{"report_id":"85c3def9-3dd5-4433-9953-50c57674d620","version":6,"status":"done","tags":[],"date":"2025-08-07T01:11:36Z","url":{"schema":"http","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":0,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"title":"GOOD TO SEE YOU"},"submit":{"url":{"schema":"http","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":0,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-11T01:11:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"join4ra.push4site.com","ip":{"addr":"172.67.71.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-10-26","domain_rank":0,"first_seen":"2024-12-07T17:01:59.382623Z","last_seen":"2025-07-30T08:05:12.145875Z","alert_count":0,"request_count":2,"received_data":161688,"sent_data":843,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"sc-events-sdk.sharechat.com","ip":{"addr":"34.120.129.12","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2001-09-11","domain_rank":726987,"first_seen":"2022-05-09T08:01:52Z","last_seen":"2025-08-06T10:01:30.741846Z","alert_count":0,"request_count":1,"received_data":12746,"sent_data":422,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":75,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-08-06T15:12:45.48732Z","alert_count":0,"request_count":1,"received_data":355122,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":9054,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-07-31T17:48:09.278893Z","alert_count":0,"request_count":2,"received_data":2114,"sent_data":1316,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"join4ra.com","ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-07-12","domain_rank":0,"first_seen":"2024-07-12T13:31:19Z","last_seen":"2025-08-02T20:33:15.604777Z","alert_count":49,"request_count":49,"received_data":3937854,"sent_data":33882,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"apis.sharechat.com","ip":{"addr":"104.17.236.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2001-09-11","domain_rank":109357,"first_seen":"2019-11-01T05:19:08Z","last_seen":"2025-08-02T18:27:45.724851Z","alert_count":0,"request_count":1,"received_data":2635,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"psbcktrk.com","ip":{"addr":"104.21.64.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-10-01","domain_rank":0,"first_seen":"2024-12-07T17:01:59.377051Z","last_seen":"2025-07-31T09:05:01.053272Z","alert_count":0,"request_count":1,"received_data":697,"sent_data":491,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":439,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-08-06T15:25:40.423241Z","alert_count":0,"request_count":2,"received_data":174585,"sent_data":885,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tsyndicate.com","ip":{"addr":"46.4.114.55","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2017-03-08","domain_rank":13042,"first_seen":"2017-03-16T09:04:54Z","last_seen":"2025-08-04T09:48:54.940142Z","alert_count":0,"request_count":1,"received_data":893,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"upload.wikimedia.org","ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"domain_registered":"2003-03-16","domain_rank":2215,"first_seen":"2012-05-21T09:39:45Z","last_seen":"2025-07-31T13:58:48.114688Z","alert_count":0,"request_count":1,"received_data":1336,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server:9.2.11","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"incorenext.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-22","domain_rank":0,"first_seen":"2025-02-17T10:01:25.511259Z","last_seen":"2025-07-31T06:57:10.325417Z","alert_count":0,"request_count":1,"received_data":1294,"sent_data":656,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"3ae476fedef1210cb0c29f2d917321c3","sha1":"19b8411d958a386c4e6787dfde19406453eefbe2","sha256":"b58a36d7ff6b6c9562c35e62ead0c25bed2ef68778733c1ab84d896865303176","sha512":"a42b645060ed5255ca5b8a1eb7878f7e52d5fcb2eae3e102e309fab2852d7ddbf68b1b9a91bed719943d8e2978ea3f11bc1eb3fcb326a6bc2f60a07aa26af3de","ssdeep":"","tlshash":"7de0df261a22a7ca08b7523d8e874311e172404ea8c09807bc1de802ef2ce5d58cab84","size":397,"data":"","first_seen":"2025-06-07T03:15:08.605836Z","last_seen":"2025-08-09T21:09:22.147073Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"e86346e4a9aeb46c0e99d951831683e1","sha1":"81e7ae64a6c3df6d877ad08abb4480ce0b417bd3","sha256":"e53dbda7ab75a96a767e0ebb6206c08927c5a3f5a97a2f77647ed62337736f2b","sha512":"fb07174b2a5f8ca3ba7c0b42138f88ef0bfc4897be91be4b63a1ddae459ea7837bfde2ef33e2051fec40f447e9867972558a3d8c12ae53db93a13b6418df2e46","ssdeep":"","tlshash":"5bf0ab9f76da14742d4b90765b2c8e243122226ab0444033bcfc88356f082ae0966bf8","size":493,"data":"","first_seen":"2025-06-07T03:15:08.606989Z","last_seen":"2025-11-20T06:07:27.195129Z","times_seen":119,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0e3016b2ebdcb6c1009c48640333778d","sha1":"351fdcf422fcd1d41f3806267776204f3f77714d","sha256":"883934be151eb46040aef50c22ba2776627c7270e98f91497aa01f4e0257d897","sha512":"167da2ea17340ec52a0a7eb6cbd6e9e5bf4123cec1ae7ed86bc66753dcd9c8d87a1d67bdfc4cc51aed44a40ab409d83efaba726411fcd679068c8d94d268e865","ssdeep":"","tlshash":"73e0ab9b3c556228d16924e96377a94d226211d239018891ead28c2a3a2cfca40febdc","size":422,"data":"","first_seen":"2024-07-30T23:20:24Z","last_seen":"2026-02-19T03:45:01.865769Z","times_seen":184,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/js/js.js?v=112","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ace80f0bb966ce7ae0afa9764b857198","sha1":"732f3e6ae35a1c6a07cb54b17365801be094e3f4","sha256":"97efad519de091946361fe53cb4d0c525e01dd01aeb5919e10504f82645cf16e","sha512":"4eeef0c2260868ffa12b64a328cdc3ad90562c5c21dbbd31ced6fac84eeddd87e3ed6eadb3eb8d8daf9c8b4b69178f5b3aeaa77a76102b43245eb6b3787029ed","ssdeep":"192:pY9RNl3o1ylzRJDElRJ6DEoPHqC8ZTruMmiSDpk+H/dGaWi9ojOwBm3kyTiENYDP:4LMnmU0J2GnooPg4oCQpbGdYByo","tlshash":"8823ffac32b774294eb1d8dfc69baa0254e02463d543e558be0c06056ffe87cf1b66b4","size":46755,"data":"","first_seen":"2025-06-20T12:38:35.393382Z","last_seen":"2025-08-07T01:11:39.524702Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6cf353c3b8738cded0ecaf2100e7da1e","sha1":"9fbbee8565587f0a3a897a84045d7a216efa3a64","sha256":"985f1224c0eeec99d367a9db35e58e44b21e7eb9ce45831b15b4c108e41fd97f","sha512":"b9d13adaf4af1e21d923ac1ab3e69f8bdd755c9b984c4018c660470c7b7dd079f100c72f7b8215f64cdbe632990cc416e88542b4f170194610b5e685b4678da5","ssdeep":"1536:iKJqLfGmNQ2X8NFb4uvEOUjF3j7MtOBlxvHlik3+AkNk7yGCdmFiBnyOlV/TDQr/:nJebsNy1ikuGeBnR/TDQ9chHdN+ui","tlshash":"dbe3e789a221b67646e3169b93e4c211b3b50544b80ac4e470fd4c9f597ec9c13feefa","size":154597,"data":"","first_seen":"2025-06-28T19:00:56.686116Z","last_seen":"2026-04-04T23:45:54.939327Z","times_seen":14664,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/js/re.js?v=19","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"a8fbaa7a0034c3e6cb2706dd08c700c8","sha1":"b6ae8cc5f09c513ad2645654d8d1940ff223e49f","sha256":"b712edd116367a428a197d9d6e001a89e6ae5070229e8c829e425ae3de3e56ae","sha512":"feb2006cb6e5ec03f4ad8df63f6cb5457d0157722c6e85d7d2104a3b79264d4eacb4fd53af06b52323c3c05f7553852883f0965c674f02578561e79769604aa4","ssdeep":"192:PVLaja8sWX3bveZvXGPBU/QciCxc9dOzMxr56JcqrSU6EaNWjFZAAg+R0B09:PV2XzedX4Oh+OOcuxP2FFp4+","tlshash":"73221d9c10b312b641b330799f9b9324713a018b714ace4c7d9c87006f6deada2f6bd9","size":10320,"data":"","first_seen":"2025-07-18T23:48:06.665597Z","last_seen":"2025-08-07T08:53:24.793755Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.push4site.com/sdk","fqdn":"join4ra.push4site.com","domain":"push4site.com","tld":"com"},"ip":{"addr":"172.67.71.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae051786f67ce4a10acd29395bdd825a","sha1":"3a5561bee78316777e40fd7c6a3fe02ff2136a2b","sha256":"e3198e7ad68e3345f814c5d0da64b2c91bedff49336ba7d7b840173486fa1cbb","sha512":"7cbeb31e2a00d1871e29c0dd9b99691ed19cda241f29cfa0c3e03ce0a7518bf530f376ede0ba9f28e0bf97bf83064ab5b58ce29d7efc09a0300ce23b694e943b","ssdeep":"1536:/ABtDx9M4jYuhnuhh2xYbrl3Ukky3XF2P8T4VnOObC7At7Xf7gV790t7OWBiXiVi:kt6rl34VnOOaBp","tlshash":"5673b6865cc6703315af753afcbb2e4425372f0e5a8b84c09beb3591185ef4d960b78a","size":80091,"data":"","first_seen":"2025-08-07T01:11:39.495918Z","last_seen":"2025-08-27T12:34:04.819342Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-PCDPFZTW","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d61b822ebd7e003f27f460dbcf563b3","sha1":"ca23653e8d531c13d8a81b229eb0240313106e71","sha256":"92f630f6d4102fcb040b0396243f37c8e15e27ba6fccd26c4d4effc95d242074","sha512":"376ddadd00c42bf78927a9f8926bcb0404fe1e8df5841d1e151635bddef6b24f4020d2ca6fedc1bcd8a8304bb1fef3d883647640b9445f44162d948dbfbaf9dd","ssdeep":"3072:4P9ZjaX5zxF/A4BwU2IV4a70tLu5YEgt6OIqJel96454HTxXP6AtUIrE9VFo8vq:j5zp92I3MLZAvlkTTxXP6eUYEfa8C","tlshash":"de7429cd77d6b46283a3a474903f114fb53a38a2b84cd894f189c8e42e74aa91177f7d","size":354075,"data":"","first_seen":"2025-08-07T01:11:39.512356Z","last_seen":"2025-08-07T01:11:39.512356Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e2873b9470f65dc9347285a315f09b2","sha1":"f55090560efade94e4818509e2b396db489daf7c","sha256":"0cf63efa9b0bd7daa15672fdd9fe08bfe9f405a5763f220755e4d441ca25b43a","sha512":"e5e248d56b2e9e9c44e488eab7945c303f63b6ddc7d7f6bd3b0a762c9788b764c49d32ebd7a98d9200802961becec2d319d7e10e2f67236f67205026fd175443","ssdeep":"","tlshash":"520189b3d130a1e9cb20cf4f28eb644fa672b4846673c94080c6ec251d96ca923cb5bc","size":790,"data":"","first_seen":"2025-07-13T05:05:42.868753Z","last_seen":"2025-08-23T12:55:35.835197Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/p.js?f=sync\u0026lr=1\u0026partner=08fb16da40b6151464640211c90da58eda2d41d406e3d553f63be68dfc930998","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d60f8634df3c2cb0af0452b9bef2dfcc","sha1":"cb625a6f99e7526af6fbf548383f3bb5e875e278","sha256":"b5ef666b766757ecd3d28d7777086442295e0ebb89ada802a49677df9417c368","sha512":"fb6a7cff2cbc8c5efbfa3b352683463620520b9a9ada1aeba6ac1c2ea5e711b3778cb21d994636a94bcf852b67dc8784c45813ee9710a0a91c0226adc2c728e1","ssdeep":"","tlshash":"60019c7d5786206418b634902b2abf4e747713ba1c576805884c4814e358bafa31add8","size":697,"data":"","first_seen":"2025-07-13T05:05:42.861773Z","last_seen":"2025-08-23T12:55:35.802988Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sc-events-sdk.sharechat.com/web-sdk.js","fqdn":"sc-events-sdk.sharechat.com","domain":"sharechat.com","tld":"com"},"ip":{"addr":"34.120.129.12","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d66b689cf547e318ed21162b584718fc","sha1":"a8b44ea6f87cb0950f93c98524d4ddf0fc645902","sha256":"3518eddb275507b4275e5887ad4e205f9cbcfb96d4af3dbd13d1c6324b19916c","sha512":"e03ab377985cd66a863e69196e65d36300e2841aab63e2a97aaf82832cdde6e32809e5263e17567238150955b827046d42d121dd23b4da06d343140366caaa97","ssdeep":"192:tJCpsOCpJWaBKjYHRBwtKe4F3JapTyBtpDK7578rZgqXekMRiQvyKGyOI7vl:zCBC3PBKjYHRBwUe4dJ0nqXjwzyKGmvl","tlshash":"e7321ad8b185b4b116e702b6407ffa42a13609261849c090ee17dcd16cbce9b43b7f7a","size":11997,"data":"","first_seen":"2023-07-09T05:38:11Z","last_seen":"2026-04-04T22:50:57.58333Z","times_seen":507,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/avia.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/avia.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 36250\r\nLast-Modified: Mon, 23 Jun 2025 09:54:38 GMT\r\nConnection: keep-alive\r\nETag: \"6859245e-8d9a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36250,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6b943d3d14742734dcc69eb754bb8df9","sha1":"219b4373adc9d5484321a7a63f4af09d973e3dd0","sha256":"b9cfd404e1859f08eb575c1c77568248ab5e044b3ce0b1adf0e3c2ead00b8fc5","sha512":"f0604fab32fc147d128c654e6b5a59ed8221c64a27921fa8ab5ca20e3a2be5d8d26d2d14351e9d5fdb1f313cf9533012ca623e5cde7041858d1f3d93d2c0f930","ssdeep":"768:GeO76XizM4Ks5iYnPDNEpy+36fw2KQ1RMwjVM4ruSydlI:V1+MdsbxEpy2kw2XRpK6W6","tlshash":"fff2f26273b851c5e2eb2f3c55e81e74d679f843d8b67682da00dd6aea04e0fc08095f","first_seen":"2025-06-20T12:38:35.388208Z","last_seen":"2025-11-20T06:07:27.177138Z","times_seen":68,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":93,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/andarbahar.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/andarbahar.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 117082\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-1c95a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":117082,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d857a8165f77028cc9b889b6ce0a5f68","sha1":"ecfaf9ac27e4962884a9415e11920533a6b7fc2e","sha256":"4ffeaef1c21e59682ab5eb01494add673162a4a4c2aff11f404ee5ea9ddbaa88","sha512":"4486b329acaa1b2893daf2562fca8584aacfd575c86d813b803a3f87e55c7c34935cc6022ccaed944a1c5ea14cb84f49ab26cf5f944b6c19148a7bcc09756253","ssdeep":"3072:MCjzdbvuYm/nXv0F4aqcmzkY/nEWuaNcQsEY0M/RuPtI+vx3p:MCHEP/YqcQ0lR/RMtZvxZ","tlshash":"b0b312c07f6c3256db8e4d750b6139d5b758a37c47b53b0ec24782a7566e3b0ae84c21","first_seen":"2025-06-07T03:15:08.603678Z","last_seen":"2025-11-20T06:07:27.172969Z","times_seen":70,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":237,"dns":0,"connect":0,"send":0,"wait":59,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/baccarat.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/baccarat.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 109792\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-1ace0\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":109792,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"369187d8ddc0d2a846cb2a1c8d6014cc","sha1":"b2691992abcbec5ae40ff41479e1939f24bdd4a6","sha256":"1447cd77d27b2b841fe31719dc9fae8289e2b12182e4c337a8dfdef23fa38b28","sha512":"852727b7a59401eb4254b6cfb789116b5247ca00dbd936fca60b8eb6b90263e826a91d18703daf1ba5787088ea54bacf54520ba5564b6d0de037e782f3811a98","ssdeep":"3072:gzDW8AJmxg4i14a1YkhJcA/FEWQx48krO7qPqlhxtnDUv1c:gfW8ACWYkhJcA/KWQ1kS7qCjuc","tlshash":"3ab3123a26e131fcd26491bcf3241910646496ae3d87a48f5a3e8fa504d0b6f37c8766","first_seen":"2025-06-07T03:15:08.540312Z","last_seen":"2025-11-20T06:07:27.182727Z","times_seen":70,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":242,"dns":0,"connect":0,"send":0,"wait":24,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay8.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay8.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-a7f\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2687,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dc5ab49a417cfc5951e711a7bd7a3b3e","sha1":"0872e253dc83209f7ac0f602f2836f78f3448c43","sha256":"429c7ec853e7be1a76e59167b78ca054539b8800013d2849e9ebcbc401750547","sha512":"43b8c0db04e17cbb0e7edf7aa08d002428fb2b73f0ea60879a2bc5b485d56d4a66dc57d1c431cfc7b6f33e3069adfac42007005335d77bcd94608c7207797696","ssdeep":"","tlshash":"5a5174e173a4e3edb450b7f4433b54b5bb2b18f82b05c2acc362be45e9421ad2464cc6","first_seen":"2025-06-07T03:15:08.580019Z","last_seen":"2025-11-20T06:07:27.131718Z","times_seen":70,"resource_available":false,"data":null}},"time_used":370,"timings":{"blocked":115,"dns":1,"connect":46,"send":0,"wait":104,"receive":0,"ssl":97},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/empty.png","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/empty.png HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/png\r\nContent-Length: 146\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-92\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"f3668b6d7cd114910f52318bc862e373","sha1":"65d186203174ed3594d8403e89b148d6a5f7cdda","sha256":"6d6e7ce0a19c84586e93d2ff4275a1e0bb20aaa92c53f45d7e9d2415472dc006","sha512":"99f6d5478b07be72619e4d3d8b65807cda9f7dc408aa027757006f1d2b987d408beb96364e239edb06aa99ac622d2dee4515a3efc3182f26a7edc759d00a7d74","ssdeep":"","tlshash":"3ec02bd797450cbac51d0473405e1050e077092c01003108dd2138147024c881515383","first_seen":"2025-06-07T03:15:08.581042Z","last_seen":"2025-11-20T06:07:27.13737Z","times_seen":70,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":184,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/crazy.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/crazy.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 111188\r\nLast-Modified: Mon, 23 Jun 2025 09:54:38 GMT\r\nConnection: keep-alive\r\nETag: \"6859245e-1b254\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":111188,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a64b99090d23d9ef8d7e2e85e32192b2","sha1":"9b0aca199d569f8a94127eeb1a726f4b8d7ac917","sha256":"6dccc016b1a03626e4f338addfb3fcb08e9d548cd433b8a6de2962a5827344cd","sha512":"4e0e150cd7b8664ff35e0a4c1cffb6911d0d5a6911627103f2e238f8885049fa7b92c563de7902f22f02d195c4a7813176e9f04d85ae71e9d3ea1a4c9750f10d","ssdeep":"3072:1yy6m6f24vGEYf0gBAMaPbqjsbfNo775+RH:1V6ePEYf0WRebquo7l+h","tlshash":"fcb3125f7320af5af04f0234048323e50989f68bfa50369965a3e515f95c3b9cade86f","first_seen":"2025-06-20T12:38:35.386933Z","last_seen":"2025-11-20T06:07:27.134137Z","times_seen":69,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":267,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/jetx.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/jetx.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 102882\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-191e2\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":102882,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ebd69244f8b2d949a9039dd4c233c4ef","sha1":"2fc3e3a412a4e35ad7ac30467c921eb3af8820b3","sha256":"c8308098684ecb7345a11a838553ab03be1b9ff540ba961e620dd583ada02598","sha512":"ad3af235664bb68db308f806fcc48ceb7da653e5f1d2b7beff25ea877244ae68dbbeeeee32cc12e29b9a520ad9fc4602fbef22603b24396356fb731c982ad308","ssdeep":"1536:c65d+NX9fd17cjWSEL3pufZcUmtF1VtgyUIn7EM4CF03ANi0Qv70171Uj8fY:cv591ej7QZuNKZgylAMLx5270171UjOY","tlshash":"8fa30284636d523dcc5f99392dba03cb91f6a8b5819dbc460fc02c7e0af82d9b4546c2","first_seen":"2025-06-07T03:15:08.582232Z","last_seen":"2025-11-20T06:07:27.140891Z","times_seen":70,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":23,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.push4site.com/Static/Script/join4ra.js?v=4","fqdn":"join4ra.push4site.com","domain":"push4site.com","tld":"com"},"ip":{"addr":"172.67.71.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"push4site.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Jun 2025 09:35:34 GMT","end":"Tue, 23 Sep 2025 10:35:31 GMT"},"fingerprint":{"sha1":"B0:4D:5F:5D:68:11:4A:E5:03:6C:8B:76:7B:57:37:62:9F:34:75:27","sha256":"E8:67:00:7C:6C:8D:3E:A2:5E:04:7A:BF:0E:9F:89:44:03:EF:15:42:74:DC:F0:C3:11:1F:09:22:85:24:96:03"}}},"request":{"raw":"GET /Static/Script/join4ra.js?v=4 HTTP/1.1\r\nHost: join4ra.push4site.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://join4ra.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 25064\r\nConnection: keep-alive\r\nCache-Control: max-age=1800\r\nContent-Encoding: gzip\r\nLast-Modified: Wed, 06 Aug 2025 10:05:03 GMT\r\nAccept-Ranges: bytes\r\nEtag: \"6ffac793b96dc1:0\"\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nStrict-Transport-Security: max-age=31536000\r\nCf-Cache-Status: MISS\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g4YpD2KSwQq37rifpfbfCUnMtUq%2FPUwoeUyJ4U28ev%2B7uEQNhOzqPa6xcLgDVGp78rERseKMPoU4xJsabAUQ7aXvLTtyvPHI%2Fk0hUjZs6KJAWA%3D%3D\"}]}\r\nCF-RAY: 96b2e613ee8e0b51-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":80091,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64208), with no line terminators","md5":"ae051786f67ce4a10acd29395bdd825a","sha1":"3a5561bee78316777e40fd7c6a3fe02ff2136a2b","sha256":"e3198e7ad68e3345f814c5d0da64b2c91bedff49336ba7d7b840173486fa1cbb","sha512":"7cbeb31e2a00d1871e29c0dd9b99691ed19cda241f29cfa0c3e03ce0a7518bf530f376ede0ba9f28e0bf97bf83064ab5b58ce29d7efc09a0300ce23b694e943b","ssdeep":"1536:/ABtDx9M4jYuhnuhh2xYbrl3Ukky3XF2P8T4VnOObC7At7Xf7gV790t7OWBiXiVi:kt6rl34VnOOaBp","tlshash":"5673b6865cc6703315af753afcbb2e4425372f0e5a8b84c09beb3591185ef4d960b78a","first_seen":"2025-08-07T01:11:39.495918Z","last_seen":"2025-08-27T12:34:04.819342Z","times_seen":36,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/flag/in.png?v=5","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/flag/in.png?v=5 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/png\r\nContent-Length: 1253\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-4e5\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1253,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 102 x 68, 8-bit/color RGBA, non-interlaced","md5":"4c99b3502d13012990b6ce8ee461e440","sha1":"3987e1635d92fda75cd5aba7f29d779d466444c3","sha256":"91535834565bd7b2b106ebe19429667ade7d3dbbeb5e77b44c5e545146185d1a","sha512":"dd1492d4bd6358f23438f3f054386ffe03e62011a13eacfae4ca8268faaba87972d56d6a92e6d69147c044c5a7f98d96f44a0d52f58d78ecb2892b0aec1cc42e","ssdeep":"","tlshash":"c521b4f02fc9a4cbeec40804a12a20edd8da2a8f052f739e207fe19ed400cd45647d93","first_seen":"2025-06-07T03:15:08.545554Z","last_seen":"2025-11-20T06:07:27.148421Z","times_seen":70,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":282,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/bet-right.webp?v=3","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/bet-right.webp?v=3 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 134410\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-20d0a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134410,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4b91e1583e56e19bba79d5204479d61f","sha1":"65bc59192c6705ea52d938dbb6f5b41e5877bee4","sha256":"daa75f45b8cdd2af19df0a3dbb62fa11167269dd0843b81895df7304917aa3de","sha512":"6a467ca93433306630ba57b739adfbad20fb7475dfa241c3304686413812cda8a039b4faa13dc731af04cbfd3310a16f41a1d3a591831d0d767c4dd20494e28e","ssdeep":"3072:YzDTkbNCDNvLFIXHYCL82lasvZtap5OT1D:8/DNzFqHYCY2Yug5u","tlshash":"f0d312ff4f52b72cda0ba83a9075c39a7c64cb445da9e04624e232c1b3536681cae5d7","first_seen":"2025-07-13T05:05:42.805091Z","last_seen":"2025-08-22T14:13:30.948648Z","times_seen":8,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":27,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"apis.sharechat.com/self-serve-service/v1/external/selfServe/sdk/ECcfZ9V6HC/get","fqdn":"apis.sharechat.com","domain":"sharechat.com","tld":"com"},"ip":{"addr":"104.17.236.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:14.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sharechat.com","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Mar 2025 14:39:31 GMT","end":"Sat, 28 Feb 2026 14:01:09 GMT"},"fingerprint":{"sha1":"BA:EB:6F:6F:79:5A:16:B1:AD:09:DF:7E:47:1C:CE:3E:38:D3:5E:67","sha256":"1A:49:6E:2D:07:73:F7:0F:D1:CA:55:F6:20:18:86:C2:DD:9A:A4:F7:0C:9C:47:5D:D6:FA:54:97:21:57:1D:8B"}}},"request":{"raw":"GET /self-serve-service/v1/external/selfServe/sdk/ECcfZ9V6HC/get HTTP/1.1\r\nHost: apis.sharechat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://join4ra.com/\r\nOrigin: https://join4ra.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 01:11:14 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-dns-prefetch-control: off\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: https://join4ra.com\r\nvary: Origin, Accept-Encoding\r\netag: W/\"63f-D2Tvec1mjtiqn5+usLAO154uL5c\"\r\nx-envoy-upstream-service-time: 5\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=C2vZvfK5Y5aj_GcCREXD6x8shqOUkl64gD7bbB38W5U-1754529074-1.0.1.1-e8FHODi.eOq2lU3ICuFMRjjYwuXmXJ54_tLdIwgGmVozKLqOjLpzk9HQQQutl6nSP4LdBgKOVgigNNYvPMLu3LKBfxkxAzAVunqJ2hVm.jY; path=/; expires=Thu, 07-Aug-25 01:41:14 GMT; domain=.sharechat.com; HttpOnly; Secure; SameSite=None\n_cfuvid=fXN4GYGOcsVsmaVzZ0YgrP4Flhe3EeZizS.xA0rSGUM-1754529074491-0.0.1.1-604800000; path=/; domain=.sharechat.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 96b2e61a7c0e568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":1599,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"167f03a92913965698ce064aae445e61","sha1":"0f64ef79cd668ed8aa9f9faeb0b00ed79e2e2f97","sha256":"e53e4c43dac158fc95cdc033fffb419d09bfdf326931277dd647264f594abe98","sha512":"0ea049e3ac6e1832cbe711dbd487c490301c112b0061f846d9fc192b598cb6295558659612b92d117e68af3563d36b1e37ef50bbbd1250c058f0aacab06397a1","ssdeep":"","tlshash":"dc31b0342142ccbcb7da53618bee5f06e0c44653d5ce88ab9cd65fb8458c24d4308deb","first_seen":"2025-04-17T17:33:57.366072Z","last_seen":"2026-02-19T03:45:01.831276Z","times_seen":168,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":58,"dns":40,"connect":1,"send":0,"wait":183,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/logo.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/logo.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-8d7\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2263,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b5538fac47196825f9326e60ccca7986","sha1":"6ebe5cf0d2efbefa5649405e99324be662785258","sha256":"a8ef33fe1b3b528ccf8ead9a81f7feb93d39e1468abda41cf3ef2ef72cafaa71","sha512":"8f3d4b40635b31e841f2986461eb380a7edf9807272b51900822e36389e3366633158dfbe4dfb4124d7f8e226b52e82733a2c752556d4785912ec553519ba0b1","ssdeep":"","tlshash":"344195cea2e88790e4cae7d5c3a600b9716ad0f97ba48624d6961b15b881c4d4c99dc2","first_seen":"2025-06-07T03:15:08.533998Z","last_seen":"2025-11-20T06:07:27.164505Z","times_seen":70,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":137,"dns":1,"connect":56,"send":0,"wait":45,"receive":1,"ssl":94},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay4.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay4.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-c5a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3162,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"405f5b2add2219c4204b66bc8dafb259","sha1":"44748aa82f29eab920b49a10e58aa5920976f8fd","sha256":"03b9cc52a626eb5f64f98a7e0bff950d6a9ddba5c9a2f85cbc86f4edb047198f","sha512":"adf25e1173252fb4b78d98e0a851e583b6114224b982c9af106bfe9535681771dea3efde197437ab2e3f5ead4152fbe6e09c0f46cda76bc14d8b34418c3cb0ae","ssdeep":"","tlshash":"5b5182dcabb812b0af45e2ed932734797900dce2ab81c66cd78c0d65ac5801ccca5c83","first_seen":"2025-06-07T03:15:08.551379Z","last_seen":"2025-11-20T06:07:27.188584Z","times_seen":70,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":160,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/qr-code.jpg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/qr-code.jpg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 46717\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-b67d\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46717,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 108x108, segment length 16, baseline, precision 8, 257x258, components 3","md5":"fcfc23b94b22d44b45b8455d3f54c648","sha1":"9c4da06a4835d51db121e61034727b580aa72356","sha256":"f80f4f8366b44a8cf180b719452790cf627cfa984321b88d3a2563cccd14a4aa","sha512":"0c0a502d342995a7c0a42eeb38b9edd7fc3decc10631c7478a67c1f2a290567dd58392445f8212a2cec942748195a17280fa1a0db82e6f88de5f968212ead7a0","ssdeep":"768:e56J/z178ZBKEGhvSd8DNZ+SblGm8uWLtZP9K1luCoT7gMDJ73b5OK/y5Boin:e56J58Z1uKdeNZ+SblpWz9oluZH1b5ZA","tlshash":"e523d135579362388d7fa62cc07a3ca9a70457ac62ef150326862cc1b7cdf7460626fe","first_seen":"2025-06-07T03:15:08.538151Z","last_seen":"2025-11-20T06:07:27.179597Z","times_seen":70,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":195,"dns":0,"connect":0,"send":0,"wait":88,"receive":137,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/superace.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/superace.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 41560\r\nLast-Modified: Mon, 23 Jun 2025 09:54:38 GMT\r\nConnection: keep-alive\r\nETag: \"6859245e-a258\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41560,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c1d363cddd53bb0bc5c131b2e1e011ce","sha1":"f39cbeaf2e86bec892c18d5036c1e2c6b12fd50a","sha256":"242a5ccd0da3843ad2bed002a71250d71a464fb5eeb56980b2f284cd78aa7f9a","sha512":"4bbef6fe23742c8724ac17a237f6c741a998447b2a05fa285221d24abc3bc6d5354d8b43f752585e7f796c3b96d5ca5cf30f93c45d7165f0355f017c8439fb36","ssdeep":"768:9TbEwCn4URjD9KKRSrHY9Y/R8IW6e1S2VeGjzUhj/RVbjP:uwijstrHY99IW6e13VeKUhv","tlshash":"2e13f12463740e9de84162f321a62722cefbaa6771ddf21e244c0d771535e4b9f9b036","first_seen":"2025-06-20T12:38:35.41938Z","last_seen":"2025-11-20T06:07:27.166852Z","times_seen":68,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/aviatrix.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/aviatrix.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 46960\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-b770\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46960,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"94dfb1723f0e7e2011ae105a2a7320e1","sha1":"216b0f4f6966c71236193f221a24a8719d218613","sha256":"47a5441787c456937ff4401c7cd8f42eb9c332780efdca6fa3f9f7b5a0272c9e","sha512":"516578ddbfbf1153e214114163e250fe7f58d5323bd535e28fa23f267e2778ae389c9a5b256b0c718fefd7e862e24bd7c6115f97d095a4f32d431cae3a54491a","ssdeep":"768:alSmg4UjyTVe0ICJ4gnPQ5nCiAPMIHCgoJuQYSksgGWXSFa0MBTor6I9yKC+aCKJ:lX4iOjB4gnInCiAMggJgSkxGnFkgD9yR","tlshash":"0a23f29fae787645f7165f35504b20e8d45282e7e9d9ef9ae008d23bc2073c4d8e4693","first_seen":"2025-06-07T03:15:08.552428Z","last_seen":"2025-11-20T06:07:27.171829Z","times_seen":70,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":100,"dns":0,"connect":0,"send":0,"wait":23,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sc-events-sdk.sharechat.com/web-sdk.js","fqdn":"sc-events-sdk.sharechat.com","domain":"sharechat.com","tld":"com"},"ip":{"addr":"34.120.129.12","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sharechat.com","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Mar 2025 14:39:31 GMT","end":"Sat, 28 Feb 2026 14:01:09 GMT"},"fingerprint":{"sha1":"BA:EB:6F:6F:79:5A:16:B1:AD:09:DF:7E:47:1C:CE:3E:38:D3:5E:67","sha256":"1A:49:6E:2D:07:73:F7:0F:D1:CA:55:F6:20:18:86:C2:DD:9A:A4:F7:0C:9C:47:5D:D6:FA:54:97:21:57:1D:8B"}}},"request":{"raw":"GET /web-sdk.js HTTP/1.1\r\nHost: sc-events-sdk.sharechat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH8-UyObbHyGDeY0VbU4qpODzE4Iittcf8zdggXem-6Er3_1ySsD97flQ5s4iXZ9BGBICKb4KyMU\r\nx-goog-generation: 1687434621236125\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 11997\r\nx-goog-hash: crc32c=fRm+3w==, md5=1mtonPVH4xjtIRYrWEcY/A==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 11997\r\nserver: UploadServer\r\ndate: Thu, 07 Aug 2025 00:42:25 GMT\r\nexpires: Thu, 07 Aug 2025 01:42:25 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Thu, 22 Jun 2023 11:50:21 GMT\r\netag: \"d66b689cf547e318ed21162b584718fc\"\r\ncontent-type: application/javascript\r\nage: 1729\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":11997,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11997), with no line terminators","md5":"d66b689cf547e318ed21162b584718fc","sha1":"a8b44ea6f87cb0950f93c98524d4ddf0fc645902","sha256":"3518eddb275507b4275e5887ad4e205f9cbcfb96d4af3dbd13d1c6324b19916c","sha512":"e03ab377985cd66a863e69196e65d36300e2841aab63e2a97aaf82832cdde6e32809e5263e17567238150955b827046d42d121dd23b4da06d343140366caaa97","ssdeep":"192:tJCpsOCpJWaBKjYHRBwtKe4F3JapTyBtpDK7578rZgqXekMRiQvyKGyOI7vl:zCBC3PBKjYHRBwUe4dJ0nqXjwzyKGmvl","tlshash":"e7321ad8b185b4b116e702b6407ffa42a13609261849c090ee17dcd16cbce9b43b7f7a","first_seen":"2023-07-09T05:38:11Z","last_seen":"2026-04-04T22:50:57.58333Z","times_seen":507,"resource_available":true,"data":null}},"time_used":522,"timings":{"blocked":253,"dns":31,"connect":12,"send":0,"wait":13,"receive":2,"ssl":202},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/flag/in.png","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/flag/in.png HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/png\r\nContent-Length: 1253\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-4e5\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1253,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 102 x 68, 8-bit/color RGBA, non-interlaced","md5":"4c99b3502d13012990b6ce8ee461e440","sha1":"3987e1635d92fda75cd5aba7f29d779d466444c3","sha256":"91535834565bd7b2b106ebe19429667ade7d3dbbeb5e77b44c5e545146185d1a","sha512":"dd1492d4bd6358f23438f3f054386ffe03e62011a13eacfae4ca8268faaba87972d56d6a92e6d69147c044c5a7f98d96f44a0d52f58d78ecb2892b0aec1cc42e","ssdeep":"","tlshash":"c521b4f02fc9a4cbeec40804a12a20edd8da2a8f052f739e207fe19ed400cd45647d93","first_seen":"2025-06-07T03:15:08.545554Z","last_seen":"2025-11-20T06:07:27.148421Z","times_seen":70,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":135,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay6.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay6.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-29d6\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10710,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e06d0a57b13be3dce3c9d86bf45391e2","sha1":"c186eb677d11890c7195d98fd55ed535da61a4aa","sha256":"cf47d7f29cd2c0af485e08268ebcdfbd40a1bbafa0da0c4bb9ada570fcd9385e","sha512":"cb33e3ea85d31c77d411a84d298c34e2eabf7d18124a885e0e7997685ef2e6b63dbf03c0b2ad09958204856db679dd0bebbdaa38051c5aef3c07abe9264ee4e7","ssdeep":"192:EtTz939Tv3m+iwn/8//ZcD8t12ILpCvC9XyvD24bu1kHsbWLHTIdwJCV:4Tz99m6/8//2D8tJLG3oxWwd1V","tlshash":"442282912b3a83fcb80477bec65bd871e99a9cd47e01e45acb802d07946405e1eb6dcf","first_seen":"2025-06-07T03:15:08.589078Z","last_seen":"2025-11-20T06:07:27.188096Z","times_seen":70,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":115,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/blackjack.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/blackjack.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 93674\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-16dea\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93674,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"713cd257373ead57b649e3976b45d9b8","sha1":"580d8e48b84e8c59d5551aa17cd4e34044f66371","sha256":"fcb9de34f467574e4b42eb9c305c94467ceba6684999d5a2400f85f43091acd4","sha512":"81b27fa268ff3e535f38d1d2fab55373634d88caca261b4177285b913d45fc66ee5b1a7a5e7b1443e89065e964b198d36df6225308c57f913540313372d79205","ssdeep":"1536:DZfxIs2jI8HqM9jLhglYWIF0SreXFPlVj/c0/YFuZF7Hkcnd/D1X8c0I6RCaWnJ7:tv2sE9jLU11lVwXFuZFT7nlD0RCaWl","tlshash":"4293128298476371fc7378f0c14bafcad5e3c3966f02301df5ad44854a866aba7b3985","first_seen":"2025-06-07T03:15:08.597867Z","last_seen":"2025-11-20T06:07:27.190674Z","times_seen":69,"resource_available":false,"data":null}},"time_used":714,"timings":{"blocked":251,"dns":0,"connect":0,"send":0,"wait":65,"receive":398,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"psbcktrk.com/chpb/vjs.php?m=c\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id6=21325924\u0026v=2","fqdn":"psbcktrk.com","domain":"psbcktrk.com","tld":"com"},"ip":{"addr":"104.21.64.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"psbcktrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 23 Jul 2025 10:55:35 GMT","end":"Tue, 21 Oct 2025 11:54:16 GMT"},"fingerprint":{"sha1":"2F:C4:E5:9A:F5:AE:7A:6F:14:25:02:68:BF:6F:26:9D:52:AE:F9:0C","sha256":"3E:9C:75:42:17:D8:A1:34:6D:89:17:6B:51:2E:DB:6D:B8:1F:F4:7D:AD:AF:D9:7D:DF:5C:C0:B1:08:4C:61:99"}}},"request":{"raw":"GET /chpb/vjs.php?m=c\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id6=21325924\u0026v=2 HTTP/1.1\r\nHost: psbcktrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 01:11:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lLZDl9SRCryPs%2FsfFRj7AdMvfdIDvOOL%2BpF98P7EjNtyy0OjmTsjvfP4jZwY%2FShhsm9zHUQg0meT7q2IqlptYpfjTjp8Bro4mZk%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 96b2e6149d95568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T23:47:04.105988Z","times_seen":13351467,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":75,"dns":52,"connect":1,"send":0,"wait":107,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/swiper@11/swiper-bundle.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 11.2.10\r\nx-jsd-version-type: version\r\netag: W/\"4816-00NTceTFOXSCfuleSHYg+tVGAkA\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 07 Aug 2025 01:11:12 GMT\r\nage: 2049\r\nx-served-by: cache-fra-eddf8230090-FRA, cache-hel1410020-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 4774\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18454,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (18199)","md5":"6408a7c2033ed72b31f850268bfa9a0a","sha1":"d3435371e4c53974827ee95e487620fad5460240","sha256":"74ca6aae5468dbc924790c3b4d219a089b90a34bad53a0f7ca3a73e73b6f5ab8","sha512":"b74b551224b5abe662f4380393eab59b8f9481d8aff978af27d66d0e4b4b6eaaa4271f0aedb97c6298b3245915136f52dbc15135b46c04841b8214ea9397cbf4","ssdeep":"192:CzmUJbiKne5JTLdKSme+jeF474nQ7p/l2GZb0Q5RfufKDvAYfg5faeesedOJxbpy:CSUbe5JndKW+Sa0ni24tnWfz4eNi","tlshash":"ce8256a45350182753274f374bb1cbb9e97444c20f9389ae91c0ee58d7facb9132f2a9","first_seen":"2025-06-28T16:11:53.618794Z","last_seen":"2026-04-04T23:45:54.946715Z","times_seen":14352,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":71,"dns":1,"connect":26,"send":0,"wait":29,"receive":1,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/1001.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/1001.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 64014\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-fa0e\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64014,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ca530ab3ae1be19f06264d4819fb6090","sha1":"0d8805a8f6f5a7859043a1fd08cf39c1ec0d8823","sha256":"35ddcb082f911484f9993fc2a1ffc73327a35304a022fe407de4caa4c90c1940","sha512":"6d6f3b31a02bf8b59e7163f00344bb67a5a78566fbcb4c726d69eb69f44bbf5dca2bb9ab9a08986854b1ae95f41598e24f0611ddb01b647f9e1df4a44a774429","ssdeep":"1536:9yWWGbtMosr1oDOO/GH/ZPKApfUcNJEnljDTtYGBLHOy:gvYnsr2XwpKApfUc/EBTGGBh","tlshash":"01530255080ca348ef8538b685399e67fca650d78bbee13cc7dcee05348889d5f89e84","first_seen":"2025-06-07T03:15:08.583434Z","last_seen":"2025-11-20T06:07:27.180041Z","times_seen":70,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":117,"dns":0,"connect":0,"send":0,"wait":97,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/cricket.webp?v=4","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/cricket.webp?v=4 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 1472160\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-1676a0\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1472160,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"551e9454dd1c89c8db1c1e6e8fd42729","sha1":"e52b3e00472a8415657fdd11525ad2ec54c53440","sha256":"fe06f3085b94434cad038e6867dd338c7cb619449f9c8620b98551db765306a9","sha512":"74fe79dcee574607fd53fdc2930960742c056cb849725be54af2391888b9c5d712391d0949eb30db7c0bbf4a150f842b674fc9742ba21d3062ea42c0618ea6f1","ssdeep":"24576:G6zCFNfkkNv8e8C622WHU3WfT1QEkw62NJ8ay9J7YlT:G6zCFCy2W0mfTOgT8aIJ0","tlshash":"bd25337142a556d5c7e10abb4aabf801cdcb80f79b02eb23b91ea05ec107d684dc7d36","first_seen":"2025-07-27T03:35:15.221343Z","last_seen":"2025-11-20T06:07:27.142619Z","times_seen":36,"resource_available":false,"data":null}},"time_used":1586,"timings":{"blocked":284,"dns":0,"connect":0,"send":0,"wait":80,"receive":1222,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-PCDPFZTW","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:34:03 GMT","end":"Mon, 29 Sep 2025 08:34:02 GMT"},"fingerprint":{"sha1":"A2:8A:24:AD:51:7D:A4:62:BB:34:6F:C9:21:A1:B9:E1:2D:A6:0E:C1","sha256":"9F:B9:94:8F:84:D3:44:71:A7:81:72:C8:80:4D:14:02:E3:E0:30:0C:F1:17:27:83:00:82:D9:C3:68:D3:B3:AF"}}},"request":{"raw":"GET /gtm.js?id=GTM-PCDPFZTW HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 07 Aug 2025 01:11:13 GMT\r\nexpires: Thu, 07 Aug 2025 01:11:13 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Thu, 07 Aug 2025 00:04:27 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1341:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1341:0\r\nreport-to: {\"group\":\"ascgcycc:1341:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1341:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 110839\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":354075,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (40193)","md5":"4d61b822ebd7e003f27f460dbcf563b3","sha1":"ca23653e8d531c13d8a81b229eb0240313106e71","sha256":"92f630f6d4102fcb040b0396243f37c8e15e27ba6fccd26c4d4effc95d242074","sha512":"376ddadd00c42bf78927a9f8926bcb0404fe1e8df5841d1e151635bddef6b24f4020d2ca6fedc1bcd8a8304bb1fef3d883647640b9445f44162d948dbfbaf9dd","ssdeep":"3072:4P9ZjaX5zxF/A4BwU2IV4a70tLu5YEgt6OIqJel96454HTxXP6AtUIrE9VFo8vq:j5zp92I3MLZAvlkTTxXP6eUYEfa8C","tlshash":"de7429cd77d6b46283a3a474903f114fb53a38a2b84cd894f189c8e42e74aa91177f7d","first_seen":"2025-08-07T01:11:39.512356Z","last_seen":"2025-08-07T01:11:39.512356Z","times_seen":1,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":149,"dns":34,"connect":15,"send":0,"wait":79,"receive":41,"ssl":129},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-07T01:11:12.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: text/html\r\nLast-Modified: Fri, 01 Aug 2025 09:04:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"688c8328-6572\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":25970,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"8366eab661d8acdca2753fa24d688c87","sha1":"507b023ad808c336fd63d5bab9f485f48e9e23be","sha256":"5192d349b6d692a7c63b6364fad07e801d654f643abaa0ca4db3480a2cc25847","sha512":"6b20822e8a7a454f29a99c4aabb54eeea97cb0dc6b48d2cb451eca349416483d492aac1bb67edd94c53d1c0cf3c86913f18be56a15432f95f323a353114ba3ce","ssdeep":"192:6YKuKBQnJyRTaHdUh1LIm/r5LAD2eqZKt6t0kg6tyM:zgNNFgnM","tlshash":"bbc2ac2126f15c25a14382c6b63caa1a0954ea4384079846b1ed2efdff97ff18d37b5c","first_seen":"2025-08-01T21:58:29.864526Z","last_seen":"2025-08-09T21:09:22.076669Z","times_seen":5,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":119,"dns":1,"connect":23,"send":0,"wait":23,"receive":0,"ssl":93},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/empty.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/empty.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/webp\r\nContent-Length: 108\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-6c\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c7e5548d647db96d28a92f6dd27e058b","sha1":"dfdce4294b516b28bfaa0b050a00ee4c5c3d833f","sha256":"7837c789da00d809625c6fa59f866b9103a0e24c9047910b85ac006f342a6702","sha512":"e8db4d90b0906ac99e6062138d93ea035c61c01a51a376cc709f09ba32821076dd83aeb0461d3e3d0960cfb2ac6a8152041c69dfb8df2bec1dc5fa2b562b0c4c","ssdeep":"","tlshash":"7ab0123e0b9c440aeca61efa51d15f32180748687e629d024c9989708c9f850adc0740","first_seen":"2025-06-07T03:15:08.587785Z","last_seen":"2025-11-20T06:07:27.193179Z","times_seen":68,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":84,"dns":1,"connect":32,"send":0,"wait":33,"receive":0,"ssl":78},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay1.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay1.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-308a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12426,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b509cf1e74f8431efdb81f6ea48fe771","sha1":"78f28c1be97ea41541abcfc1ede626f7929e2c8e","sha256":"6fba47f4ad6cc309307daab8b1151ee76b01d58d242d73153f3e5fad1dcab0b0","sha512":"6240dce8df8063a1e470e30cd1dcd0bdf7806d7dd4feab08ac53db58664551549fae95db1e52a720961f1b83efc211544f1d386a843445e6d1cddf792caddaac","ssdeep":"384:vcHEtrje2PiTGNKHHDt+8qmUDP9JjCWSCbCkk:kHEFiCKHHD0cUD9Jj9bCN","tlshash":"8942e8fe6b8566e0e907e3e2eb1358793b0b74fb6fd2da68c3549e88354105c848dd80","first_seen":"2025-06-07T03:15:08.544537Z","last_seen":"2025-11-20T06:07:27.178815Z","times_seen":70,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/balloon.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/balloon.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 27172\r\nLast-Modified: Mon, 23 Jun 2025 09:54:38 GMT\r\nConnection: keep-alive\r\nETag: \"6859245e-6a24\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27172,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"962f077cbeab2845d907ea6663868013","sha1":"e0cc3a8102781d3312954d56ae2b33edda1af06f","sha256":"4916d71a369c73b8fb50b757c62c5678489c4f202b8fbf809f037155c1a03373","sha512":"ba26b281b07a22187b03511fe888d2d04dcb1e17f1422c60d804129770501aa1e0c7a2e331edbf6250e6eed55f7ea5ba56f2962f1da87356b69a85a5b15285ae","ssdeep":"768:sKh/xugkPfGeJkrHJMCOZmhrT7t35Ix1YmCxb4u6:soLkPfbgHJMCcOr/+Y14u6","tlshash":"66c2e174d61a1290f1c697bcb1da47692015b70364f873d6c204897a2f6e7ea13fc9cd","first_seen":"2025-06-20T12:38:35.389439Z","last_seen":"2025-11-20T06:07:27.13897Z","times_seen":69,"resource_available":false,"data":null}},"time_used":386,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/dragon.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/dragon.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 82048\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-14080\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":82048,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"53504e0f8683fab717a30f3c995b3442","sha1":"738dfa2d3f7a37dfe3c54d7b57f517a619ba6e36","sha256":"c751144faf0c9959591bea0b020866136bce7c9186d958444164ea038fdb462d","sha512":"fc6da7a7bfc18782de43d0769d0e5e721d65b061f6d936fe81a9a3be01b56502f82640736114411a649334284cff07cca5da9c8c7843e6aac490c47aad8dd2ff","ssdeep":"1536:5mxqr5oSAOup03KKybzzfA6eKuTQ1YAvUIusCRh301eopBXU:5oa/AO4Ig/AHKuEENiVU","tlshash":"7f83126a5a76a903f2aab1f81940192337d25071d79f3930632f476f48f0df5cde6a12","first_seen":"2025-06-07T03:15:08.591363Z","last_seen":"2025-11-20T06:07:27.141524Z","times_seen":70,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":215,"dns":0,"connect":0,"send":0,"wait":24,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/empty.webp?v=3","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/empty.webp?v=3 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 108\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-6c\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c7e5548d647db96d28a92f6dd27e058b","sha1":"dfdce4294b516b28bfaa0b050a00ee4c5c3d833f","sha256":"7837c789da00d809625c6fa59f866b9103a0e24c9047910b85ac006f342a6702","sha512":"e8db4d90b0906ac99e6062138d93ea035c61c01a51a376cc709f09ba32821076dd83aeb0461d3e3d0960cfb2ac6a8152041c69dfb8df2bec1dc5fa2b562b0c4c","ssdeep":"","tlshash":"7ab0123e0b9c440aeca61efa51d15f32180748687e629d024c9989708c9f850adc0740","first_seen":"2025-06-07T03:15:08.587785Z","last_seen":"2025-11-20T06:07:27.193179Z","times_seen":68,"resource_available":false,"data":null}},"time_used":337,"timings":{"blocked":286,"dns":0,"connect":0,"send":0,"wait":49,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/star.png","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/star.png HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/png\r\nContent-Length: 4473\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-1179\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4473,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 195 x 162, 8-bit/color RGBA, non-interlaced","md5":"e3c58c1d1c4df2907c335dd8dd8a55dd","sha1":"09494d43b5bfe860f88b4f41a77871828c6c8d29","sha256":"626271bcab3d0df2ad2c95eabbb122920e75cbbb23b86b21aee617aa24eae082","sha512":"cae2cb3145e93619dd065f384034d41b34eecb31812d369dfb6d841dcc54c5c49c01a0e00a4d8e6d0117fc5109c4199996fe98b8d14309df5772f4b58033ab16","ssdeep":"96:DXSqq3Mx2ixU6Mks9ZmPf8T99dmfgtsoYyarsOJbeDvURwK1iT7QJwV5SN:DXSqq3M8iNSmy7mfgWoCrsOQixEPUwVC","tlshash":"88916b807c2767bddbfb2d198e30e4697981b0a5dd30bc04ea8494e61181ceb65457cf","first_seen":"2025-06-07T03:15:08.536954Z","last_seen":"2025-11-20T06:07:27.167966Z","times_seen":69,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":231,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay0.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay0.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-205a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8282,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5509d219d98ce33010343b01d953bc45","sha1":"8c0b9ee77108f4362cc1fd39643cf2dc4677676d","sha256":"f364231864d6bb499242b12d2ffacc8a7ea187c503083e61bf274762ef886b1b","sha512":"6357de1faf9e89c5b11c24ff6397a6a3fd3515d8206b6166f76a1a6c59a36be79d5c2c564b3ffa895aba55b6989f19d3aa76fb636f193709eb9aaca0e39ffba0","ssdeep":"192:FIET179wfSW9aVALStvLoEA9qnFcWvnu0mbJcU:FIETx9wJ9zm1U4M0mZ","tlshash":"1602c6ed67d9a2f0a402f3e9d92758b5ba0f3cf27e56c658c3d86e58f44204d8588cc6","first_seen":"2025-06-07T03:15:08.549344Z","last_seen":"2025-11-20T06:07:27.177614Z","times_seen":70,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":136,"dns":0,"connect":0,"send":0,"wait":75,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/empty.png?v=2","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/empty.png?v=2 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/assets/css/style.css?v=57\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/png\r\nContent-Length: 146\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-92\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"f3668b6d7cd114910f52318bc862e373","sha1":"65d186203174ed3594d8403e89b148d6a5f7cdda","sha256":"6d6e7ce0a19c84586e93d2ff4275a1e0bb20aaa92c53f45d7e9d2415472dc006","sha512":"99f6d5478b07be72619e4d3d8b65807cda9f7dc408aa027757006f1d2b987d408beb96364e239edb06aa99ac622d2dee4515a3efc3182f26a7edc759d00a7d74","ssdeep":"","tlshash":"3ec02bd797450cbac51d0473405e1050e077092c01003108dd2138147024c881515383","first_seen":"2025-06-07T03:15:08.581042Z","last_seen":"2025-11-20T06:07:27.13737Z","times_seen":70,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":354,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/img.gif?f=sync\u0026partner=08fb16da40b6151464640211c90da58eda2d41d406e3d553f63be68dfc930998\u0026ttl=\u0026rurl=https%3A%2F%2Fjoin4ra.com%2Fgood-to-see-you%2F%3Fclick_id%3D01988211-d768-72b9-a6b9-5991b9c78de8%26value_1%3D71%26value_2%3D234851%26sub_id2%3D977127004786659329%26sub_id3%3Dpropeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561%26sub_id4%3D9137036%26sub_id6%3D21325924%26sub_id8%3Dmi%7C1oibdrf4ear32k%26value_3%3D1561","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:14.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Jun 2025 12:11:05 GMT","end":"Sun, 28 Sep 2025 13:11:03 GMT"},"fingerprint":{"sha1":"89:E0:23:FC:5B:0F:07:0F:7E:EC:B8:4F:B5:1D:3B:1F:6B:5C:22:0B","sha256":"66:DE:FF:43:09:A3:D6:B0:70:4E:47:82:C8:66:35:42:25:2E:23:CA:5A:1A:CF:A3:1E:23:A0:0E:D3:E3:95:95"}}},"request":{"raw":"GET /img.gif?f=sync\u0026partner=08fb16da40b6151464640211c90da58eda2d41d406e3d553f63be68dfc930998\u0026ttl=\u0026rurl=https%3A%2F%2Fjoin4ra.com%2Fgood-to-see-you%2F%3Fclick_id%3D01988211-d768-72b9-a6b9-5991b9c78de8%26value_1%3D71%26value_2%3D234851%26sub_id2%3D977127004786659329%26sub_id3%3Dpropeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561%26sub_id4%3D9137036%26sub_id6%3D21325924%26sub_id8%3Dmi%7C1oibdrf4ear32k%26value_3%3D1561 HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 01:11:14 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\ncf-ray: 96b2e61ccb7956a8-OSL\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=08821e9294f645f6ed5175240327a442; expires=Fri, 07 Aug 2026 01:11:14 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-04T23:25:11.363289Z","times_seen":96426,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay5.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay5.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-8d8\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2264,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8168b185ab5cd073c128e2956518fab9","sha1":"9c1aabf45dcf031c0bfe48bca974366e691baedb","sha256":"d05ddbb6188643eac3db0a94804a613b057b49d6c8f8c6d75aee7caf5c864bd2","sha512":"8ce888c78355c40b8ea3ee6bae78800c6c62ee349b54b3c6f78090fa653dcb7af4a980cd15175013c527156dc2a2441c669c3784bf41068d42aaec37f132cdf0","ssdeep":"","tlshash":"6f4152a9b36ad2b4b505f7f9d22295343a6e29f6be109049c3d22c00f99851d4e5dcc3","first_seen":"2025-06-07T03:15:08.559066Z","last_seen":"2025-11-20T06:07:27.16934Z","times_seen":70,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":103,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay3.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay3.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-1f8c\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8076,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"53732d74233da73c7c177215191f4150","sha1":"b27053fe54c978ef92b42f3c6a78b0f7685a19b3","sha256":"d1f1093cafaf4be59e96925bd475a0288364ab41ca243411d4815b7ba7a00918","sha512":"03a2fea1a50f1a6e3d437d633ba29b16c1a7a71c7763b143ca3b57945a6c2b1b9715f21e5a9beb24f067e39f848600dbd454dadcda0bf11c6f451615feb8b365","ssdeep":"192:qf3OfAV1B5IZYLFQgiu9fAmA2V3cL5RjnLbWPAAp8EG6VJt7cUxS3UXNY:qf3Ofg/IWBiuumTZcLbjnLbsHib6yUwt","tlshash":"4ef1c5d87b7a53fce982f3b5d307142438ab98f92d41da34c7c45e06e8860ad9d65c8b","first_seen":"2025-06-07T03:15:08.563711Z","last_seen":"2025-11-20T06:07:27.14383Z","times_seen":70,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":156,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/js/js.js?v=112","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/js/js.js?v=112 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Mon, 14 Jul 2025 10:40:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6874de85-b6e7\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46823,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (306)","md5":"ace80f0bb966ce7ae0afa9764b857198","sha1":"732f3e6ae35a1c6a07cb54b17365801be094e3f4","sha256":"97efad519de091946361fe53cb4d0c525e01dd01aeb5919e10504f82645cf16e","sha512":"4eeef0c2260868ffa12b64a328cdc3ad90562c5c21dbbd31ced6fac84eeddd87e3ed6eadb3eb8d8daf9c8b4b69178f5b3aeaa77a76102b43245eb6b3787029ed","ssdeep":"192:pY9RNl3o1ylzRJDElRJ6DEoPHqC8ZTruMmiSDpk+H/dGaWi9ojOwBm3kyTiENYDP:4LMnmU0J2GnooPg4oCQpbGdYByo","tlshash":"8823ffac32b774294eb1d8dfc69baa0254e02463d543e558be0c06056ffe87cf1b66b4","first_seen":"2025-06-20T12:38:35.393382Z","last_seen":"2025-08-07T01:11:39.524702Z","times_seen":33,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/football.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/football.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 74842\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-1245a\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74842,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"07593722c68c3345dd5bde437ebe9ee0","sha1":"4710891072ead86b7f0c014d20945ee4e383dba3","sha256":"856bbca06867a954e024b13cf601bd10607c5e1786f20a6701bea19187075db6","sha512":"e1461a52a1264b58c635b86a83f9bc41faeca28a437c632f0e2d847de8cf32b564f5298625ffc4333c761585645b4789963b1b6cbd2cc24bbaf4f61cd512910d","ssdeep":"1536:8zI0yd3ubtTPqus3v9OJhnwOu7dsYY/pYPZjIRe7f:8zXyVubtTPI1fldsYiOP5X","tlshash":"5f7302a6658ef22fddd0b97851a9dea1b10c5d5b52f9d2f210401c24eeee4c50dde2c8","first_seen":"2025-06-07T03:15:08.568333Z","last_seen":"2025-11-20T06:07:27.189376Z","times_seen":70,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":317,"dns":0,"connect":0,"send":0,"wait":40,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/storage/storage/248926/HI_Sport700-(2).png","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /storage/storage/248926/HI_Sport700-(2).png HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/png\r\nContent-Length: 91487\r\nLast-Modified: Wed, 04 Jun 2025 13:00:02 GMT\r\nConnection: keep-alive\r\nETag: \"68404352-1655f\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91487,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 288 x 279, 8-bit/color RGBA, non-interlaced","md5":"42c373da6814de5bc0bd6ababc2b0037","sha1":"d5cf3703a906cb35e58994b92bbfe607ec026b3c","sha256":"d1583f18592709edd23fc39830e15c1298df483ce268094d6d5a179d6b4fbb63","sha512":"dab100f68d7e54cf3fe026f7db3adab42945c128333cd12bf62b7d5503d870171770dd6c6e216c8f303ef4c2409c214d0d0014b4ed9d8cd1f89a63a10d009696","ssdeep":"1536:aLQ1WW2HJvURrctr6IbGoUho01WzQZifZbCYn9p7JT6VgUPRZxDkrPBQB:0Q1p2HSJ4r6vVhpJZihOaHJT6fdkrP6","tlshash":"569302d427319f61c8393e64a7a744d3dffafd84fe20827529a77e4e214274860928ed","first_seen":"2025-06-07T03:15:08.586509Z","last_seen":"2025-08-16T19:37:52.990712Z","times_seen":7,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":159,"dns":0,"connect":0,"send":0,"wait":95,"receive":178,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tsyndicate.com/api/v1/retargeting/set/d35125e8-9d31-4deb-bf86-f1f9175fc403","fqdn":"tsyndicate.com","domain":"tsyndicate.com","tld":"com"},"ip":{"addr":"46.4.114.55","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsyndicate.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sat, 12 Jul 2025 20:07:44 GMT","end":"Fri, 10 Oct 2025 20:07:43 GMT"},"fingerprint":{"sha1":"17:CA:3C:74:04:7F:C9:7A:85:26:A4:D4:AD:C9:1B:C1:6A:07:11:67","sha256":"FD:FE:24:3F:30:F6:D7:49:2D:A7:FD:3A:39:73:C0:E3:75:F2:E0:29:34:71:B6:14:3C:F9:D8:9F:54:8D:BB:EC"}}},"request":{"raw":"GET /api/v1/retargeting/set/d35125e8-9d31-4deb-bf86-f1f9175fc403 HTTP/1.1\r\nHost: tsyndicate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 01:11:14 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\npragma: no-cache\r\nexpires: 0\r\nvary: *\r\nx-api-version: 1\r\nset-cookie: ts_rt_d35125e8-9d31-4deb-bf86-f1f9175fc403=AAMC; expires=Fri, 07 Aug 2026 01:11:14 GMT; path=/; HttpOnly; secure; SameSite=None\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, no-transform\r\nx-robots-tag: none, noindex, nofollow\r\nreport-to: { \"url\": \"https://pxl.tsyndicate.com/api/v1/heavy-ad/report\", \"max_age\": 86401 }\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64\r\npermissions-policy: ch-ua-model=(self \"https://tsyndicate.com\"), ch-ua-platform-version=(self)\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ba036c43037cfe89320d1ef7b64cd43f","sha1":"88c72d3e26047eb1e45e5564a76427734f120efe","sha256":"42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb","sha512":"aa80ccd27c05eb729f730b9d830b011650bcf12cbb25d19edf29efcf962c7465bb5685a5ff5d084356c6710c08e829d16b59e7a59a41767eb14744f326b6c124","ssdeep":"","tlshash":"19900403f5400003d175d03107170340134cd110057c0307405d505cdc553510c01010","first_seen":"2023-05-10T09:10:20Z","last_seen":"2026-04-04T23:09:41.195063Z","times_seen":14438,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":62,"dns":2,"connect":25,"send":0,"wait":26,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/basketball.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/basketball.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 49158\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-c006\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49158,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f8015ff99b2fdc7c4866977aba4209d8","sha1":"fa5bc27076300dd4f237833fc56895f42ccddb00","sha256":"a28c0fca794bd1605886de7426614406d090b4afa30e5a3a6fc85ad844c84100","sha512":"cac565e496c23a1ddccfd188471cc5e380c51d264a5c19efa6898d8fb5cbcb4440af35351bde75b2eb0f965e7527fc9187204042312007add81a2899fa59c1d7","ssdeep":"1536:6Szq6pcS6QiYhF75sGhha4MN14exoTNb5jILj:5r6QFvly4MvaZbmP","tlshash":"f5230167dc58d31ad8ea313025d5fa78e320e27211b572bd86599c49afaf1df0e0c607","first_seen":"2025-06-07T03:15:08.584382Z","last_seen":"2025-11-20T06:07:27.191584Z","times_seen":70,"resource_available":false,"data":null}},"time_used":781,"timings":{"blocked":314,"dns":0,"connect":0,"send":0,"wait":196,"receive":271,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/android.png","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/android.png HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/png\r\nContent-Length: 6325\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-18b5\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6325,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 375 x 119, 8-bit/color RGBA, non-interlaced","md5":"497da2cfafa3325971a759fc1e8e381e","sha1":"96a256c5a07d7ba975057afe062dc95344f0c820","sha256":"ed88f702e9961793b847761d7bf651811c792d7026763d2ca04ca17c978aed54","sha512":"5a49f7b63a267775fef9f8b20646367282b2b77268a90f7cf04815c73824d24047f67f0890c2e43d4f7bb5074822a0102c97fae58a39d5d025ecde072fa6759b","ssdeep":"96:7GTdUzJovwiolPVN326XtFFtz7Bam5WaqwpIP6zwVdJgYUG6g0ga8WsOZ:KTdwo4Hv1hPh5X/pIC01gYUG6gXZUZ","tlshash":"7bd1af1125fe804e875cfc3459ce3e13c66d4f72910a69b5655eb10537385db317088c","first_seen":"2025-06-07T03:15:08.539283Z","last_seen":"2025-11-20T06:07:27.185313Z","times_seen":70,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":195,"dns":0,"connect":0,"send":0,"wait":55,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/ios.png","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/ios.png HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/png\r\nContent-Length: 5996\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-176c\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5996,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 374 x 118, 8-bit/color RGBA, non-interlaced","md5":"448bef80e280b1b34d68299e5c85c072","sha1":"d2e08ab9b3ab5beb8c0755c2763f5485326d3113","sha256":"d411c5cf6c6edfa26b6ffb86866f6bfebec07706a04d15a005c283fa814cf6fb","sha512":"4a4f51f7c815ea7aa5332f6b5bb049337e57356d0d0d39538d7f096a964c744873b76db17c84d5a330200e8037d3105f2bb0ba63425c726964336c0bc0fa397e","ssdeep":"96:Grh8Gn5QYlyGIzu0+5rFVNhUZ3ZKGRlsNUfyC0fHkCt+Gis6C3q4evM1TZnhgzPU:Uh8dY4GItGrFVNhc3ZKilsJC0vR2C3AY","tlshash":"a7c19f80456b4e6b7644da3c90a20414e9e0c406516bf43ade33ee1f0c2bfcfb69ac19","first_seen":"2025-06-07T03:15:08.564759Z","last_seen":"2025-11-20T06:07:27.170006Z","times_seen":70,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":52,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/swiper@11/swiper-bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 11.2.10\r\nx-jsd-version-type: version\r\netag: W/\"25be5-n7vuhWVYfwo6iXqEBF16IW76OmQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 07 Aug 2025 01:11:12 GMT\r\nage: 5922\r\nx-served-by: cache-fra-etou8220075-FRA, cache-hel1410020-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 44022\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154597,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65281)","md5":"6cf353c3b8738cded0ecaf2100e7da1e","sha1":"9fbbee8565587f0a3a897a84045d7a216efa3a64","sha256":"985f1224c0eeec99d367a9db35e58e44b21e7eb9ce45831b15b4c108e41fd97f","sha512":"b9d13adaf4af1e21d923ac1ab3e69f8bdd755c9b984c4018c660470c7b7dd079f100c72f7b8215f64cdbe632990cc416e88542b4f170194610b5e685b4678da5","ssdeep":"1536:iKJqLfGmNQ2X8NFb4uvEOUjF3j7MtOBlxvHlik3+AkNk7yGCdmFiBnyOlV/TDQr/:nJebsNy1ikuGeBnR/TDQ9chHdN+ui","tlshash":"dbe3e789a221b67646e3169b93e4c211b3b50544b80ac4e470fd4c9f597ec9c13feefa","first_seen":"2025-06-28T19:00:56.686116Z","last_seen":"2026-04-04T23:45:54.939327Z","times_seen":14664,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":57,"dns":1,"connect":39,"send":0,"wait":29,"receive":28,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/bet-down.webp?v=3","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/bet-down.webp?v=3 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 64492\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-fbec\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64492,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ab3631ecdf57cdc27d06d6ca438392a8","sha1":"f62a949dc744e7df401b7b9097a6ca6f7c5598dc","sha256":"04aed4432c3ca3362174fe8d93d4ebc1001ccafaf4c1f9e58c1f6a9a42decde2","sha512":"9b5c7a7717038e10f24ccf2b76067422f8c82ac57d352fd9d8beefc7bcf730891e1ded2463ef4e9a3966e558f0dfafbb57586212bdb1912fa29b1dfc0b809556","ssdeep":"1536:mt9qI4VM6Dre8RhI6cxUblTzWacRkGMr17XGu6tg7a0C:mtOTtI6cy/W3Rtk72u6tg2R","tlshash":"bb53027b88478c47e6a8f6783c1a6f42d4446f1a9173972e16063cf39ca58f6ac0e302","first_seen":"2025-06-07T03:15:08.578782Z","last_seen":"2025-11-20T06:07:27.192365Z","times_seen":12,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":253,"dns":0,"connect":0,"send":0,"wait":23,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"upload.wikimedia.org/wikipedia/commons/c/ca/1x1.png","fqdn":"upload.wikimedia.org","domain":"wikimedia.org","tld":"org"},"ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.wikimedia.org","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Jun 2025 07:57:35 GMT","end":"Mon, 15 Sep 2025 07:57:34 GMT"},"fingerprint":{"sha1":"54:2F:E4:BE:E3:58:FD:4E:C1:90:B3:44:8E:41:6C:8C:12:0C:1B:D6","sha256":"4F:57:E1:90:0D:8B:1B:E9:2F:27:10:DE:61:15:05:12:8E:E7:F1:1C:FA:B9:51:6F:A4:10:F6:39:C1:9E:C0:63"}}},"request":{"raw":"GET /wikipedia/commons/c/ca/1x1.png HTTP/1.1\r\nHost: upload.wikimedia.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://join4ra.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 06 Aug 2025 19:46:29 GMT\r\netag: 71a50dbba44c78128b221b7df7bb51f1\r\nserver: ATS/9.2.11\r\ncontent-type: image/png\r\nx-object-meta-sha1base36: 1q4na1xj6topzln51tpzqqxtdtdwo9p\r\nlast-modified: Sat, 04 Apr 2020 08:42:56 GMT\r\ncontent-length: 95\r\nage: 19484\r\naccept-ranges: bytes\r\nx-cache: cp3076 hit, cp3076 hit/5986\r\nx-cache-status: hit-front\r\nserver-timing: cache;desc=\"hit-front\", host;desc=\"cp3076\"\r\nstrict-transport-security: max-age=106384710; includeSubDomains; preload\r\nreport-to: { \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error\u0026schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\r\nnel: { \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\r\nx-client-ip: 91.90.42.154\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache\r\ntiming-allow-origin: *\r\nset-cookie: WMF-Uniq=P_iKZjrKdVSKmZ3CBnxGDAJIAAAAAFvd5dzTUhF1yM62ZDsFMGUXDukGllFZH75v;Domain=upload.wikimedia.org;Path=/;HttpOnly;secure;SameSite=None;Expires=Fri, 07 Aug 2026 00:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache Traffic Server:9.2.11","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 1-bit colormap, non-interlaced","md5":"71a50dbba44c78128b221b7df7bb51f1","sha1":"0ec63b140374ba704a58fa0c743cb357683313dd","sha256":"3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517","sha512":"6ad523f5b65487369d305613366b9f68dcdeee225291766e3b25faf45439ca069f614030c08ca54c714fdbf7a944fac489b1515a8bf9e0d3191e1bcbbfe6a9df","ssdeep":"","tlshash":"fdb012e323704c36d1014173523c92138b22c31ca14d19438001fc280c63305ccc879a","first_seen":"2023-04-05T13:40:31Z","last_seen":"2026-04-04T23:35:44.314322Z","times_seen":17697,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":37,"dns":2,"connect":17,"send":0,"wait":17,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay2.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay2.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-2330\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9008,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"50f7f02ab69d013c63ea46b0977cb096","sha1":"77dc2c664daf9f7a4ef0c8cb04b0ec5f1884acdb","sha256":"b8d954400464f02d3ab2e962664f74573cb6057ee10b544127c9992b658cfa5d","sha512":"83d981671492ff750da32fff4bfd8bd23955aa220d22fec4996af9f0417eb05d881ff6b4d70830700b4e8b2eb2335c856e2de6846fabdee30cab19f672585bfe","ssdeep":"192:v6RAwibs3RfjNHx+U4PZbhaKlqQN9AE8sQ0oSD596cT+0v:KALy/4P1bqrul+0v","tlshash":"3702e8e82b6793fce94df3f78b115838778645f53e12833883a91e06a55156e8849ec3","first_seen":"2025-06-07T03:15:08.55043Z","last_seen":"2025-11-20T06:07:27.130513Z","times_seen":70,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":152,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/js/re.js?v=19","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /js/re.js?v=19 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 18 Jul 2025 15:15:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"687a6506-2850\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10320,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"a8fbaa7a0034c3e6cb2706dd08c700c8","sha1":"b6ae8cc5f09c513ad2645654d8d1940ff223e49f","sha256":"b712edd116367a428a197d9d6e001a89e6ae5070229e8c829e425ae3de3e56ae","sha512":"feb2006cb6e5ec03f4ad8df63f6cb5457d0157722c6e85d7d2104a3b79264d4eacb4fd53af06b52323c3c05f7553852883f0965c674f02578561e79769604aa4","ssdeep":"192:PVLaja8sWX3bveZvXGPBU/QciCxc9dOzMxr56JcqrSU6EaNWjFZAAg+R0B09:PV2XzedX4Oh+OOcuxP2FFp4+","tlshash":"73221d9c10b312b641b330799f9b9324713a018b714ace4c7d9c87006f6deada2f6bd9","first_seen":"2025-07-18T23:48:06.665597Z","last_seen":"2025-08-07T08:53:24.793755Z","times_seen":51,"resource_available":true,"data":null}},"time_used":410,"timings":{"blocked":102,"dns":1,"connect":30,"send":0,"wait":141,"receive":0,"ssl":131},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/chicken.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/chicken.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 31768\r\nLast-Modified: Mon, 23 Jun 2025 09:54:38 GMT\r\nConnection: keep-alive\r\nETag: \"6859245e-7c18\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31768,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"95d9d85d0ecd0e4ec05fe566070354f1","sha1":"2adb97871e07f8652dbdfbe33cf72c198a84b30f","sha256":"e5b0f9b77d069611a64fa32fd3e7bfedce5e877c9511adb1a1974e9a55bf696d","sha512":"172bebc53699267e28eaa4a5a6e8cc0ebbd154879a044c2e3df770878acd259386f5c95067943e7d6d92d3da539599e74e1a5c04f7c3df4c119e36bc429af88b","ssdeep":"768:zTuRFiPDFVxKij0lkXsDY8EQNo7QfYIVQOmVpDIsbKb9FH:OihVvj0lkXGYko1IVQOetKb9R","tlshash":"67e2f2effa394f55fe2831bc450e8745b3502840084f7df992ea5d706870d56e812d72","first_seen":"2025-06-20T12:38:35.416108Z","last_seen":"2025-11-20T06:07:27.140259Z","times_seen":69,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/candy.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/candy.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 134336\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-20cc0\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134336,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"40758386b602fa3fe07d61f1a239fb5a","sha1":"3f07f1e2cef62c5a1da3740be7b6c0ae785aab73","sha256":"c3bcb61292630806e58bf6aba9535f5a15370b4ed0057c8da8cddca7a0955457","sha512":"5478c8d058dad2113d93b3ca863b8d291513f01a12089c60ccfd2f155a74e106e887e15582c44d2b3c539b9076269b297aad8c4e042dcd254a8a2737761c85f8","ssdeep":"3072:KJh7NWhEXjjR1t3sYS4zE+gIDokCJ0nA27k94E:YxNWhml39zYkCJ0nA27y","tlshash":"96d3121c17516f42f506823cec9e8a0486e0e247f87ee84347aae552bb4f19fb4dc17a","first_seen":"2025-06-07T03:15:08.601552Z","last_seen":"2025-11-20T06:07:27.182236Z","times_seen":70,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":117,"dns":0,"connect":0,"send":0,"wait":45,"receive":217,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/p.js?f=sync\u0026lr=1\u0026partner=08fb16da40b6151464640211c90da58eda2d41d406e3d553f63be68dfc930998","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:14.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Jun 2025 12:11:05 GMT","end":"Sun, 28 Sep 2025 13:11:03 GMT"},"fingerprint":{"sha1":"89:E0:23:FC:5B:0F:07:0F:7E:EC:B8:4F:B5:1D:3B:1F:6B:5C:22:0B","sha256":"66:DE:FF:43:09:A3:D6:B0:70:4E:47:82:C8:66:35:42:25:2E:23:CA:5A:1A:CF:A3:1E:23:A0:0E:D3:E3:95:95"}}},"request":{"raw":"GET /p.js?f=sync\u0026lr=1\u0026partner=08fb16da40b6151464640211c90da58eda2d41d406e3d553f63be68dfc930998 HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 01:11:14 GMT\r\ncontent-type: text/javascript\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 96b2e6190c9f569c-OSL\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":697,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"d60f8634df3c2cb0af0452b9bef2dfcc","sha1":"cb625a6f99e7526af6fbf548383f3bb5e875e278","sha256":"b5ef666b766757ecd3d28d7777086442295e0ebb89ada802a49677df9417c368","sha512":"fb6a7cff2cbc8c5efbfa3b352683463620520b9a9ada1aeba6ac1c2ea5e711b3778cb21d994636a94bcf852b67dc8784c45813ee9710a0a91c0226adc2c728e1","ssdeep":"","tlshash":"60019c7d5786206418b634902b2abf4e747713ba1c576805884c4814e358bafa31add8","first_seen":"2025-07-13T05:05:42.861773Z","last_seen":"2025-08-23T12:55:35.802988Z","times_seen":8,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":51,"dns":21,"connect":1,"send":0,"wait":41,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/pay9.svg","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/pay9.svg HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-1360\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4960,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c6fdb111eea6d5dc8b3008f42b68c8d7","sha1":"aef81290e74a516b669c018b0bff0e7d12541655","sha256":"e238bd8fa9284e14e5b599699d1b22cc84b882a36cddd182b0f7e55f9c8b75cc","sha512":"dfa681cc061a535b49ed4ca2cd92499476973cc56fb5d0c945136fc8946cd19998410e6e19ddd2c82e3983322c86f3086e8212f3b65e586fc8fced8df5053a4f","ssdeep":"96:ppzASPn19osSH8fTjki0wWJkHwDSTbJg7ufk2T1SSiEu03kyplv/C:pvN9onHkjf0wWJUXfk9Six0XplC","tlshash":"09a1d5ed339892f0dd02dfa4da12806173376df62f968b94c7d18e43aa504ad8a48cc1","first_seen":"2025-06-07T03:15:08.59023Z","last_seen":"2025-11-20T06:07:27.129773Z","times_seen":70,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":116,"dns":1,"connect":51,"send":0,"wait":43,"receive":1,"ssl":95},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.push4site.com/sdk","fqdn":"join4ra.push4site.com","domain":"push4site.com","tld":"com"},"ip":{"addr":"172.67.71.105","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"push4site.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Jun 2025 09:35:34 GMT","end":"Tue, 23 Sep 2025 10:35:31 GMT"},"fingerprint":{"sha1":"B0:4D:5F:5D:68:11:4A:E5:03:6C:8B:76:7B:57:37:62:9F:34:75:27","sha256":"E8:67:00:7C:6C:8D:3E:A2:5E:04:7A:BF:0E:9F:89:44:03:EF:15:42:74:DC:F0:C3:11:1F:09:22:85:24:96:03"}}},"request":{"raw":"GET /sdk HTTP/1.1\r\nHost: join4ra.push4site.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: https://join4ra.push4site.com/Static/Script/join4ra.js?v=4\r\nServer: cloudflare\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nStrict-Transport-Security: max-age=31536000\r\nCf-Cache-Status: DYNAMIC\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=27IHl451J3%2FZ4tM0GN1xwLcg9Ufwu6PFsbe%2BFoF8wQn9C4yO3sFu4xYBK33KRzVwDcmBWgBzHmYUrdjtX0bdxFW9H0LGBHDCQWOv9tzuTTX%2Brw%3D%3D\"}]}\r\nCF-RAY: 96b2e6119d7a0b51-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":80091,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T23:47:04.105988Z","times_seen":13351467,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":25,"connect":12,"send":0,"wait":121,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/dragontiger.webp","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/dragontiger.webp HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 155576\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-25fb8\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":155576,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8886fb38aa54b04a1f50c641017402ae","sha1":"378c240558b63851126d34cf821b86769832d36a","sha256":"60854ad057a9b354a83aa60a808524c96985a92cbe8d44bf6b871759c386cc3f","sha512":"c4bf499e60dc8d2516ec028b8cb6a99f2cd5c84dcf7a482a279a12b2cf5b469c6af8b236171079b2cc9816b7f961bd4416ca204a553dc227776c2e842479bbdb","ssdeep":"3072:knO/C5Fw10SGFdYt63NVf7b9gFia6zgAT6mz2ize1qs1xhesBG:eLw14lPNQi/T6mKizEqmxhPG","tlshash":"78e312e8f1203c00b4b5276eea737ad38f95f684b5e6b5c60a02c7657764e998603f13","first_seen":"2025-06-07T03:15:08.599063Z","last_seen":"2025-11-20T06:07:27.186317Z","times_seen":70,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":282,"dns":0,"connect":0,"send":0,"wait":24,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/mixer/bet-left.webp?v=3","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/mixer/bet-left.webp?v=3 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: image/webp\r\nContent-Length: 107564\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-1a42c\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107564,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d8906af212f332f1d66dc7b5984e7672","sha1":"f581f30f2bbee546166c0327dc436a1f15bf99dc","sha256":"adae48dec481b29d645b0da7ee1e797b46ff8cec72d56c51ab0af4cc52f0186b","sha512":"0b752c47fd07654a6b86d44f869cd9f04c7900d95b9e8f6ad145ba52a5f5e4c169b7492fb2d8b549d7907fda43487f0ffab09e9b90294d4d9fc157895a3b0bed","ssdeep":"1536:gm4HTRPC+fT2LHSOpiJMBFCuDHALvss2Ll4QCJrQaJ3Q5H50RhtGMrvVx/R0DJ30:gFzOLSOtBDHBOfrQgFhQwv6NOfky","tlshash":"80b301df62e4c728d42a277e99f3f9ac4d712519531f374c90e6432aa81eb01dba41c9","first_seen":"2025-07-13T05:05:42.864224Z","last_seen":"2025-08-22T14:13:30.889905Z","times_seen":8,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":45,"dns":0,"connect":0,"send":0,"wait":46,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/fonts/Poppins-Bold.ttf","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/fonts/Poppins-Bold.ttf HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/assets/css/style.css?v=57\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 153944\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-25958\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153944,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 13 tables, 1st \"GDEF\", 17 names, Microsoft, language 0x409","md5":"08c20a487911694291bd8c5de41315ad","sha1":"875cf0cecd647bcf22e79d633d868c1b1ec98dfa","sha256":"7219547ee25334cbac0fe4b3acf0bf631e48ebb622c71af038edaaa652c60875","sha512":"d1b6430ab61dfb667b1393ef4377ab49b19be86f0f3ae7fa062b5eae1c5b1d20de5aa22fdf519824b31b2d0fe18073a9b3ea5011c735a1886767922ce9476b4d","ssdeep":"1536:ynWSOZkPJr4O8jORN5pJR1JOWgmd5Fju/qIzYq+qJi5ExrwpcWS7J5ffnVxjSZUp:vSW8WO8qnJ4Bmd5tIzYAl7ffVaO6YxmK","tlshash":"2ae3082bf6a7cf5ee7266d74da72636345d8e43569bf824bb7026943e88b480cdc4201","first_seen":"2023-05-01T03:42:21Z","last_seen":"2026-04-04T23:18:21.454623Z","times_seen":2632,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/fonts/Poppins-Regular.ttf","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"89.187.73.195","port":443,"asn":58061,"as":"Scalaxy B.V.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/fonts/Poppins-Regular.ttf HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/assets/css/style.css?v=57\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 158240\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-26a20\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158240,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 13 tables, 1st \"GDEF\", 17 names, Microsoft, language 0x409","md5":"093ee89be9ede30383f39a899c485a82","sha1":"fdd3002e7d814ee47c1c1b8487c72c6bbb3a2d00","sha256":"707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a","sha512":"4be480df0b639750483eb09229b4edcfdcd16141eb95d92a3f28a13bf737146d7cc5db6ad03a5cde258f71b589e5310b6d9bc1563ac7b1d40408eea236d96f4b","ssdeep":"1536:iBLCaPkPJr9Q0T+GNqUESJ/8w/lF703hmTWH6lrGcRAbf9EpthYp0wf0IDh1jlG4:6LCY8zQjGfJ/AaHjxlzOk7gb3Va4J","tlshash":"50f3091bf6e7ceaee7672a78ea72636614dce8362d7f454b23016913e8da441cdd0301","first_seen":"2023-04-10T19:18:16Z","last_seen":"2026-04-04T23:18:21.378248Z","times_seen":4563,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"incorenext.com/XXdJzN?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi%7C1oibdrf4ear32k\u0026value_3=1561","fqdn":"incorenext.com","domain":"incorenext.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"incorenext.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 07:45:03 GMT","end":"Sun, 07 Sep 2025 08:42:30 GMT"},"fingerprint":{"sha1":"E5:E4:76:7A:46:D5:7C:80:D5:FE:B0:69:90:C0:F8:13:A0:21:93:F0","sha256":"7A:05:7C:AE:1E:65:0F:BD:6F:BD:F2:FE:F7:AA:98:1F:2B:30:A7:B0:07:96:FE:37:FA:25:43:9B:C5:E0:81:92"}}},"request":{"raw":"GET /XXdJzN?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi%7C1oibdrf4ear32k\u0026value_3=1561 HTTP/1.1\r\nHost: incorenext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 07 Aug 2025 01:11:13 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://upload.wikimedia.org/wikipedia/commons/c/ca/1x1.png\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Thu, 07 Aug 2025 01:11:13 GMT\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HPxncWl4FPvpURYgSyCZM%2Bci%2FcWukL4w4ujDIMc17hTx7DouNZFfWhpLIHEP6M5B4Fe%2BOli7gG4GppKZmzHCBJbbr9oVX9aWZwIdAg%3D%3D\"}]}\r\nset-cookie: _subid=1sjos4f4earqst; Path=/; Expires=Sun, 07 Sep 2025 01:11:13 GMT\n78461=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwNVwiOjE3NTQ1MjkwNzN9LFwiY2FtcGFpZ25zXCI6e1wiNjBcIjoxNzU0NTI5MDczfSxcInRpbWVcIjoxNzU0NTI5MDczfSJ9.xTyrw7qdQ_QFdVtrKQCI4EX0ax73AbdYcusDyQZXmrg; Path=/; Expires=Fri, 14 Mar 2081 02:22:26 GMT\n_token=uuid_1sjos4f4earqst_1sjos4f4earqst6893fd3163cf85.76860414; Path=/; Expires=Sun, 07 Sep 2025 01:11:13 GMT\r\ncf-ray: 96b2e6145ab60b59-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T23:47:04.105988Z","times_seen":13351467,"resource_available":true,"data":null}},"time_used":173,"timings":{"blocked":33,"dns":20,"connect":1,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/css/style.css?v=57","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:12.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/css/style.css?v=57 HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:12 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"672b7ac8-3e0c\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15884,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"2744ec8353fca85e75d97d6256d8d7b3","sha1":"2578f96fd181c34509aebef6219013ff8ad4fe4c","sha256":"4c0db53f7b851102cd8613214835a257337c608f16bfce52dd2f73a72ddd146b","sha512":"7a2cf53f128fe313f10bb686bbebf099ca9c00d12eb96ef0b80449c60393046a292fe9ae8a131801962512f9743be2291f00a948c00fc57458fb2aff780b47e9","ssdeep":"192:k5ed61t2EbdHw1/bNaFGsvSl3Sg9Gg1IgKej4gYUxIGOEj/9uiUE3nIkreuvGFNT:kZgNmQ+hh3C9QdIPOli7ju/5","tlshash":"8f621e455eb71100f003e4696bbb9b64e368c003811bdcb97b8d7645cf825ba56ae7ec","first_seen":"2025-06-07T03:15:08.561263Z","last_seen":"2025-08-07T01:11:39.542009Z","times_seen":42,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/storage/events.json?v=nd0zweuigvtls5fbgodh1yve-6wodlsj","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:13.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /storage/events.json?v=nd0zweuigvtls5fbgodh1yve-6wodlsj HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:13 GMT\r\nContent-Type: application/json\r\nLast-Modified: Thu, 07 Aug 2025 01:00:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6893fa91-2ffab\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":196523,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"07c33f82e021a8f8d85aa0590490e195","sha1":"d57aada559191adf3f24e61ab4fad3891908de90","sha256":"fdadc25c7e13611ed3bb9679c5f711346174187d5248b87828cef6ead7cb4172","sha512":"de256616c51b321392ceab6168f38c76734f914f00601b3eb8b62d9938a07279740bfe118015002891b6b06c654897769f5da2f2798488628da51ebeb24ee889","ssdeep":"3072:pnRnp4xRUH9ug7tgF3mdRq0z5q0PO8YcdTiHug8L9lyo:qxROug7tgwdRq0z5q0Tsl8ZEo","tlshash":"96148d8af3e1f5c4801c2074d87a96ed5a8c5c524231d87a5cafcecdd68b264c637ee6","first_seen":"2025-08-07T01:11:39.543134Z","last_seen":"2025-08-07T01:11:39.543134Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"join4ra.com/good-to-see-you/assets/media/favicon.ico","fqdn":"join4ra.com","domain":"join4ra.com","tld":"com"},"ip":{"addr":"195.200.28.189","port":443,"asn":216071,"as":"Servers Tech Fzco","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561","date":"2025-08-07T01:11:14.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"join4ra.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E1:C6:1E:EC:97:8E:86:AC:6F:77:B5:F2:46:D3:11:48:44:5B:FF:E8","sha256":"A8:43:4D:B6:B5:48:44:11:74:F8:AB:EC:CD:38:B6:51:6E:1B:85:0C:B0:32:AF:92:3B:B8:BF:B9:25:71:B4:81"}}},"request":{"raw":"GET /good-to-see-you/assets/media/favicon.ico HTTP/1.1\r\nHost: join4ra.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://join4ra.com/good-to-see-you/?click_id=01988211-d768-72b9-a6b9-5991b9c78de8\u0026value_1=71\u0026value_2=234851\u0026sub_id2=977127004786659329\u0026sub_id3=propeller_00reg01_mi_in_reg-bet_pop_cpm_mix_1561\u0026sub_id4=9137036\u0026sub_id6=21325924\u0026sub_id8=mi|1oibdrf4ear32k\u0026value_3=1561\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 01:11:14 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 34494\r\nLast-Modified: Wed, 06 Nov 2024 14:18:48 GMT\r\nConnection: keep-alive\r\nETag: \"672b7ac8-86be\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34494,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"321b83e30cbbeb228649c5a9e9c3a194","sha1":"acd1f537cc264d56334352ea8ac96f506ad2a863","sha256":"f61b3e105cc46934e5a14b52b7977d8b738b5719233fc97ae82ddf8c1c7ede92","sha512":"9d6d4fd798f97b1a175e46c00c6fbe119293d715c20c9f794cd5cbac8149e24315bfeb01888f1bcdcf961f5a2bf47a124aad1c0edc4a9d53f79a490dc679ca82","ssdeep":"768:DAQSIQCJKRkJgUZZl4gKJJJKJVJWkJgnZOKJ8ZJgLKJ80VwnEUTEhwVDL:A","tlshash":"13f2fd1152f3c473d0744f36f769c773acba3890e840ff7246e632b6bae69a21655221","first_seen":"2024-07-15T20:04:40Z","last_seen":"2026-04-02T01:03:35.698512Z","times_seen":157,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-07","alert":"Sinkholed","trigger":"join4ra.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}