:B4:E8:A3:9E:EF:52:CE:A4:1D:93:47:90:E9:6C:43:DC:DD:9C:D5:09"}}},"request":{"raw":"GET /mtapi/js/v2/mlibrary.js HTTP/1.1\r\nHost: bonus.24parik.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bonus.24parik.win/p24/c_mb_neonWheel_p_uk_m_33/?so=\u0026bo=\u0026ps=\u0026adtag=1rbdp9hnssaud\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 19 Dec 2025 03:31:45 GMT\r\ncontent-type: text/javascript\r\nlast-modified: Wed, 15 Oct 2025 10:07:21 GMT\r\nx-amz-version-id: null\r\naccept-ranges: bytes\r\nserver: cloudflare\r\netag: \"46415bda7a1cd151c434cce69fceef08\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 7efdfc8e9ebc26758933b0151e22707e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: FRA60-P4\r\nx-amz-cf-id: ztVMGUUU1ecyufHiXH5xQ5HVvOYOR9oa0QUL1yzLLaKyTTcy4aduTw==\r\nage: 17075\r\ncf-ipcountry: NO\r\nray-id: 599df8f78d-sb5rk-6a34119c-2be2-48b0-ab15-4e8d8120a442\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CcrkjwK1kyAafOR6TRu1yVWhu3%2BWkZ5mcWAsLBQWWdMgRbdm4K05%2FGkxbd2%2FcSHSlrLQ%2FylqlAIRBTNwTJG3jx%2B3LIxOrbL05lyK04agGiuL\"}]}\r\ncf-ray: 9b03d42d6fb61ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":105627,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"46415bda7a1cd151c434cce69fceef08","sha1":"ee99b60119387d02e9e9cf9baf46b892dc9abdcc","sha256":"f574261d44074675f003ffcf83f3779bc681eca0bec598e394618b478296c1cc","sha512":"1ed63ada55dd141c32ec8264f5092ad7829ebc95fcb517a45850fccaead868dd9c7b84ed459e1efab20ca80e6fde31af2d8197531f8ae28c5201535ffcb15977","ssdeep":"1536:gg29q26JOSqE/5E3lVq/367zNxYLpCbm+ftuiDDSVtpIcejxZKT8iCynre:glKqE/eK6nnipCbmpjqjxZKT8Are","tlshash":"6ca3f89ca3847c8177866beb771bb0e0f899189ab6494c4af4c4fc0c7191737e5e4a36","first_seen":"2025-10-16T04:32:05.56778Z","last_seen":"2026-01-04T15:31:46.080418Z","times_seen":233,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"bonus.24parik.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}