{"report_id":"85d308ab-36e5-48e0-98ba-560ae70e0c8e","version":6,"status":"done","tags":[],"date":"2025-12-29T09:21:51Z","url":{"schema":"http","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"title":"ciu7-w | Content Delivery Network","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-02T09:21:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"e7cod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"jnpmfdgxlsafbsd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"g9r6.com","ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-07","domain_rank":0,"first_seen":"2025-11-26T09:24:02.624758Z","last_seen":"2025-12-28T04:56:23.956768Z","alert_count":21,"request_count":21,"received_data":2395645,"sent_data":9470,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"e7cod.com","ip":{"addr":"139.45.197.233","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-09-07","domain_rank":0,"first_seen":"2025-12-09T19:09:56.779126Z","last_seen":"2025-12-24T21:57:44.441323Z","alert_count":3,"request_count":3,"received_data":120529,"sent_data":2254,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"be4235.rcr32.ams02.i8yz83pn.com","ip":{"addr":"185.248.171.139","port":443,"asn":43668,"as":"as43668 LLC","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-06-09","domain_rank":672190,"first_seen":"2025-06-16T01:36:12.378866Z","last_seen":"2025-12-25T23:53:45.161098Z","alert_count":0,"request_count":3,"received_data":1077219,"sent_data":1760,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"bysezejataos.com","ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-07","domain_rank":0,"first_seen":"2025-12-16T02:17:27.273447Z","last_seen":"2025-12-25T08:11:57.889635Z","alert_count":16,"request_count":16,"received_data":1480649,"sent_data":7368,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-12-22T14:29:29.510192Z","alert_count":0,"request_count":1,"received_data":831,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img-place.com","ip":{"addr":"104.21.86.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-18","domain_rank":600057,"first_seen":"2023-06-18T09:20:16Z","last_seen":"2025-12-24T19:21:28.161063Z","alert_count":0,"request_count":1,"received_data":68711,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"jnpmfdgxlsafbsd.com","ip":{"addr":"139.45.197.155","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-12-28","domain_rank":0,"first_seen":"2025-12-29T09:21:54.494684Z","last_seen":"2025-12-29T09:21:54.494684Z","alert_count":2,"request_count":2,"received_data":1220,"sent_data":947,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":1,"received_data":11856,"sent_data":460,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1676bfea4b16968bde6fe1baac971b25","sha1":"e2305c1343db7d63028d9c21e9c9fabcea6d33ac","sha256":"c3adea52d43109205f53a0bf6f885a407985bf7a47bff1c97dc931f3f8b91a37","sha512":"8ed77633c4837e8d89460de0498023d17b2c738723cb9b09aa77ffbec004f4ecc30a4ab0d3429848887fccff7084d232345f5ee0b3e12467cd135ecec3149694","ssdeep":"","tlshash":"092157581ce60876907369ab0f9ea2443a36d0d30186cc727e9ccb249f905ee06b6bc8","size":1111,"data":"","first_seen":"2025-11-16T08:53:46.805721Z","last_seen":"2026-06-03T03:05:15.288974Z","times_seen":287,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"57ca4eb5033140ccaa151dba46d12fff","sha1":"01b105e75e7579ee7fe3862dcddbedc8d390c101","sha256":"d28387acd17e16a460d98dff88aa30d4b1e25dc0654e38f57e3fb95b28f13e95","sha512":"e3c29d5781fae576c6bc38664024dd8f53a8d419b224e5024b7b7cc972de450fdde2ea3f3a798e4c8648354e680097fe38e8a8ba8040450e5b6f14eb1904e727","ssdeep":"384:+v0a/K7iYFRdYtQn0Qen9tO69aI8tAUeNDaUGRQ2t4PpBahqoo+KXnS7YhfGMOIf:+K72Q0Q80GaIoQPzahq/AMOY","tlshash":"9bc2d4a7321eb91a8719626110ef2e85a2cc48c4718f1f7ce724e53674d763485ebef8","size":27950,"data":"","first_seen":"2025-10-25T00:53:17.563852Z","last_seen":"2026-01-15T19:05:30.416502Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/jwplayer.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f91de142eed44442bad231961488c5d0","sha1":"ea6c79968011a5b59e444d792f7ab048a1f7e31d","sha256":"b3031ee0f2674c203fe1400df12a96148c4bed344553fc9063c3846ba8466295","sha512":"9870ce81ead889f1a2f26abb9bc4cf17d69abba0eadec70d74e299d52791c66ab4b4669f747ef35e429928ed718d09b31ecdefee26fbb7498f694b56fd8ae370","ssdeep":"1536:lrGRl1EevCcKntukU2YYKDjAPkotbKSrvodmBiScMsz1x5rjk0ECjIUMj7DEYR/H:DeQtqR/wooiAUMj7DT9","tlshash":"5fb31ae631c2b4e643e628daa07a4041f23a0545380dc5a4fa6cede63d67947b177fbc","size":111441,"data":"","first_seen":"2024-04-13T15:29:14Z","last_seen":"2026-06-03T03:05:15.224534Z","times_seen":1553,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1676bfea4b16968bde6fe1baac971b25","sha1":"e2305c1343db7d63028d9c21e9c9fabcea6d33ac","sha256":"c3adea52d43109205f53a0bf6f885a407985bf7a47bff1c97dc931f3f8b91a37","sha512":"8ed77633c4837e8d89460de0498023d17b2c738723cb9b09aa77ffbec004f4ecc30a4ab0d3429848887fccff7084d232345f5ee0b3e12467cd135ecec3149694","ssdeep":"","tlshash":"092157581ce60876907369ab0f9ea2443a36d0d30186cc727e9ccb249f905ee06b6bc8","size":1111,"data":"","first_seen":"2025-11-16T08:53:46.805721Z","last_seen":"2026-06-03T03:05:15.288974Z","times_seen":287,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/index-BOs1vC0Y.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2db830629b8a67756685f68283d9da46","sha1":"e623fb3c3ab131809275337c2c4a4b63acc8bb44","sha256":"425634b3261155c8cd3d94c68f7c6a064209fa5f4aae788b236f16c41eb6262d","sha512":"74ef94aa75363ea98494a4c68b5bfdf2e534ebbeaa261036e82b4c107a3544fc1df3529f782f48a25ea0e9bc53d77cc3158b56f37ddfdea7f7e166768dbd629d","ssdeep":"3072:0MUyb6daDVnOPHYj6khW4lgn+hqPT9xD907rHh:VuVPYbhfcPpxDC7rB","tlshash":"d9143be831aab655abf306b5006f1503b33d1c172c4c8460e125edae76b590a91bbffd","size":205780,"data":"","first_seen":"2025-12-28T21:54:06.997698Z","last_seen":"2025-12-30T13:42:26.520528Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cd7a34e714de94d5c29b8ac5acdde24b","sha1":"b722bccb435490630d97ef88cafeb02d92f70fd0","sha256":"312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71","sha512":"a724bc648a508c24e5bb1788e1f02b47030893bbb0b80a99e380d95480095983a35d8ec11193c53f0a67db47a289ab608fcbc9dbca846bfdd5d61a8832290f43","ssdeep":"","tlshash":"58e07d48ff28c7f316ce28ab516e770858d104d58c1b58024cebccc86935ed87291527","size":314,"data":"","first_seen":"2023-03-11T11:23:25Z","last_seen":"2026-06-03T20:55:39.026593Z","times_seen":35895,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/js/jquery.min.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-03T20:54:23.250422Z","times_seen":477453,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cd7a34e714de94d5c29b8ac5acdde24b","sha1":"b722bccb435490630d97ef88cafeb02d92f70fd0","sha256":"312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71","sha512":"a724bc648a508c24e5bb1788e1f02b47030893bbb0b80a99e380d95480095983a35d8ec11193c53f0a67db47a289ab608fcbc9dbca846bfdd5d61a8832290f43","ssdeep":"","tlshash":"58e07d48ff28c7f316ce28ab516e770858d104d58c1b58024cebccc86935ed87291527","size":314,"data":"","first_seen":"2023-03-11T11:23:25Z","last_seen":"2026-06-03T20:55:39.026593Z","times_seen":35895,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/polyfills-wjtqc2V4.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a4b56155557a453ea36976b2606d1036","sha1":"b4e50c149eb7814fd09c80ff3aae1c56d0b06a69","sha256":"17d0242807c28e9035817535e844b9c01f1432131791e55e737f505d87506dcc","sha512":"4119b032629064240dbb5fc57e630809482d9ade76ba0e626e672874556024e63108d4992fd1285589134af213d9fe55a0bf027a214076b0673a6461b16aae4b","ssdeep":"1536:DLjYwaM4RAQToClLvkZ3lu1khHZXa3odk1dJnMB1tiwX8RJ/W:DfPaM4Rdo/Z3sOJa32kPJnitiwWe","tlshash":"efb3e5c9f6c2f4a247e764a4403f110bf23b6d55b80e8194e366d1d17cb9a8ac03bf69","size":116819,"data":"","first_seen":"2025-12-25T20:57:24.332571Z","last_seen":"2026-01-01T13:00:48.548931Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f98cf8486a8beb4d2d271b8e9304216","sha1":"112dd81cdd24e37a4554c9a5c5327b30a476acf8","sha256":"77b18c051d8450512853f4643dd7ac0e4c3205b7ec4cd1373ca5ad0dd2f470c3","sha512":"110b22e3e2f501f3dcc8f1dea02efaaa338ae6379f15907e15301de227279570bd997c4dbdb46e3c8814dd61779303c6fd26b9c0dfe53f3a733c1379da5e85aa","ssdeep":"","tlshash":"ca90003208200280ae2c0a20200aa0888820ae3b232208a28bb20a0a08088a0028cbe2","size":43,"data":"","first_seen":"2023-03-08T08:46:55Z","last_seen":"2026-06-03T03:05:15.288274Z","times_seen":1609,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/provider.hlsjs.js?v=2","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0f95e38aa7bb0943693b51bd6a7deed0","sha1":"26c89f76894108f76ad23af32ecc6b1e708993ba","sha256":"1b1263b7061aaca7fe0b69168b16cb2401a7fe2ada08ccfdd373ee06c7d125b1","sha512":"664696a45bacbf3ee40fe544f92104f568b10a6cffb6a3fffa9afe351294d00dc0a1883d50cc799a1b1dba0fd00797047729670ee72c19cf0e302539fe63b075","ssdeep":"6144:GCXemC8LqtXLauG9L2aEyflDc2iGLY6I2KlqJxRC9i5q9GYqT:1MXxG9L2By5cbOYRqJxRCG","tlshash":"36943bed7795a02642c2a1a5903f4617633b7d0a3409c1bcfa2be9d75db8849b03bf74","size":422959,"data":"","first_seen":"2024-04-13T15:29:15Z","last_seen":"2026-06-01T16:14:32.864577Z","times_seen":1539,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e7cod.com/5/9915880","fqdn":"e7cod.com","domain":"e7cod.com","tld":"com"},"ip":{"addr":"139.45.197.233","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ce81d167d158f2564097e50336c1601","sha1":"978b9ce4fc492b92844ff579e4467b3c972be6a4","sha256":"5aa73b3d84bd0f483a35d7cd8b1fa5e44c44bed5833c2a6f56f3be84e9fcf787","sha512":"463a267f51fa95d3c1e2a78351ac421cf66cc36b3aeee1110dd4f562d22c0497d7b65301ef2c925626ca284bb20ed9e7d4da7fc49172a5cdd2924ae9225124b9","ssdeep":"3072:0Xki1TG8YlAVPzIqwL76WJHpYx85/MVzU5R:tWTGvllqw5JJdQzu","tlshash":"47b3195673a27bd21a6a60d42d67d60573fd8cc1448f8867e3c8787972d081cc3abbe9","size":117681,"data":"","first_seen":"2025-12-29T09:22:01.966848Z","last_seen":"2025-12-29T09:22:01.966848Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5f2dfc871117e44264ee487d8e08e03","sha1":"84df50deb1da07577c6308d6229b6838977355ca","sha256":"1d38267e6325306a1b5993faaf6250de6fdcffe27bd9a654895482f7662cab0d","sha512":"1507e457223f7d9e4236fc7b490a455e470aea75c55eb5ecd08e819e01c0e7722e0282e865d96d806c6ba65a6f62d53d32453633689c4f4afb8f8c506befb41a","ssdeep":"","tlshash":"e83155b63128347882f5166f7cbb664df07756512d1e9080905ce4643828f79f6334ce","size":1529,"data":"","first_seen":"2025-01-25T03:50:38.139741Z","last_seen":"2026-06-03T03:05:15.281261Z","times_seen":1124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/LegacyLayout-D8SxJCHx.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"7952a1ce1c32c876b651bdc692364514","sha1":"81bbdef5c4becb9770b269052ec74a21946e17f6","sha256":"a9ba76952a1c07ad96fffc0bc371da2982b17fc80b5f737423f73e4a0565185d","sha512":"51d6cde41b8fc45828b7274d880124466f77667baddc89c7994af1d64ed55b0ca916bc59bf6545aeea8f4117d6de7390450d44d51df02edfa20d6675081aa7d7","ssdeep":"768:cuE7x3issdcrmOPfpsjM5iOeFEtyUFvLiO8lX1/iE7T2tWPP0cb4Q0OHaY6FiZ4o:PXSH+v2tNQNFhwKwWL1TZxr","tlshash":"30f2e944e2189ebefd1708c4f6af6114b21e0e69fa0a4ce0e57f58280675985b71bfcd","size":37061,"data":"","first_seen":"2025-12-28T21:54:06.991018Z","last_seen":"2025-12-30T13:42:26.519142Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/videoPagesBundle-BjPEz-uH.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d1aad0400a975fc6d5acfccba4bce469","sha1":"af88ec21ab0c0640bb3a141995a56e6c96245901","sha256":"d3c600bf9b61de1119540ee962b7808e21721c7d1d6fc716bf7e83205da5bf56","sha512":"342de07f0039989756d9587388af6f0b7c840f92d5f31679ddec80dce27a2e46b75c03df4323ea19f8c0798297ecb9eed23bdd4bae482b1dfd26e2d2815290a1","ssdeep":"3072:6Q/VbguZPE7yybx7pB3MG7EB3MXqoiqf6G/gnZ7JgSPjWQu4rcwYl:6Q/xg6wFPMG6MXVf6agnbgwWl4y","tlshash":"41448e59a236a439a3f5055018af1002f5ec0ad0b52e5191f5aecc3e3fdbf52c1b7ea9","size":275678,"data":"","first_seen":"2025-12-28T21:54:06.989893Z","last_seen":"2025-12-30T13:42:26.521831Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/player/jw8_26/bafsd.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c2432aca90e92e0370d2ded2545eb1fa","sha1":"8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb","sha256":"89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5","sha512":"7278ab65bac73bbba9750c49161c677ad6d98d8d16f5f692a3b19e99423c2b32a9785a1bd4045321f4ffd0cf3c6270e5fe4b4ab1cc7bbe4f7cdfc3c40bb3f373","ssdeep":"192:Tb2KC3RtGFnoYcAb/XkLM17rbN5rYrWcYYgC/55wJjJUjfQFU75+xCj+8NcC+5wK:WLsrqh56lUb4kochTK","tlshash":"a852428b738da2be86fa33e4c43f2494e97ed272c115c4fab5b58a801d90815c397d79","size":13706,"data":"","first_seen":"2024-10-04T15:55:15Z","last_seen":"2026-06-03T03:05:15.275249Z","times_seen":1351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/videoPagesBundle-BjPEz-uH.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d1aad0400a975fc6d5acfccba4bce469","sha1":"af88ec21ab0c0640bb3a141995a56e6c96245901","sha256":"d3c600bf9b61de1119540ee962b7808e21721c7d1d6fc716bf7e83205da5bf56","sha512":"342de07f0039989756d9587388af6f0b7c840f92d5f31679ddec80dce27a2e46b75c03df4323ea19f8c0798297ecb9eed23bdd4bae482b1dfd26e2d2815290a1","ssdeep":"3072:6Q/VbguZPE7yybx7pB3MG7EB3MXqoiqf6G/gnZ7JgSPjWQu4rcwYl:6Q/xg6wFPMG6MXVf6agnbgwWl4y","tlshash":"41448e59a236a439a3f5055018af1002f5ec0ad0b52e5191f5aecc3e3fdbf52c1b7ea9","size":275678,"data":"","first_seen":"2025-12-28T21:54:06.989893Z","last_seen":"2025-12-30T13:42:26.521831Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5f2dfc871117e44264ee487d8e08e03","sha1":"84df50deb1da07577c6308d6229b6838977355ca","sha256":"1d38267e6325306a1b5993faaf6250de6fdcffe27bd9a654895482f7662cab0d","sha512":"1507e457223f7d9e4236fc7b490a455e470aea75c55eb5ecd08e819e01c0e7722e0282e865d96d806c6ba65a6f62d53d32453633689c4f4afb8f8c506befb41a","ssdeep":"","tlshash":"e83155b63128347882f5166f7cbb664df07756512d1e9080905ce4643828f79f6334ce","size":1529,"data":"","first_seen":"2025-01-25T03:50:38.139741Z","last_seen":"2026-06-03T03:05:15.281261Z","times_seen":1124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"528dd01eb509d1fc3c68b48e165c9d77","sha1":"8d702f33d869eb8c53cf75c17014f96385322395","sha256":"b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a","sha512":"4c1edeec560f431005363ff5291acc80c1c42edf7c9a6d6e4fde2f7539b6a35a8e36f0bc228503263277bf5df4525dc579575faadca614c32e5dfa885a2d343b","ssdeep":"","tlshash":"78a012bb71b851710cd51ba7a40455e01c20123105052c101c8d5151c011c171d394c0","size":84,"data":"","first_seen":"2023-04-07T06:55:59Z","last_seen":"2026-06-03T20:55:39.028585Z","times_seen":38334,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/bafsd.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c2432aca90e92e0370d2ded2545eb1fa","sha1":"8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb","sha256":"89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5","sha512":"7278ab65bac73bbba9750c49161c677ad6d98d8d16f5f692a3b19e99423c2b32a9785a1bd4045321f4ffd0cf3c6270e5fe4b4ab1cc7bbe4f7cdfc3c40bb3f373","ssdeep":"192:Tb2KC3RtGFnoYcAb/XkLM17rbN5rYrWcYYgC/55wJjJUjfQFU75+xCj+8NcC+5wK:WLsrqh56lUb4kochTK","tlshash":"a852428b738da2be86fa33e4c43f2494e97ed272c115c4fab5b58a801d90815c397d79","size":13706,"data":"","first_seen":"2024-10-04T15:55:15Z","last_seen":"2026-06-03T03:05:15.275249Z","times_seen":1351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/js/jquery.min.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-03T20:54:23.250422Z","times_seen":477453,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f98cf8486a8beb4d2d271b8e9304216","sha1":"112dd81cdd24e37a4554c9a5c5327b30a476acf8","sha256":"77b18c051d8450512853f4643dd7ac0e4c3205b7ec4cd1373ca5ad0dd2f470c3","sha512":"110b22e3e2f501f3dcc8f1dea02efaaa338ae6379f15907e15301de227279570bd997c4dbdb46e3c8814dd61779303c6fd26b9c0dfe53f3a733c1379da5e85aa","ssdeep":"","tlshash":"ca90003208200280ae2c0a20200aa0888820ae3b232208a28bb20a0a08088a0028cbe2","size":43,"data":"","first_seen":"2023-03-08T08:46:55Z","last_seen":"2026-06-03T03:05:15.288274Z","times_seen":1609,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/LegacyLayout-D8SxJCHx.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"7952a1ce1c32c876b651bdc692364514","sha1":"81bbdef5c4becb9770b269052ec74a21946e17f6","sha256":"a9ba76952a1c07ad96fffc0bc371da2982b17fc80b5f737423f73e4a0565185d","sha512":"51d6cde41b8fc45828b7274d880124466f77667baddc89c7994af1d64ed55b0ca916bc59bf6545aeea8f4117d6de7390450d44d51df02edfa20d6675081aa7d7","ssdeep":"768:cuE7x3issdcrmOPfpsjM5iOeFEtyUFvLiO8lX1/iE7T2tWPP0cb4Q0OHaY6FiZ4o:PXSH+v2tNQNFhwKwWL1TZxr","tlshash":"30f2e944e2189ebefd1708c4f6af6114b21e0e69fa0a4ce0e57f58280675985b71bfcd","size":37061,"data":"","first_seen":"2025-12-28T21:54:06.991018Z","last_seen":"2025-12-30T13:42:26.519142Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d882b49167571a8dc4de310e0b2e623d","sha1":"426f496e1155dfab34840a7a467866838448c8d0","sha256":"6dc67eafa621e57610ed67c02b1c0c5532e495dfe555dcade99fb81b6744899b","sha512":"aef46b85426812f38eb29a030e1f82d73c053df2d2d9077eb0563f9906353228fd5ffec1d5afc12a76b564031171bf2ec78c994b883ebed865ebe5aad64fc674","ssdeep":"","tlshash":"e3c02b64e22c32c038bfe310486beb2c7503a5337f4b4e54196954aa2c2cd3b705b9f9","size":154,"data":"","first_seen":"2023-03-08T08:46:55Z","last_seen":"2026-06-03T03:05:15.285606Z","times_seen":1597,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/polyfills-wjtqc2V4.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9330b3782a155b05fa9d7621d6907c8","sha1":"4a57b2bf9b537d1efd245a66264e670f05160d2e","sha256":"bf02bb50232167697a7eab93cd515a3ae647b209b2e54f6b2f9e41553b41947d","sha512":"ba4be6ce59bc231ad339b8abc280666818905991f098aad5982edd28b488f151fe48f9f243d4b5b1c53650ad8b2ecaf7d96646b70eccbdb6867fb071dd5b2e5d","ssdeep":"1536:DLjYwaM4RAQToClLvkZ3lu1khHZXa3odk1dJnMB1tiwX8RJ/7:DfPaM4Rdo/Z3sOJa32kPJnitiwWj","tlshash":"6db3e6c9f6c2f4a247e764a4403f110bf23b6d55b80e8194e366d1d17cb9a8ac03bf69","size":116772,"data":"","first_seen":"2025-12-25T20:57:24.343045Z","last_seen":"2026-01-01T13:00:48.542904Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/index-DRVHD9Qf.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"debbd2498a09b21a47ae9b68ac447aa1","sha1":"38e01e0c13aa6b3ee54e93931f716415e718ec4c","sha256":"6caded267361f630082192aefd7a5adc4d141140b8b733ef8bfeed6d11ee594c","sha512":"69af786d7487782bd8420c8bc2e59bd6864102576f1d801225b975007d1bf9d01c6dc7f2c40ed0912d00ac3e878b14b1fdef9ea5e78d88e58e4e54b4937fb4bd","ssdeep":"192:qYEjQ7VQhyeyVK/2Nsq67qL3gl1I5/5uiadfkFEjfHodGlSkGJPXtC4/uQYO6qPq:qYEjQp8xyPNsz7eQa1a+UfHqGlmPXtju","tlshash":"3532fb50eaba747103b12495507d5253a227881d7cbd84d0f3aa4f2f2bc98465a3efbc","size":11653,"data":"","first_seen":"2025-12-28T21:54:06.987969Z","last_seen":"2025-12-30T13:42:26.518231Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/index-BOs1vC0Y.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2db830629b8a67756685f68283d9da46","sha1":"e623fb3c3ab131809275337c2c4a4b63acc8bb44","sha256":"425634b3261155c8cd3d94c68f7c6a064209fa5f4aae788b236f16c41eb6262d","sha512":"74ef94aa75363ea98494a4c68b5bfdf2e534ebbeaa261036e82b4c107a3544fc1df3529f782f48a25ea0e9bc53d77cc3158b56f37ddfdea7f7e166768dbd629d","ssdeep":"3072:0MUyb6daDVnOPHYj6khW4lgn+hqPT9xD907rHh:VuVPYbhfcPpxDC7rB","tlshash":"d9143be831aab655abf306b5006f1503b33d1c172c4c8460e125edae76b590a91bbffd","size":205780,"data":"","first_seen":"2025-12-28T21:54:06.997698Z","last_seen":"2025-12-30T13:42:26.520528Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/jwplayer.core.controls.js?v=2","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fee77850b6b254569cf03f43a4dfdde4","sha1":"35841d306d3404fbef6825371ffdbcd992ade913","sha256":"50b22ddf7e9cf49716e33660cc9de3c2bbf3cb90f203d8af93810f8f97bdee3f","sha512":"84d9c23a355b9aa6e6d37f4e4090a41a250499a6c3bb8d5808fa2851a376edfe71d7f1d3d35f658266299339ae88c85fc478a820014c19eeed4e026b4cdab683","ssdeep":"3072:wKH7nFuhglX/qZ3ux2wI9Y7J+3qbOXUvDY6MnJMyXR286CcYZ6mfjq:vHxA4/qZ3V3Y7J+30Y6MnJt2lSZ6mfjq","tlshash":"7d641832214256359aea82da76514604b3398085f516cfacff2ceddd4c6e8cb31f6bb4","size":326903,"data":"","first_seen":"2024-03-12T19:48:43Z","last_seen":"2026-06-01T16:14:32.850002Z","times_seen":1828,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"528dd01eb509d1fc3c68b48e165c9d77","sha1":"8d702f33d869eb8c53cf75c17014f96385322395","sha256":"b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a","sha512":"4c1edeec560f431005363ff5291acc80c1c42edf7c9a6d6e4fde2f7539b6a35a8e36f0bc228503263277bf5df4525dc579575faadca614c32e5dfa885a2d343b","ssdeep":"","tlshash":"78a012bb71b851710cd51ba7a40455e01c20123105052c101c8d5151c011c171d394c0","size":84,"data":"","first_seen":"2023-04-07T06:55:59Z","last_seen":"2026-06-03T20:55:39.028585Z","times_seen":38334,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d882b49167571a8dc4de310e0b2e623d","sha1":"426f496e1155dfab34840a7a467866838448c8d0","sha256":"6dc67eafa621e57610ed67c02b1c0c5532e495dfe555dcade99fb81b6744899b","sha512":"aef46b85426812f38eb29a030e1f82d73c053df2d2d9077eb0563f9906353228fd5ffec1d5afc12a76b564031171bf2ec78c994b883ebed865ebe5aad64fc674","ssdeep":"","tlshash":"e3c02b64e22c32c038bfe310486beb2c7503a5337f4b4e54196954aa2c2cd3b705b9f9","size":154,"data":"","first_seen":"2023-03-08T08:46:55Z","last_seen":"2026-06-03T03:05:15.285606Z","times_seen":1597,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/index-DRVHD9Qf.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"debbd2498a09b21a47ae9b68ac447aa1","sha1":"38e01e0c13aa6b3ee54e93931f716415e718ec4c","sha256":"6caded267361f630082192aefd7a5adc4d141140b8b733ef8bfeed6d11ee594c","sha512":"69af786d7487782bd8420c8bc2e59bd6864102576f1d801225b975007d1bf9d01c6dc7f2c40ed0912d00ac3e878b14b1fdef9ea5e78d88e58e4e54b4937fb4bd","ssdeep":"192:qYEjQ7VQhyeyVK/2Nsq67qL3gl1I5/5uiadfkFEjfHodGlSkGJPXtC4/uQYO6qPq:qYEjQp8xyPNsz7eQa1a+UfHqGlmPXtju","tlshash":"3532fb50eaba747103b12495507d5253a227881d7cbd84d0f3aa4f2f2bc98465a3efbc","size":11653,"data":"","first_seen":"2025-12-28T21:54:06.987969Z","last_seen":"2025-12-30T13:42:26.518231Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"be4235.rcr32.ams02.i8yz83pn.com/hls2/08/09464/cs12ya6fad1n_h/master.m3u8?t=nmg0F_a4l1O5fSN35gs9yZlgBed4pPD21ToqOGsneHU\u0026s=1767000089\u0026e=10800\u0026f=47321772\u0026srv=1060\u0026asn=50304\u0026sp=4000\u0026p=0","fqdn":"be4235.rcr32.ams02.i8yz83pn.com","domain":"i8yz83pn.com","tld":"com"},"ip":{"addr":"185.248.171.139","port":443,"asn":43668,"as":"as43668 LLC","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:30.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"be4235.rcr32.ams02.i8yz83pn.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:48:12 GMT","end":"Sat, 07 Mar 2026 04:48:11 GMT"},"fingerprint":{"sha1":"00:47:5D:58:AC:91:5A:D5:59:B9:C6:E0:F0:78:52:F1:A8:CF:4E:1C","sha256":"2A:EA:54:32:E7:D8:5E:47:63:2E:90:45:8E:8B:4E:09:34:63:95:A7:15:B0:48:BC:71:4A:59:F4:92:90:A1:EB"}}},"request":{"raw":"GET /hls2/08/09464/cs12ya6fad1n_h/master.m3u8?t=nmg0F_a4l1O5fSN35gs9yZlgBed4pPD21ToqOGsneHU\u0026s=1767000089\u0026e=10800\u0026f=47321772\u0026srv=1060\u0026asn=50304\u0026sp=4000\u0026p=0 HTTP/1.1\r\nHost: be4235.rcr32.ams02.i8yz83pn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 29 Dec 2025 09:21:30 GMT\r\nContent-Type: application/vnd.apple.mpegurl\r\nLast-Modified: Mon, 29 Dec 2025 09:21:30 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 2026 09:21:30 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=259200, no-store, no-cache\r\nSprint-Cache: BYPASS\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":608,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"3cd8a9d1c3946e68b14d4054fc0177ed","sha1":"2cb22dba04624bce534b589ce9d0d40b4649033f","sha256":"13e00b86cc530e7dc6db57ef43d96ed3518e08f5171a767e089e7879f4db9a55","sha512":"3603fdf55aab366381448f63fe7ab4abbe5d29c350afca38a283a8e3b6ab88244cf66628a4df64b2929e43b8dc73b8a8063c2092bb8aed6a087b476bb9cb1cd5","ssdeep":"","tlshash":"acf0ddeaa93d7a0d1268a9c89a2c3a0c8c097accaacd9558c0ce03945785a5574f0e6d","first_seen":"2025-12-29T09:22:01.959397Z","last_seen":"2025-12-29T09:22:01.959397Z","times_seen":1,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":57,"dns":5,"connect":15,"send":0,"wait":54,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/images/logo.svg","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/images/logo.svg HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=6,i=?0\r\nlast-modified: Sun, 28 Dec 2025 15:40:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 17:29:19 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 57128\r\ncf-cache-status: HIT\r\netag: W/\"69514f85-b38\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VwHrFwz4y83cCqj3NEtwxf0%2BfgEXHZVZysljaeGyzjeuJituVSjEtSn05Rz7YiUVNt8Azez9VrEX8MKDiuijqos31gGP64ufQ%2BHJzA%2FG\"}]}\r\ncf-ray: 9b583a36ab2bb4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2872,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"67b665cca56bf48426d17cf37961c61f","sha1":"f72322db0a7dec18d48c5067d5e14ac362f2d845","sha256":"2008a6c40369f9f5da5277cb3ef062f3cae401fa0b225a4d637c1ad3146c861f","sha512":"c1ed84a00988ba7148dd0d733bb7535cc6e785e7ff2573c4c1177f68e15b739168f2b9379b11c26d73913da23a3c513698f3a2cd0f1ed48cfb7f42aedb2b3dfd","ssdeep":"","tlshash":"345120b0a1e5e42ef11c017ddb9058243b18a0d7e3009519f51e273a9f298c7af9f7e8","first_seen":"2025-12-07T20:07:36.453472Z","last_seen":"2026-01-18T08:59:42.607443Z","times_seen":91,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"HEAD /d25mm/cs12ya6fad1n HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: text/html\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xoEG%2FTaz61cr%2BOnt27HgnHsjmGzXf9SfIUEevVfkXq0ta4AQmuNxttT4qejOnJs%2BYnUHTP7fbytq%2B%2BCVJdA2z9%2FspePw8w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9b583a3e0b4db517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":150,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"e7cod.com/wrr?z=9915880\u0026p_rid=ed44b323-5780-4aa3-85be-80d18fc3e31d\u0026rb=bMIUJS7Fy_TkY_snIbG5o95XbuwXtLJXVrvQyFVg1Pyrmr8NTq38xj95q9Jws2vr9qyCPg_dKM2G_NI-kLF32e0AEFHqpWbI2J6rHKg53EqA2glDroPURN1AAsxpdaZrkoU6IT9UIEO0FpbV_SrliHJLVZ95b5-SyWOuRLv7PoVB_kK_K2iHomLfSXa33KmlCJ6ZBj5mzOdkErLJavCYXaqHhvuFcUCmmu6k1rnYLNAB8q9f11EKcG34fQMWHGgmsAT8qWjiiysfUmWAVjZVzXMCSQiTR45JolYbEw==\u0026dmn=e7cod.com\u0026userId=0082ae7285a24497e537810cfcb17afd","fqdn":"e7cod.com","domain":"e7cod.com","tld":"com"},"ip":{"addr":"139.45.197.233","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:30.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"e7cod.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:13 GMT","end":"Mon, 09 Mar 2026 06:11:12 GMT"},"fingerprint":{"sha1":"E1:3E:8E:13:F8:CC:FC:0E:0E:77:77:99:F6:A9:A9:84:D8:7F:C1:C2","sha256":"92:21:C3:31:91:DB:58:BC:FB:3F:B5:6A:7B:02:EF:B3:44:1C:76:01:56:DF:A3:00:0E:B5:98:72:97:00:8C:7A"}}},"request":{"raw":"POST /wrr?z=9915880\u0026p_rid=ed44b323-5780-4aa3-85be-80d18fc3e31d\u0026rb=bMIUJS7Fy_TkY_snIbG5o95XbuwXtLJXVrvQyFVg1Pyrmr8NTq38xj95q9Jws2vr9qyCPg_dKM2G_NI-kLF32e0AEFHqpWbI2J6rHKg53EqA2glDroPURN1AAsxpdaZrkoU6IT9UIEO0FpbV_SrliHJLVZ95b5-SyWOuRLv7PoVB_kK_K2iHomLfSXa33KmlCJ6ZBj5mzOdkErLJavCYXaqHhvuFcUCmmu6k1rnYLNAB8q9f11EKcG34fQMWHGgmsAT8qWjiiysfUmWAVjZVzXMCSQiTR45JolYbEw==\u0026dmn=e7cod.com\u0026userId=0082ae7285a24497e537810cfcb17afd HTTP/1.1\r\nHost: e7cod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g9r6.com/\r\ncontent-type: application/json\r\nContent-Length: 3463\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: OAID=0082ae7285a24497e537810cfcb17afd; oaidts=1767000089\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3463,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkHT0hbGhw9Sh9bA1ZfQkkARB5PDQoFGlgQAwdXWAlFW04WNRkDLUMHGmhOWl4lEwE3AhtnAAFmFgwNNAFVBjJEUWxFDTsKCQI9Wx4mWglIVFleFhoeaF1WQh8HDQ0RQAJYVRsLGRsKUA5eQRVXQ2kKAFtSRE4aARBVQ1BWR1BBBwkVAwMaWAALDldYCEVbSQ1IVFteFgAKFQMDGlgQA0pPUwBFW1cDSFRbXhYADEcbCQZWRgkcV1gIRVtcFwsCSUgEQk9fWhEMS0hbDBhAAllVGxMeGklIBEJPVFFsWRgOW1JFThoHDmYWDkxRQxhMAkRaQ0NYXklEVwpRDR1cD0hUW14WDQVoVlFcJQ0XDBAaGlNIFUMdBwUtXwsURGZfUxQDDQBXWAhFW1oOBgEZLVALHUNREQxKSFseEAxcBgsbW1pCSRVVAwhHWFdFWF5IRFcMVDYXVRJIVFpeFg0CW1ZBaR0FFB0BQAJYVRsRDAJJSARCT1RKWhRAVFVKFg5MS0MJTUgEGAIWVF0bG0NYDkZDWllASAcLWkNQX0dQRAIMQ19cRBc7HQ0BB1sdFktDUFdHUFoLHhUDAQ4HSFsaHEACSxVVFwceAgJRTEEVS0UUQEY0DQYDGkVbSxEaTFFDGEwZTVYRDEpIWx8CQAJYSwFRRkwcGhZUXAcLBxpYExAfV1gJW0EJTUgZAhoWVFwHCwcaWBMBSk9SFEsOQENQXkdQXRZPDQgfFA0CGkpPUxRLClgJSFRaQgZaQRVKWxRAVUlaQU4aGg4bW1tcU0IYTB5WThEMS1ZBWFlATBomXQQeCwgGUQpPDQkfFBAXDAlXWBokFkMIBgIKXQFAXRcRZF8UABYfBkJ2PVkIUUReUFJjBwMBDQgWAlJNU1UQTlNIClVEXkJScwsOXFYcBEpVSVhEUglJP1ATDwgEChtfXgMXAxRWRhcYV1gJRVtJBUhUSRtaGghFV1JaVxQdDlgUUQwOXBNQBxgifVUEWU1WRBQFFUUFBl5ED1AEHQsZSF0dPX4CWlgOAQsGFA4VGR1fTBwHDgVRHFdeSmN/QQ0XHBAQVggVFBEOCEYEXQsaUksJXwk0MFMcDEwMC1cABkMbFlJDG15cRFMIXhAbJSsDS1UbCQMCSUgFQk9CUFcUQAoMBBlOGg0LX0NQTAMGQB4eDRYcVAMXHBIQCFkdGFYSRA0EHxtMQRVJXxRARhEcARJLU1YWBlMcXVxXAQAYXQEDFwlWCwZTChAYDwcLClocFkJPWV4RDEpIWxwPQAJLLG0iSEJJHFZMVwYVEVgbFFtSVzVRB0oLQ0ZMGwYWVF0bG1ZAGwhbUkZVFEsRWkNQWlNeFgoAFQMeB1ZGCxwBQAJESBVDCQY0HVYETw0JHxQUE1tSRE4aHh0bWwwPBwFRQk9YSlBGD0ZDSjkLVhwBGRlSWDREAExBFVFaUh4BF0pPBFkFClxNSA0DLVsMB2hQXVIfHFtSWFMUSw5QDzUFDgtHMQFSV1RCEkZDWkFQFEsaVg0FHDQWUR4ZXxsJBE5IWx4QDFwGCxtbSExHUFMPAFJJUlIJRkNYWUBWBVsDQw8ARidnTEEVV19FWF5bDRtPbTpVXA9IQkkRWwICRWZUVxcRDUpPQEsbHltDRkwbFFhMVxUbHxQZCA1KTxlFRVtTEhpMUUMYTB1ZTREMSkhbGBsQW0tDCU1IHgcTQAgCRVRsUh8QHAsBDUpLQ0JDAx00E1oKH1hQVxRAAhgEBgcUSxBKPh4cAhZRABkVA1VXFhccRFcLSzYaURMFAwIHWTFVAWZcRCUKHB8QEBpTH1gNGQtHUF0dMlRRQVkXDQwFV1heCBVKBEZMAgFrCwlQXBEMHAUVGxBOGgAKZgYPDQAdFlQZRUxWGlgNCjcCB1o2ElAVSFQNE1gdCBsbWkUlExwKKglRHSYPUVwxBABrAAhAXEEUQAIYBAYHFEsQSj4OCxgZQAEdaEpSUBsWEEpPBFkFClxNSAcYLVcGH1hUWkMXOxYYEBBZS0NfAAYdDg8YTANSShEMWFZBUENQD1pKDFhIQkkRWAcIWU1sXx5GQ0oADFMHFk4PSEJJE1IIBFtQUkIfOxAMV1gaS1UbFRgPDRRdDTJEVkZEGQEmARFAAktbFUMLCh0XRhoERFxBaRMAW1JXQBRLGlgMGg8CFVoxBFMbCRRYSFsLABFMBhRmCA4xWlAOTE8bG1BDCRAWBSoLXDZLG1tITEdQVwIEVFJsXx5GQ0pXThoKFkoVSFRJUBhMAFJNW1keRkNKHxFMCB4bTUgcNAddCk8NGxEaWAsYNxwGGlNbG01IDw8WXRoEWFdSWiUNHRtXWGM0BA==\",\"async\":\"TBtXQwgXW1IOQFoIDRtbWUJJGl0AGUQbCQVWRhsEAQoaU00VQwIHDxZRADJeX0FXFwFbUkdRFEsNVhULAklIBl0QGxtRVw5GQxNXC0s2G1gVSFRbXhYNBVZLVF8UA1tSRU4aChFYEw0HBRVrGgRaXBEMSkhbDBwRWwEYSwYDAAwtQAcAUhsJBlZGFQ0DB1RLQwkcRkwDG1oaHhUDSEtWRhsEAQoaUwIbEh8eGx1GGghTGwlQGwgKDVlAWR8YUA0LDAcXFlQLVlVAU1ZGCw0UEVcHWwNDBAFGHFUYBFBYR1kISRsEAAdMBhZNCUgTR1BcBwlTXF1pEwILCRgHGlNJFUMJAgIXWhoyXl0RDFgRFwMbDU8HWxVDCwgNG1gHDENcbF8eRkNKV04aHQtYBwwHCC1HARhFWlZpEwBbUldAFEsYXRcPHB8bRwsfaFBXFEBGW0RXAVkECVgIDQA0G1BMVxUbHxQZEQocGg9nAB1mUEhUSVAYTA5CSkdZFzsQDCpQGlNbG01IDQcbVwUyXl0RDFhGVUoWDUsdWwNDSEJJH1EaBVhdEQxYDgocFAUaRVtLPh8HD1AOTE8bG1xXJQ0dSk9AGkVbWAUOBx8bWwAMW2ZaUglGQzMoHw==\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":true,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://g9r6.com/d25mm/cs12ya6fad1n\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":1280,\"wiw\":1280,\"wih\":1024,\"wfc\":1,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"https://bysezejataos.com/\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Mon, 29 Dec 2025 09:21:30 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://g9r6.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"e7cod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/videoPagesBundle-BjPEz-uH.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.090Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/videoPagesBundle-BjPEz-uH.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/assets/index-BOs1vC0Y.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 102321\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\netag: \"6951a5e9-18fb1\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 21:53:32 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 41275\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t5ljvd8zcdJzN%2FVvlsl5Kdm8PsOBWAL21HXF0e1sA9DNu5QagksJ4M2XPLJ1wfB6FrpD120H5L1pleXny%2FxPZKDBaHTxgJTFpyY7Bsp4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a369b29b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":275678,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d1aad0400a975fc6d5acfccba4bce469","sha1":"af88ec21ab0c0640bb3a141995a56e6c96245901","sha256":"d3c600bf9b61de1119540ee962b7808e21721c7d1d6fc716bf7e83205da5bf56","sha512":"342de07f0039989756d9587388af6f0b7c840f92d5f31679ddec80dce27a2e46b75c03df4323ea19f8c0798297ecb9eed23bdd4bae482b1dfd26e2d2815290a1","ssdeep":"3072:6Q/VbguZPE7yybx7pB3MG7EB3MXqoiqf6G/gnZ7JgSPjWQu4rcwYl:6Q/xg6wFPMG6MXVf6agnbgwWl4y","tlshash":"41448e59a236a439a3f5055018af1002f5ec0ad0b52e5191f5aecc3e3fdbf52c1b7ea9","first_seen":"2025-12-28T21:54:06.989893Z","last_seen":"2025-12-30T13:42:26.521831Z","times_seen":5,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/index-BOs1vC0Y.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/index-BOs1vC0Y.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 21:49:55 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 41493\r\ncf-cache-status: HIT\r\netag: W/\"6951a5e9-323d4\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XIUsqszpAh3fNF1ESxrNccuflhBQ0wVAQbQVxhpa9tpe24AF%2BidqDbh1ZiinVC880%2FZxGJ2pkfsBZXdeFNsfkJmEbVbLbw%3D%3D\"}]}\r\ncf-ray: 9b583a3a2b22b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":205780,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (50421)","md5":"2db830629b8a67756685f68283d9da46","sha1":"e623fb3c3ab131809275337c2c4a4b63acc8bb44","sha256":"425634b3261155c8cd3d94c68f7c6a064209fa5f4aae788b236f16c41eb6262d","sha512":"74ef94aa75363ea98494a4c68b5bfdf2e534ebbeaa261036e82b4c107a3544fc1df3529f782f48a25ea0e9bc53d77cc3158b56f37ddfdea7f7e166768dbd629d","ssdeep":"3072:0MUyb6daDVnOPHYj6khW4lgn+hqPT9xD907rHh:VuVPYbhfcPpxDC7rB","tlshash":"d9143be831aab655abf306b5006f1503b33d1c172c4c8460e125edae76b590a91bbffd","first_seen":"2025-12-28T21:54:06.997698Z","last_seen":"2025-12-30T13:42:26.520528Z","times_seen":5,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/js/jquery.min.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.984Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /js/jquery.min.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 16 Dec 2025 22:21:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Mon, 19 Jan 2026 02:20:05 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 802883\r\ncf-cache-status: HIT\r\netag: W/\"6941db75-15d9d\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A9tLre9GzSYpCyuj%2BZ%2FigbU4HgYpO2oBszyLP1VJ5%2B4Wr2WXN09GU5WZwyxSS1izqTc6TCl1rGmCakA%2FUQKs4RDq7gKomg%3D%3D\"}]}\r\ncf-ray: 9b583a3c2b39b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-03T20:54:23.250422Z","times_seen":477453,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"be4235.rcr32.ams02.i8yz83pn.com/hls2/08/09464/cs12ya6fad1n_h/seg-1-v1-a1.ts?t=nmg0F_a4l1O5fSN35gs9yZlgBed4pPD21ToqOGsneHU\u0026s=1767000089\u0026e=10800\u0026f=47321772\u0026srv=1060\u0026asn=50304\u0026sp=4000\u0026p=0","fqdn":"be4235.rcr32.ams02.i8yz83pn.com","domain":"i8yz83pn.com","tld":"com"},"ip":{"addr":"185.248.171.139","port":443,"asn":43668,"as":"as43668 LLC","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:30.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"be4235.rcr32.ams02.i8yz83pn.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:48:12 GMT","end":"Sat, 07 Mar 2026 04:48:11 GMT"},"fingerprint":{"sha1":"00:47:5D:58:AC:91:5A:D5:59:B9:C6:E0:F0:78:52:F1:A8:CF:4E:1C","sha256":"2A:EA:54:32:E7:D8:5E:47:63:2E:90:45:8E:8B:4E:09:34:63:95:A7:15:B0:48:BC:71:4A:59:F4:92:90:A1:EB"}}},"request":{"raw":"GET /hls2/08/09464/cs12ya6fad1n_h/seg-1-v1-a1.ts?t=nmg0F_a4l1O5fSN35gs9yZlgBed4pPD21ToqOGsneHU\u0026s=1767000089\u0026e=10800\u0026f=47321772\u0026srv=1060\u0026asn=50304\u0026sp=4000\u0026p=0 HTTP/1.1\r\nHost: be4235.rcr32.ams02.i8yz83pn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 29 Dec 2025 09:21:30 GMT\r\nContent-Type: video/MP2T\r\nContent-Length: 1053176\r\nConnection: keep-alive\r\nLast-Modified: Sun, 19 Nov 2000 08:52:00 GMT\r\nExpires: Wed, 31 Dec 2025 06:28:27 GMT\r\nETag: \"5f693e80-1011f8\"\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=259200, no-store, no-cache\r\nSprint-Cache: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1053176,"size_decoded":0,"mime_type":"video/mp2t","magic":"MPEG transport stream data","md5":"aba2112d9c90706bf26bdb0071af62a5","sha1":"196217c4e79a647bf3bca99be6a40ad06486fecd","sha256":"b45631998f0d87368b04fdc825c54e3ce6fc130d42c86c9cfeb18db180740508","sha512":"0bc64e1957ba083bc5bec84d9adae2e46385406f0031b625184a9889242433b04fda8816d42db36864d95c4e10370b66046f1c78516d797785322c727ac4f626","ssdeep":"24576:F9xtmECcwBYc1CD+ZdKw50mu2/Gr2PD2VcObIAEFhAB:F9Dcc+wCTOr2afbISB","tlshash":"1b25235837a67d13ac1372231f00b952a3688d14fb905f232674b15ff6fe5cce92aa64","first_seen":"2025-12-29T09:22:01.963599Z","last_seen":"2025-12-29T09:22:01.963599Z","times_seen":1,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":277,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/index-C_ikuGqY.css","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:27.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/index-C_ikuGqY.css HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:27 GMT\r\ncontent-type: text/css\r\ncontent-length: 65563\r\npriority: u=2,i=?0\r\nlast-modified: Sun, 28 Dec 2025 15:41:09 GMT\r\netag: \"69514f95-1001b\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 17:38:29 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 56578\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NbY75djuevL%2BoUzJKalCaZoEDD1iKCQyr1JweQtaCZMfYP1uJQZ%2BK1LahpFDIPoz2fsZ7IZoc%2BYbUlMvlhpjzHp5uvsA%2BrUXd9RoU9g9\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a34db18b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":347269,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"4bd31ef9488909d328c7775661824614","sha1":"b8da2e2359a38e5c28b999b428a7e70134bf89d8","sha256":"cc68f8598137c5ad4050dce29f2818b9e7707936575cb790cfe6f31f2cd78762","sha512":"40fc65256fea588983563d211a6f37593b64f14f20c6fff9160a6e9a7656a583d0a80106c52e193bf5adb57a1bbe008e89310afb64402983ac740aa06f73bec9","ssdeep":"3072:gIwTTme/S3SYigENM6HN26QTnLNqyVlz1yadW5y6:gIgn/S3SYigENM6HN26QTnLRlz1yaCy6","tlshash":"2574e976f651352ef063c65a54d0fb9ea42a8102d6130bedf92777644f8a2cb0a73e4c","first_seen":"2025-12-28T21:54:06.994601Z","last_seen":"2025-12-30T13:42:26.52678Z","times_seen":5,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/LegacyLayout-D8SxJCHx.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/LegacyLayout-D8SxJCHx.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/assets/videoPagesBundle-BjPEz-uH.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 10981\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\netag: \"6951a5e9-2ae5\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 21:53:32 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 41275\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6sb%2FDGUTPaD6EaWHA7teLD0zPOORTel41%2B5b7XMePsvSxWBkAoyP179xU%2F%2B0iAUJU5XBdRA0nsMZb7EFC0LhtU6jfTrzNHzFKklbbJyU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a36eb2eb4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37061,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (37047)","md5":"7952a1ce1c32c876b651bdc692364514","sha1":"81bbdef5c4becb9770b269052ec74a21946e17f6","sha256":"a9ba76952a1c07ad96fffc0bc371da2982b17fc80b5f737423f73e4a0565185d","sha512":"51d6cde41b8fc45828b7274d880124466f77667baddc89c7994af1d64ed55b0ca916bc59bf6545aeea8f4117d6de7390450d44d51df02edfa20d6675081aa7d7","ssdeep":"768:cuE7x3issdcrmOPfpsjM5iOeFEtyUFvLiO8lX1/iE7T2tWPP0cb4Q0OHaY6FiZ4o:PXSH+v2tNQNFhwKwWL1TZxr","tlshash":"30f2e944e2189ebefd1708c4f6af6114b21e0e69fa0a4ce0e57f58280675985b71bfcd","first_seen":"2025-12-28T21:54:06.991018Z","last_seen":"2025-12-30T13:42:26.519142Z","times_seen":5,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/bafsd.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /player/jw8_26/bafsd.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Fri, 04 Oct 2024 05:52:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 441\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"66ff82ab-358a\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iJ%2BKrCJgIFsNRokPaSMebVdoGHQGQWnTPi36AgjqKyph4HaFFkoqoioc%2BK0i3vLCzxjw4NJoIyimnPaCS3vodHMXbyNiog%3D%3D\"}]}\r\ncf-ray: 9b583a3c7b46b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13706,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"c2432aca90e92e0370d2ded2545eb1fa","sha1":"8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb","sha256":"89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5","sha512":"7278ab65bac73bbba9750c49161c677ad6d98d8d16f5f692a3b19e99423c2b32a9785a1bd4045321f4ffd0cf3c6270e5fe4b4ab1cc7bbe4f7cdfc3c40bb3f373","ssdeep":"192:Tb2KC3RtGFnoYcAb/XkLM17rbN5rYrWcYYgC/55wJjJUjfQFU75+xCj+8NcC+5wK:WLsrqh56lUb4kochTK","tlshash":"a852428b738da2be86fa33e4c43f2494e97ed272c115c4fab5b58a801d90815c397d79","first_seen":"2024-10-04T15:55:15Z","last_seen":"2026-06-03T03:05:15.275249Z","times_seen":1351,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"e7cod.com/wrr?z=9915880\u0026p_rid=ed44b323-5780-4aa3-85be-80d18fc3e31d\u0026rb=bMIUJS7Fy_TkY_snIbG5o95XbuwXtLJXVrvQyFVg1Pyrmr8NTq38xj95q9Jws2vr9qyCPg_dKM2G_NI-kLF32e0AEFHqpWbI2J6rHKg53EqA2glDroPURN1AAsxpdaZrkoU6IT9UIEO0FpbV_SrliHJLVZ95b5-SyWOuRLv7PoVB_kK_K2iHomLfSXa33KmlCJ6ZBj5mzOdkErLJavCYXaqHhvuFcUCmmu6k1rnYLNAB8q9f11EKcG34fQMWHGgmsAT8qWjiiysfUmWAVjZVzXMCSQiTR45JolYbEw==\u0026dmn=e7cod.com\u0026userId=0082ae7285a24497e537810cfcb17afd","fqdn":"e7cod.com","domain":"e7cod.com","tld":"com"},"ip":{"addr":"139.45.197.233","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:30.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"e7cod.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:13 GMT","end":"Mon, 09 Mar 2026 06:11:12 GMT"},"fingerprint":{"sha1":"E1:3E:8E:13:F8:CC:FC:0E:0E:77:77:99:F6:A9:A9:84:D8:7F:C1:C2","sha256":"92:21:C3:31:91:DB:58:BC:FB:3F:B5:6A:7B:02:EF:B3:44:1C:76:01:56:DF:A3:00:0E:B5:98:72:97:00:8C:7A"}}},"request":{"raw":"OPTIONS /wrr?z=9915880\u0026p_rid=ed44b323-5780-4aa3-85be-80d18fc3e31d\u0026rb=bMIUJS7Fy_TkY_snIbG5o95XbuwXtLJXVrvQyFVg1Pyrmr8NTq38xj95q9Jws2vr9qyCPg_dKM2G_NI-kLF32e0AEFHqpWbI2J6rHKg53EqA2glDroPURN1AAsxpdaZrkoU6IT9UIEO0FpbV_SrliHJLVZ95b5-SyWOuRLv7PoVB_kK_K2iHomLfSXa33KmlCJ6ZBj5mzOdkErLJavCYXaqHhvuFcUCmmu6k1rnYLNAB8q9f11EKcG34fQMWHGgmsAT8qWjiiysfUmWAVjZVzXMCSQiTR45JolYbEw==\u0026dmn=e7cod.com\u0026userId=0082ae7285a24497e537810cfcb17afd HTTP/1.1\r\nHost: e7cod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://g9r6.com/\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Mon, 29 Dec 2025 09:21:30 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://g9r6.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":62,"dns":1,"connect":26,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"e7cod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/LegacyLayout-D8SxJCHx.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/LegacyLayout-D8SxJCHx.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/assets/videoPagesBundle-BjPEz-uH.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 21:49:55 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 41492\r\ncf-cache-status: HIT\r\netag: W/\"6951a5e9-90c5\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EiGJZTXekCVA%2FzG%2F5uYPCjHZZciyLm2VP6mrodJ1itmZmUSjaDFQIr5BlaZlZ%2BBNeJ3hYw%2FvIfTRaWOKXQVLIyQab5vfAg%3D%3D\"}]}\r\ncf-ray: 9b583a3beb38b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37061,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (37047)","md5":"7952a1ce1c32c876b651bdc692364514","sha1":"81bbdef5c4becb9770b269052ec74a21946e17f6","sha256":"a9ba76952a1c07ad96fffc0bc371da2982b17fc80b5f737423f73e4a0565185d","sha512":"51d6cde41b8fc45828b7274d880124466f77667baddc89c7994af1d64ed55b0ca916bc59bf6545aeea8f4117d6de7390450d44d51df02edfa20d6675081aa7d7","ssdeep":"768:cuE7x3issdcrmOPfpsjM5iOeFEtyUFvLiO8lX1/iE7T2tWPP0cb4Q0OHaY6FiZ4o:PXSH+v2tNQNFhwKwWL1TZxr","tlshash":"30f2e944e2189ebefd1708c4f6af6114b21e0e69fa0a4ce0e57f58280675985b71bfcd","first_seen":"2025-12-28T21:54:06.991018Z","last_seen":"2025-12-30T13:42:26.519142Z","times_seen":5,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/index-BOs1vC0Y.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:27.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/index-BOs1vC0Y.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:27 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 66722\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\netag: \"6951a5e9-104a2\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 21:53:32 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 41275\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GZujlbRmovSokQ9aqWeZpC3lQgu3usKqgOt62%2FS19fjg2T6uW%2FNFVCjzXVPPkL6534d08TFiYoSnqLXUcNdH5IOdxyiEObRAtVIO9xGl\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a34db17b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":205780,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (50421)","md5":"2db830629b8a67756685f68283d9da46","sha1":"e623fb3c3ab131809275337c2c4a4b63acc8bb44","sha256":"425634b3261155c8cd3d94c68f7c6a064209fa5f4aae788b236f16c41eb6262d","sha512":"74ef94aa75363ea98494a4c68b5bfdf2e534ebbeaa261036e82b4c107a3544fc1df3529f782f48a25ea0e9bc53d77cc3158b56f37ddfdea7f7e166768dbd629d","ssdeep":"3072:0MUyb6daDVnOPHYj6khW4lgn+hqPT9xD907rHh:VuVPYbhfcPpxDC7rB","tlshash":"d9143be831aab655abf306b5006f1503b33d1c172c4c8460e125edae76b590a91bbffd","first_seen":"2025-12-28T21:54:06.997698Z","last_seen":"2025-12-30T13:42:26.520528Z","times_seen":5,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/index-DRVHD9Qf.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/index-DRVHD9Qf.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/assets/videoPagesBundle-BjPEz-uH.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 4109\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\netag: \"6951a5e9-100d\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 21:53:32 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 41275\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uvw0tiWQpCPifIknxcW9PI%2B46bs2E1vuQLut4G876IE%2B4htRSZCihnMpIfE0WCc2df6eY412vKfJ5pCWG313WfU9bNVUxGhTlcsD8zfM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a36eb2db4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11653,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11652)","md5":"debbd2498a09b21a47ae9b68ac447aa1","sha1":"38e01e0c13aa6b3ee54e93931f716415e718ec4c","sha256":"6caded267361f630082192aefd7a5adc4d141140b8b733ef8bfeed6d11ee594c","sha512":"69af786d7487782bd8420c8bc2e59bd6864102576f1d801225b975007d1bf9d01c6dc7f2c40ed0912d00ac3e878b14b1fdef9ea5e78d88e58e4e54b4937fb4bd","ssdeep":"192:qYEjQ7VQhyeyVK/2Nsq67qL3gl1I5/5uiadfkFEjfHodGlSkGJPXtC4/uQYO6qPq:qYEjQp8xyPNsz7eQa1a+UfHqGlmPXtju","tlshash":"3532fb50eaba747103b12495507d5253a227881d7cbd84d0f3aa4f2f2bc98465a3efbc","first_seen":"2025-12-28T21:54:06.987969Z","last_seen":"2025-12-30T13:42:26.518231Z","times_seen":5,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/player/jw8_26/bafsd.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /player/jw8_26/bafsd.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Fri, 04 Oct 2024 05:52:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 5539\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"66ff82ab-358a\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e%2FpuoyCJeFu%2Fjn3P6XleeQmTAwiejLE9B%2ByoouXT0kzE6%2BgWR1OgQawKT%2FsnY%2FB2XkP1JT2ps7YjJrHHX7cNUrWgDmM9cALrJ0SlL9qY\"}]}\r\ncf-ray: 9b583a37ab32b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13706,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"c2432aca90e92e0370d2ded2545eb1fa","sha1":"8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb","sha256":"89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5","sha512":"7278ab65bac73bbba9750c49161c677ad6d98d8d16f5f692a3b19e99423c2b32a9785a1bd4045321f4ffd0cf3c6270e5fe4b4ab1cc7bbe4f7cdfc3c40bb3f373","ssdeep":"192:Tb2KC3RtGFnoYcAb/XkLM17rbN5rYrWcYYgC/55wJjJUjfQFU75+xCj+8NcC+5wK:WLsrqh56lUb4kochTK","tlshash":"a852428b738da2be86fa33e4c43f2494e97ed272c115c4fab5b58a801d90815c397d79","first_seen":"2024-10-04T15:55:15Z","last_seen":"2026-06-03T03:05:15.275249Z","times_seen":1351,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/index-C_ikuGqY.css","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/index-C_ikuGqY.css HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nlast-modified: Sun, 28 Dec 2025 13:13:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 13:14:53 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 72394\r\ncf-cache-status: HIT\r\netag: W/\"69512d11-54c85\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ity1guWYrZjwK%2FwOyl62s8g%2FPCkNzU0u7t4yfxfAF4gxWl3ysdMJtVkUlV0LTlje8uZrEbUgyaY%2BgXsmzYRmgawnNhv41Q%3D%3D\"}]}\r\ncf-ray: 9b583a3a3b24b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":347269,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"4bd31ef9488909d328c7775661824614","sha1":"b8da2e2359a38e5c28b999b428a7e70134bf89d8","sha256":"cc68f8598137c5ad4050dce29f2818b9e7707936575cb790cfe6f31f2cd78762","sha512":"40fc65256fea588983563d211a6f37593b64f14f20c6fff9160a6e9a7656a583d0a80106c52e193bf5adb57a1bbe008e89310afb64402983ac740aa06f73bec9","ssdeep":"3072:gIwTTme/S3SYigENM6HN26QTnLNqyVlz1yadW5y6:gIgn/S3SYigENM6HN26QTnLRlz1yaCy6","tlshash":"2574e976f651352ef063c65a54d0fb9ea42a8102d6130bedf92777644f8a2cb0a73e4c","first_seen":"2025-12-28T21:54:06.994601Z","last_seen":"2025-12-30T13:42:26.52678Z","times_seen":5,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":15,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/index-DRVHD9Qf.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/index-DRVHD9Qf.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 21:49:56 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 41492\r\ncf-cache-status: HIT\r\netag: W/\"6951a5e9-2d85\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3%2BR00IQ7wgZ4V5UaelfjlfqJUoRwoYSyg7TsmOt4q7U43DWX0mmw4Rikqh%2BMswRuVo8OMv%2BmbovHOgA9E1RUGOD768xpCA%3D%3D\"}]}\r\ncf-ray: 9b583a3b7b32b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11653,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11652)","md5":"debbd2498a09b21a47ae9b68ac447aa1","sha1":"38e01e0c13aa6b3ee54e93931f716415e718ec4c","sha256":"6caded267361f630082192aefd7a5adc4d141140b8b733ef8bfeed6d11ee594c","sha512":"69af786d7487782bd8420c8bc2e59bd6864102576f1d801225b975007d1bf9d01c6dc7f2c40ed0912d00ac3e878b14b1fdef9ea5e78d88e58e4e54b4937fb4bd","ssdeep":"192:qYEjQ7VQhyeyVK/2Nsq67qL3gl1I5/5uiadfkFEjfHodGlSkGJPXtC4/uQYO6qPq:qYEjQp8xyPNsz7eQa1a+UfHqGlmPXtju","tlshash":"3532fb50eaba747103b12495507d5253a227881d7cbd84d0f3aa4f2f2bc98465a3efbc","first_seen":"2025-12-28T21:54:06.987969Z","last_seen":"2025-12-30T13:42:26.518231Z","times_seen":5,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/videoPagesBundle-BjPEz-uH.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/videoPagesBundle-BjPEz-uH.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/assets/index-BOs1vC0Y.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 21:49:55 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 41492\r\ncf-cache-status: HIT\r\netag: W/\"6951a5e9-434de\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZVxti%2BWnRqVZUCzMnQ3ZBGSrqdmp0YraxDiX%2FVc1x%2FkLIJ9bSa4dbyC4cKGbnnY8HNSYO2G%2FgKmN5PLyMza4QlGLhEHtug%3D%3D\"}]}\r\ncf-ray: 9b583a3b9b35b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":275678,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d1aad0400a975fc6d5acfccba4bce469","sha1":"af88ec21ab0c0640bb3a141995a56e6c96245901","sha256":"d3c600bf9b61de1119540ee962b7808e21721c7d1d6fc716bf7e83205da5bf56","sha512":"342de07f0039989756d9587388af6f0b7c840f92d5f31679ddec80dce27a2e46b75c03df4323ea19f8c0798297ecb9eed23bdd4bae482b1dfd26e2d2815290a1","ssdeep":"3072:6Q/VbguZPE7yybx7pB3MG7EB3MXqoiqf6G/gnZ7JgSPjWQu4rcwYl:6Q/xg6wFPMG6MXVf6agnbgwWl4y","tlshash":"41448e59a236a439a3f5055018af1002f5ec0ad0b52e5191f5aecc3e3fdbf52c1b7ea9","first_seen":"2025-12-28T21:54:06.989893Z","last_seen":"2025-12-30T13:42:26.521831Z","times_seen":5,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"e7cod.com/5/9915880","fqdn":"e7cod.com","domain":"e7cod.com","tld":"com"},"ip":{"addr":"139.45.197.233","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"e7cod.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:13 GMT","end":"Mon, 09 Mar 2026 06:11:12 GMT"},"fingerprint":{"sha1":"E1:3E:8E:13:F8:CC:FC:0E:0E:77:77:99:F6:A9:A9:84:D8:7F:C1:C2","sha256":"92:21:C3:31:91:DB:58:BC:FB:3F:B5:6A:7B:02:EF:B3:44:1C:76:01:56:DF:A3:00:0E:B5:98:72:97:00:8C:7A"}}},"request":{"raw":"GET /5/9915880 HTTP/1.1\r\nHost: e7cod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 87ef77ad2a03dfebf58ca866e350e58c\r\nlink: \u003chttps://my.rtmark.net\u003e; rel=\"preconnect dns-prefetch\"\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\nset-cookie: OAID=0082ae7285a24497e537810cfcb17afd; expires=Tue, 29 Dec 2026 09:21:29 GMT; path=/; secure; SameSite=None\noaidts=1767000089; expires=Tue, 29 Dec 2026 09:21:29 GMT; path=/; secure; SameSite=None\nsyncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":117681,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3ce81d167d158f2564097e50336c1601","sha1":"978b9ce4fc492b92844ff579e4467b3c972be6a4","sha256":"5aa73b3d84bd0f483a35d7cd8b1fa5e44c44bed5833c2a6f56f3be84e9fcf787","sha512":"463a267f51fa95d3c1e2a78351ac421cf66cc36b3aeee1110dd4f562d22c0497d7b65301ef2c925626ca284bb20ed9e7d4da7fc49172a5cdd2924ae9225124b9","ssdeep":"3072:0Xki1TG8YlAVPzIqwL76WJHpYx85/MVzU5R:tWTGvllqw5JJdQzu","tlshash":"47b3195673a27bd21a6a60d42d67d60573fd8cc1448f8867e3c8787972d081cc3abbe9","first_seen":"2025-12-29T09:22:01.966848Z","last_seen":"2025-12-29T09:22:01.966848Z","times_seen":1,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":110,"dns":48,"connect":27,"send":0,"wait":51,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"e7cod.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/e/cs12ya6fad1n","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-29T09:21:27.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /e/cs12ya6fad1n HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Dec 2025 09:21:27 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UZxSF4XwclUJBkSWy%2BDN00%2BbdwNTDglkoSdZ%2F9cqxJFzMAsdD%2FBCv7G5FJ8Nh5WcGGGnS%2Fv%2F2ePY4vjQ0LL9ByWVPJOq5dhFdV9DqNU6\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b583a322efb56c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2953,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (435)","md5":"ffb96831671753e69f322875bdfd007f","sha1":"37cb084f2cd8692af73efae8ea2cc397c0f8d1da","sha256":"319a17b2c606b23ca915a6f74163d58dd0c36cd6d291a5127cdb8f120e341873","sha512":"12e919a63f8e14e3b0d1b0fe5e39b020f636fa73521f7d7c9fb83fdd8c4957a2e6c220c58833b96d923d4b2a5a602099e48889811984a103a39e223865ef6447","ssdeep":"","tlshash":"27514246acf4c9b60176299f2e69f5083d6192c34109dc503aedc4b88f50fd90e6bdd4","first_seen":"2025-12-28T21:54:07.037771Z","last_seen":"2025-12-30T13:42:26.525896Z","times_seen":5,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":101,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/polyfills-wjtqc2V4.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:27.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/polyfills-wjtqc2V4.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:27 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 46866\r\npriority: u=3,i=?0\r\nlast-modified: Thu, 25 Dec 2025 18:13:08 GMT\r\netag: \"694d7eb4-b712\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 24 Jan 2026 18:33:51 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 312456\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BMh2zuranm2H1z%2BKeR6uklYVG3qnmK6%2BApfrppxeo%2F9dqQxN25Q93yImz2nonWLKv%2BH0lkT%2Bko9wBv1730yLXqpbyHDEw6MXbdJiVx0y\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a34cb16b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":116772,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (51776), with NEL line terminators","md5":"f9330b3782a155b05fa9d7621d6907c8","sha1":"4a57b2bf9b537d1efd245a66264e670f05160d2e","sha256":"bf02bb50232167697a7eab93cd515a3ae647b209b2e54f6b2f9e41553b41947d","sha512":"ba4be6ce59bc231ad339b8abc280666818905991f098aad5982edd28b488f151fe48f9f243d4b5b1c53650ad8b2ecaf7d96646b70eccbdb6867fb071dd5b2e5d","ssdeep":"1536:DLjYwaM4RAQToClLvkZ3lu1khHZXa3odk1dJnMB1tiwX8RJ/7:DfPaM4Rdo/Z3sOJa32kPJnitiwWj","tlshash":"6db3e6c9f6c2f4a247e764a4403f110bf23b6d55b80e8194e366d1d17cb9a8ac03bf69","first_seen":"2025-12-25T20:57:24.343045Z","last_seen":"2026-01-01T13:00:48.542904Z","times_seen":11,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/LegacyLayout-COfevCdK.css","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/LegacyLayout-COfevCdK.css HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: text/css\r\ncontent-length: 4327\r\npriority: u=2,i=?0\r\nlast-modified: Sun, 28 Dec 2025 15:41:09 GMT\r\netag: \"69514f95-10e7\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 17:38:30 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 56577\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nw50gVGk%2Bk6A7RMbMi5UHEO6vxh3Q7lo38DUCUj1j%2BQLI2TeXkXseGubnhFiiGpDyvuOlbeqx0UqDmjGAm55fcfYdpxuZWr%2F9BuCnJa%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a363b20b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21683,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (21682)","md5":"d70c50d26bc900eefc710a0aa8896adb","sha1":"006321a1415164ecab702cf7e6119b950dc4cba9","sha256":"7fb4a2c264249230c47191fde62bc5cbd362f7259395acccd0028a0b50d59159","sha512":"971653b52eeb11bfc44f732460b2fde10e028a98634f17c98371bf49d32083f0575b0ff649b5a9740f2d25167e75a740eec82787affda5259949817faf4e28bf","ssdeep":"192:llhnnt+Vz8hLoIPYN0sxE86V6bBsbPh+O2qxquEuOufFa+:Jn4/N0sKfobubpd2qxqcFa+","tlshash":"09a2842db50d343eecefc59e99b4a34dd0844812f81347fdab5792590fea2072b6e948","first_seen":"2025-12-28T21:54:06.986719Z","last_seen":"2025-12-31T23:09:26.674549Z","times_seen":9,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/LegacyLayout-D8SxJCHx.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/LegacyLayout-D8SxJCHx.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 21:49:55 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 41492\r\ncf-cache-status: HIT\r\netag: W/\"6951a5e9-90c5\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R1qdq8UAtz0FqRthy%2FiBJ%2F2IucyG%2FKtIo9RpLWBuZufjeVZR1DhV6pTaigAukZZm0CBxQnP3QQii6L2inp2nzwzv9Q19rA%3D%3D\"}]}\r\ncf-ray: 9b583a3b7b33b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37061,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (37047)","md5":"7952a1ce1c32c876b651bdc692364514","sha1":"81bbdef5c4becb9770b269052ec74a21946e17f6","sha256":"a9ba76952a1c07ad96fffc0bc371da2982b17fc80b5f737423f73e4a0565185d","sha512":"51d6cde41b8fc45828b7274d880124466f77667baddc89c7994af1d64ed55b0ca916bc59bf6545aeea8f4117d6de7390450d44d51df02edfa20d6675081aa7d7","ssdeep":"768:cuE7x3issdcrmOPfpsjM5iOeFEtyUFvLiO8lX1/iE7T2tWPP0cb4Q0OHaY6FiZ4o:PXSH+v2tNQNFhwKwWL1TZxr","tlshash":"30f2e944e2189ebefd1708c4f6af6114b21e0e69fa0a4ce0e57f58280675985b71bfcd","first_seen":"2025-12-28T21:54:06.991018Z","last_seen":"2025-12-30T13:42:26.519142Z","times_seen":5,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/index-DRVHD9Qf.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/index-DRVHD9Qf.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/assets/videoPagesBundle-BjPEz-uH.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 21:49:56 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 41492\r\ncf-cache-status: HIT\r\netag: W/\"6951a5e9-2d85\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xJ%2Bwdm60TeeeY5hfw7xCr6LtBmho8N6JBpta%2B5izKS%2BfH0gj1MfdcLjmq8G7TXw9O1rZ3O49exRkzSNPsd1ZQRMSY1P5KQ%3D%3D\"}]}\r\ncf-ray: 9b583a3beb37b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11653,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11652)","md5":"debbd2498a09b21a47ae9b68ac447aa1","sha1":"38e01e0c13aa6b3ee54e93931f716415e718ec4c","sha256":"6caded267361f630082192aefd7a5adc4d141140b8b733ef8bfeed6d11ee594c","sha512":"69af786d7487782bd8420c8bc2e59bd6864102576f1d801225b975007d1bf9d01c6dc7f2c40ed0912d00ac3e878b14b1fdef9ea5e78d88e58e4e54b4937fb4bd","ssdeep":"192:qYEjQ7VQhyeyVK/2Nsq67qL3gl1I5/5uiadfkFEjfHodGlSkGJPXtC4/uQYO6qPq:qYEjQp8xyPNsz7eQa1a+UfHqGlmPXtju","tlshash":"3532fb50eaba747103b12495507d5253a227881d7cbd84d0f3aa4f2f2bc98465a3efbc","first_seen":"2025-12-28T21:54:06.987969Z","last_seen":"2025-12-30T13:42:26.518231Z","times_seen":5,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js?userId=0082ae7285a24497e537810cfcb17afd","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Dec 2025 17:37:04 GMT","end":"Tue, 24 Mar 2026 18:37:01 GMT"},"fingerprint":{"sha1":"05:4F:CA:93:1E:46:6C:B4:A4:49:3A:2A:0C:AD:DB:CA:8C:CF:BC:9C","sha256":"81:B0:0B:B9:30:D8:5D:FE:11:36:CE:28:36:04:4F:41:74:05:00:57:EE:04:F0:1D:44:B3:B4:6F:A6:4F:D8:FD"}}},"request":{"raw":"GET /gid.js?userId=0082ae7285a24497e537810cfcb17afd HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Dec 2025 09:21:30 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://g9r6.com\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0082ae7285a24497e537810cfcb17afd; expires=Tue, 29 Dec 2026 09:21:30 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9b583a426c911ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7190c8f8990717825355b83345b4ac9a","sha1":"761b07ce3209e8ba39f3b79c3a3400fc2a89726a","sha256":"6ca0b58c81bc3936c08d7bd688ad00ba3b55a4d2cecba3fb8005332879cc207b","sha512":"2919b1bd01c1834ebc7c050fb187b2b7f29ef12f410ef211d8da61ae7289cd8468a5827841f3dfacb68c34af5c01398cb065274d563747a5f10165c3d19f3e61","ssdeep":"","tlshash":"7ca0026bd95c4ad4874009175e87df0e214550a16aa8e38495e5455121d755cc997350","first_seen":"2025-12-29T09:22:01.970394Z","last_seen":"2025-12-29T09:22:01.970394Z","times_seen":1,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":16,"dns":1,"connect":1,"send":0,"wait":32,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img-place.com/cs12ya6fad1n_xt.jpg","fqdn":"img-place.com","domain":"img-place.com","tld":"com"},"ip":{"addr":"104.21.86.203","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:30.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img-place.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 21 Nov 2025 07:58:36 GMT","end":"Thu, 19 Feb 2026 08:57:08 GMT"},"fingerprint":{"sha1":"C3:78:F5:A6:74:93:86:CC:67:49:A8:89:FA:D4:B7:CD:B5:21:2A:94","sha256":"CE:3C:8A:E5:97:76:D8:92:E5:1F:F0:67:79:25:FB:CB:83:77:45:05:2B:14:0A:80:42:A1:D6:CA:14:AA:42:CE"}}},"request":{"raw":"GET /cs12ya6fad1n_xt.jpg HTTP/1.1\r\nHost: img-place.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Dec 2025 09:21:30 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 68003\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sun, 13 Jul 2025 17:27:03 GMT\r\netag: \"6873ec67-109a3\"\r\nexpires: Mon, 12 Jan 2026 09:21:30 GMT\r\ncache-control: max-age=2678400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uoMeDnS0E8iDJKAm%2Fusfbf%2F6815IZH8qaEdTCsQlgLOQp%2BBNgV2wvDI%2BHrVuONFjqJnU%2FsxFc0dMac%2FD5vCd54lYhcPKYvhyLqF5\"}]}\r\ncf-ray: 9b583a42fafd56b1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68003,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x564, components 3","md5":"edbedc88f0ff73395699218727c77846","sha1":"620b94537a940379e1fead1ab8d3baded4b04c43","sha256":"ec0f33727766b1fb1b49d37c2c9375f5a3532e28f6894ea4a87094336986444e","sha512":"ec5dfd38e25d570d02a0e0d0bee25301eacec829769e588863f3c27bd8726e449105379fc0f6a04be513bd432a222b2712d684550fd616cb888c39fd395b53ab","ssdeep":"1536:2lgBlukkmJEQhQNx1G52E36InA8x0dLJT0/Of3M3oJxGt+39cg:2ElKuCrG588x0dLkOf3M3oPH39D","tlshash":"66630109f5a9391a633bb53e0fbf297023cd187520c026afd7ed1919e7e5c45622761c","first_seen":"2025-12-29T09:22:01.97407Z","last_seen":"2025-12-29T09:22:01.97407Z","times_seen":1,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":26,"dns":5,"connect":1,"send":0,"wait":252,"receive":49,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"be4235.rcr32.ams02.i8yz83pn.com/hls2/08/09464/cs12ya6fad1n_h/index-v1-a1.m3u8?t=nmg0F_a4l1O5fSN35gs9yZlgBed4pPD21ToqOGsneHU\u0026s=1767000089\u0026e=10800\u0026f=47321772\u0026srv=1060\u0026asn=50304\u0026sp=4000\u0026p=0","fqdn":"be4235.rcr32.ams02.i8yz83pn.com","domain":"i8yz83pn.com","tld":"com"},"ip":{"addr":"185.248.171.139","port":443,"asn":43668,"as":"as43668 LLC","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:30.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"be4235.rcr32.ams02.i8yz83pn.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:48:12 GMT","end":"Sat, 07 Mar 2026 04:48:11 GMT"},"fingerprint":{"sha1":"00:47:5D:58:AC:91:5A:D5:59:B9:C6:E0:F0:78:52:F1:A8:CF:4E:1C","sha256":"2A:EA:54:32:E7:D8:5E:47:63:2E:90:45:8E:8B:4E:09:34:63:95:A7:15:B0:48:BC:71:4A:59:F4:92:90:A1:EB"}}},"request":{"raw":"GET /hls2/08/09464/cs12ya6fad1n_h/index-v1-a1.m3u8?t=nmg0F_a4l1O5fSN35gs9yZlgBed4pPD21ToqOGsneHU\u0026s=1767000089\u0026e=10800\u0026f=47321772\u0026srv=1060\u0026asn=50304\u0026sp=4000\u0026p=0 HTTP/1.1\r\nHost: be4235.rcr32.ams02.i8yz83pn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 29 Dec 2025 09:21:30 GMT\r\nContent-Type: application/vnd.apple.mpegurl\r\nLast-Modified: Mon, 29 Dec 2025 09:21:30 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 2026 09:21:30 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=259200, no-store, no-cache\r\nSprint-Cache: BYPASS\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22288,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"c9f1f96f642fff67e806790e7b2cc520","sha1":"945e1587f2ae396ec09b4ae823eaa9195082d069","sha256":"e00b2775535f7cb57a9fcf6a1ec3accad5275bf4fc90b31f93167061382f537e","sha512":"177eaf2193f46c24358aff92e97bb4b5739aa1999a9b8a9390eb7781348e4e46621693529d18bd6311551f357567327834cca62b25d372a898c07f6f4cf3448a","ssdeep":"384:TRv3I9GTsxa4/yJcD2tw3Ts9GPIZCrk6Rgn+1ELi5FObUhK3wt2kreVAHaxsTfYM:TSv","tlshash":"67a230e3a9753e8c02e86d849b281e28c505b6c8fede6459c48e03647f5475e78f0f6d","first_seen":"2025-12-29T09:22:01.975381Z","last_seen":"2025-12-29T09:22:01.975381Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/LegacyLayout-D8SxJCHx.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/LegacyLayout-D8SxJCHx.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 10981\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\netag: \"6951a5e9-2ae5\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 21:53:32 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 41275\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gO%2Bv3Q%2B2cSLrFFXyVBXAcYzrnx3z6GcgBymzfbYDesMasReWJMl47lrUcCNgvjnX48R0QCP383%2Bcr%2BP3mf3NRg%2F5NtGK1i1ewF91LU56\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a365b26b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37061,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (37047)","md5":"7952a1ce1c32c876b651bdc692364514","sha1":"81bbdef5c4becb9770b269052ec74a21946e17f6","sha256":"a9ba76952a1c07ad96fffc0bc371da2982b17fc80b5f737423f73e4a0565185d","sha512":"51d6cde41b8fc45828b7274d880124466f77667baddc89c7994af1d64ed55b0ca916bc59bf6545aeea8f4117d6de7390450d44d51df02edfa20d6675081aa7d7","ssdeep":"768:cuE7x3issdcrmOPfpsjM5iOeFEtyUFvLiO8lX1/iE7T2tWPP0cb4Q0OHaY6FiZ4o:PXSH+v2tNQNFhwKwWL1TZxr","tlshash":"30f2e944e2189ebefd1708c4f6af6114b21e0e69fa0a4ce0e57f58280675985b71bfcd","first_seen":"2025-12-28T21:54:06.991018Z","last_seen":"2025-12-30T13:42:26.519142Z","times_seen":5,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/js/jquery.min.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /js/jquery.min.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 30894\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 07 Dec 2025 21:19:14 GMT\r\netag: \"6935ef52-78ae\"\r\ncontent-encoding: gzip\r\nexpires: Wed, 07 Jan 2026 06:50:51 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 1823437\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zFZTJRDqfGnSW9DrAjnUWRCvJuhWTIhfuE1v8HtKB7sOuTAcVKjtRJgSaOxQcpLbseiEPNT8M4%2B9k%2FAECludbGEU6jSe3uj0OpuzWKK1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a374b30b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-03T20:54:23.250422Z","times_seen":477453,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/api/videos/cs12ya6fad1n/embed/details","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /api/videos/cs12ya6fad1n/embed/details HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nX-Embed-Parent: https://bysezejataos.com/e/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dNIRX0yJBmuY40oeGCyvHlKzsHC8XiFOETWoT09R8Zmu%2Bh9QegDkO%2FG454yILdNCug1XliAv6WCBMOqItUb4dXejrBlr56GfESXvreMu\"}]}\r\npriority: u=4,i=?0\r\ncache-control: no-store\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b583a376b31b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":243,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d6fbac325db23d1cb47a4dc7ff32b875","sha1":"543d6de4ca676ea2282cf0bff0b69a3b0017cbc3","sha256":"f57adabf0b475b1d0dc9e1170834760255eea7925ac323652cec6563e86d5bee","sha512":"4ade4403557c0824b3b3936dcf2397c50ce211939014b4a7a74bccf179f4b6ff272526562e92a586318f9a54ad92ad4544f26b1dcd4c9527bdc3f959ea182a28","ssdeep":"","tlshash":"72d0a7734bb8641e4e5512f0b927a64cc56b321f4ac5f79d9c02f61596882fbc07920b","first_seen":"2025-12-29T09:22:01.97684Z","last_seen":"2025-12-29T09:22:01.97684Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/api/videos/cs12ya6fad1n/embed/settings","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /api/videos/cs12ya6fad1n/embed/settings HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nX-Embed-Parent: https://bysezejataos.com/e/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N4zuValCzawL%2BwWRLRutR%2FhZqVBK48EyDShI%2F%2B1C88Pindv5XPx8TN15U3kO1WpiwGzSapWIwKzYnARNk68Gb16ltkbP3w%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncache-control: no-store\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b583a3c3b3db517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":353,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ab19f423c6cea848411fb5ed124cf92f","sha1":"1a39dd5ac730c1418a3cecd1267992a3501665f5","sha256":"59e13ec0c7ca711684b9e1cb30fc6b46da2835b7941241bba999bb8105656ab1","sha512":"15564b59eebf42e70439a25947807fb3e77c7543f9059761eae001cb30981284c92cbfbaae801b8daf7f6af3c92a7723e42569fcd9077fee2be349b2278824bf","ssdeep":"","tlshash":"78e0263f50213aaccbdb4300eacea10b22f845726190b724ed81101d29ef0ea9220097","first_seen":"2025-12-29T09:22:01.97806Z","last_seen":"2025-12-29T09:22:01.97806Z","times_seen":1,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/api/videos/cs12ya6fad1n/embed/playback","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /api/videos/cs12ya6fad1n/embed/playback HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nX-Embed-Parent: https://bysezejataos.com/e/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c1bRcNPFxZ6bvd8C9LwgOFsFpvBU6dKRzasyCQHKXUF0h8WiS3UyeKj%2F05jUvlNrYusO5Wo43IF67bBBryBOs%2Bbhw5HPSg%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncache-control: no-store\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b583a3c4b3eb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1706,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"56e8931b97957305e99d77521ac6809e","sha1":"58612293dc7181845b7faf466202da0f200aa6fa","sha256":"3a333a6d6efe1c3c9295c649d711839f65f7d13f8b19cc9d664090ecfd2ed40d","sha512":"e001b0e30a09fdf5d2196e3007aaab9dab7bf1b3262233be098fe4e877c649af3e2e715bbf331d15e93f1701e9da8cccf498d65a02d9b9e056211ca1899aca16","ssdeep":"","tlshash":"0d311d497cfb5065ef69df435e4502bbb9472f0154087104ca488cb9df999327079df1","first_seen":"2025-12-29T09:22:01.979248Z","last_seen":"2025-12-29T09:22:01.979248Z","times_seen":1,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/jwplayer.core.controls.js?v=2","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /player/jw8_26/jwplayer.core.controls.js?v=2 HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Wed, 03 Apr 2024 09:09:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 262\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"660d1cce-4fcf7\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ylmUlOQGItuAcml7KW8HI14R4kg0Qrh5wgwHtc9zqjaYaiT6Iwc7yyJi0Rwvsxeic5Py9cx2M4lWaP8csrLlYdzoOB96UQ%3D%3D\"}]}\r\ncf-ray: 9b583a3e9b52b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":326903,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65143)","md5":"fee77850b6b254569cf03f43a4dfdde4","sha1":"35841d306d3404fbef6825371ffdbcd992ade913","sha256":"50b22ddf7e9cf49716e33660cc9de3c2bbf3cb90f203d8af93810f8f97bdee3f","sha512":"84d9c23a355b9aa6e6d37f4e4090a41a250499a6c3bb8d5808fa2851a376edfe71d7f1d3d35f658266299339ae88c85fc478a820014c19eeed4e026b4cdab683","ssdeep":"3072:wKH7nFuhglX/qZ3ux2wI9Y7J+3qbOXUvDY6MnJMyXR286CcYZ6mfjq:vHxA4/qZ3V3Y7J+30Y6MnJt2lSZ6mfjq","tlshash":"7d641832214256359aea82da76514604b3398085f516cfacff2ceddd4c6e8cb31f6bb4","first_seen":"2024-03-12T19:48:43Z","last_seen":"2026-06-01T16:14:32.850002Z","times_seen":1828,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/red-theme.css?v=2jkvp38m","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /player/jw8_26/red-theme.css?v=2jkvp38m HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nlast-modified: Sat, 22 Nov 2025 14:37:51 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"6921cabf-cbde\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5YxkEwk0QAPIKYAMLpx%2FSTtxaiqCHIJ%2BPER5EaHxBdcXz4JoWx8g28dXz9s9ssSNyXTFhRyOZSUyLu%2BZF955TAIgcJvCjg%3D%3D\"}]}\r\ncf-ray: 9b583a3e9b53b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52190,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3448), with CRLF line terminators","md5":"f3f73b08642229c81c4843ac9ed2f75f","sha1":"bef3f95d6d01090812691e9059c12f6b60dc057c","sha256":"36cff0b3e82308a7dbab594a2b92af60cfe0e002fdafca6777ace94b6deaf2ff","sha512":"2384e56dde7fe14b87fc38981530828d903af64d8f5df30daf6c11159fa8b5dce6eed8d5f427a6c4c3a827d68a0ec4b431739616be2d169db78cf9af1f3d161a","ssdeep":"768:lXA2MrRkj77QW4z0yoe6BsvjNsvjNX1vB8oGnQ/WrrqoJ9f:cljNejNpGoOior","tlshash":"8533549ebed79290aa55c3b4c72256147f6b683cef27ff593e6093b4e61440ce2d8810","first_seen":"2025-11-24T23:48:33.180698Z","last_seen":"2026-06-03T03:05:15.165701Z","times_seen":195,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":141,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jnpmfdgxlsafbsd.com/","fqdn":"jnpmfdgxlsafbsd.com","domain":"jnpmfdgxlsafbsd.com","tld":"com"},"ip":{"addr":"139.45.197.155","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jnpmfdgxlsafbsd.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 12:06:11 GMT","end":"Sat, 28 Mar 2026 12:06:10 GMT"},"fingerprint":{"sha1":"BF:1B:CA:EC:4C:F2:23:A9:63:11:AD:A6:9F:E9:DD:93:CC:C7:80:8B","sha256":"44:78:F0:79:8E:AA:7A:9E:5D:B8:A6:97:9F:89:A6:EE:85:00:74:FF:EC:30:01:25:DE:48:FE:4B:0F:BD:F7:44"}}},"request":{"raw":"HEAD / HTTP/1.1\r\nHost: jnpmfdgxlsafbsd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/html\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: text/html\r\nx-t68r22a24c1e37-8i74d80: 00000000000000000000000000000000\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-origin: https://g9r6.com\r\naccess-control-expose-headers: Link, X-Application-Token, X-Application-Key, X-Tag, X-Auth-Token, X-DirectionPartner-Id, X-ZoneType-Id, X-Hostname\r\naccess-control-allow-credentials: true\r\ntiming-allow-origin: *\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nx-application-key: tit07Frz3Ge9e8pdha1gw\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"jnpmfdgxlsafbsd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/videoPagesBundle-CVR9WjYW.css","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/videoPagesBundle-CVR9WjYW.css HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: text/css\r\ncontent-length: 4029\r\npriority: u=2,i=?0\r\nlast-modified: Fri, 12 Dec 2025 10:54:05 GMT\r\netag: \"693bf44d-fbd\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 15 Jan 2026 18:20:35 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 1090852\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ILNN633kjWP4MBpL5LgQPBnJRobcF2j3oAOizuHrB16%2BsNX5ZDdvcgYGcpOsOvnZ8MEkBXWSzY6aMaA8MS1bS0p5mAY6rKfG%2BuJS8j1n\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a363b21b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18966,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (18965)","md5":"79e53f4dcc9656ac16dd05aa6087e79c","sha1":"3e7e99d5d9fbb597e58e330ff43bdaf528c5283e","sha256":"1fb218d07c797ed9af02cf070fbaaafe1cef61a05aeb835e3b85cdbc9516dc68","sha512":"05a4b89eebf9aeaa018dff2a909077ddb4feac8ebc1cf2e0b7780568c64158ae630a859e89c3e7ac359a4b58c75cc367a4003d19329ef02de53c5bc670794fe8","ssdeep":"192:AebfIKjwoShGQ89hzf/Xx3tJ3foTuLkbL86YplGBfIs90NZtt2fwaJotQSHqB2:Ae7NFfzHFtDQ6zH/3","tlshash":"f6822421d625de1db52bc09a7cd0468ef8654205f22343f9c9a3a3664f8a1cf9b732cd","first_seen":"2025-12-07T05:24:19.704632Z","last_seen":"2026-01-13T06:55:59.834035Z","times_seen":131,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/LegacyLayout-COfevCdK.css","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/LegacyLayout-COfevCdK.css HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nlast-modified: Sun, 28 Dec 2025 13:09:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 13:10:36 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 72652\r\ncf-cache-status: HIT\r\netag: W/\"69512bf5-54b3\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QwtuhXd5Tzw6LSgpzbW1dw%2FcKjrEwrrv2rhmrOhoDoD%2BAxQdzC3%2F39mV0xEExtwT3YMqBYcQo3pe%2F7BScMPtfjahKpA%2Bbg%3D%3D\"}]}\r\ncf-ray: 9b583a3b5b2eb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21683,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (21682)","md5":"d70c50d26bc900eefc710a0aa8896adb","sha1":"006321a1415164ecab702cf7e6119b950dc4cba9","sha256":"7fb4a2c264249230c47191fde62bc5cbd362f7259395acccd0028a0b50d59159","sha512":"971653b52eeb11bfc44f732460b2fde10e028a98634f17c98371bf49d32083f0575b0ff649b5a9740f2d25167e75a740eec82787affda5259949817faf4e28bf","ssdeep":"192:llhnnt+Vz8hLoIPYN0sxE86V6bBsbPh+O2qxquEuOufFa+:Jn4/N0sKfobubpd2qxqcFa+","tlshash":"09a2842db50d343eecefc59e99b4a34dd0844812f81347fdab5792590fea2072b6e948","first_seen":"2025-12-28T21:54:06.986719Z","last_seen":"2025-12-31T23:09:26.674549Z","times_seen":9,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/videoPagesBundle-CVR9WjYW.css","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/videoPagesBundle-CVR9WjYW.css HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nlast-modified: Fri, 05 Dec 2025 22:29:28 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Sun, 04 Jan 2026 22:49:43 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 2025105\r\ncf-cache-status: HIT\r\netag: W/\"69335cc8-4a16\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ardsxyLFd0g2qDVlgBhW7fZnHsGcO6Uvo637jdCvSja%2Bf0PHIgt%2BENP3aOAns5nmkSnm399sb35y2dg%2BCtm1vy6GHWOzBw%3D%3D\"}]}\r\ncf-ray: 9b583a3b5b2fb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18966,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (18965)","md5":"79e53f4dcc9656ac16dd05aa6087e79c","sha1":"3e7e99d5d9fbb597e58e330ff43bdaf528c5283e","sha256":"1fb218d07c797ed9af02cf070fbaaafe1cef61a05aeb835e3b85cdbc9516dc68","sha512":"05a4b89eebf9aeaa018dff2a909077ddb4feac8ebc1cf2e0b7780568c64158ae630a859e89c3e7ac359a4b58c75cc367a4003d19329ef02de53c5bc670794fe8","ssdeep":"192:AebfIKjwoShGQ89hzf/Xx3tJ3foTuLkbL86YplGBfIs90NZtt2fwaJotQSHqB2:Ae7NFfzHFtDQ6zH/3","tlshash":"f6822421d625de1db52bc09a7cd0468ef8654205f22343f9c9a3a3664f8a1cf9b732cd","first_seen":"2025-12-07T05:24:19.704632Z","last_seen":"2026-01-13T06:55:59.834035Z","times_seen":131,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/jwplayer.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /player/jw8_26/jwplayer.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Fri, 05 Apr 2024 14:58:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 441\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"661011a3-1b351\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iI3fdwzGKRz9Iwg47BmMA24z8zXrHB8DJ%2F%2BBwSWFY8fz5OhcFgAMPueZbdYdTZ8s69GTg%2F8i15oPI%2BYp73QxbDIxW0T7Pw%3D%3D\"}]}\r\ncf-ray: 9b583a3dcb4ab517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":111441,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65511)","md5":"f91de142eed44442bad231961488c5d0","sha1":"ea6c79968011a5b59e444d792f7ab048a1f7e31d","sha256":"b3031ee0f2674c203fe1400df12a96148c4bed344553fc9063c3846ba8466295","sha512":"9870ce81ead889f1a2f26abb9bc4cf17d69abba0eadec70d74e299d52791c66ab4b4669f747ef35e429928ed718d09b31ecdefee26fbb7498f694b56fd8ae370","ssdeep":"1536:lrGRl1EevCcKntukU2YYKDjAPkotbKSrvodmBiScMsz1x5rjk0ECjIUMj7DEYR/H:DeQtqR/wooiAUMj7DT9","tlshash":"5fb31ae631c2b4e643e628daa07a4041f23a0545380dc5a4fa6cede63d67947b177fbc","first_seen":"2024-04-13T15:29:14Z","last_seen":"2026-06-03T03:05:15.224534Z","times_seen":1553,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jnpmfdgxlsafbsd.com/","fqdn":"jnpmfdgxlsafbsd.com","domain":"jnpmfdgxlsafbsd.com","tld":"com"},"ip":{"addr":"139.45.197.155","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jnpmfdgxlsafbsd.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 12:06:11 GMT","end":"Sat, 28 Mar 2026 12:06:10 GMT"},"fingerprint":{"sha1":"BF:1B:CA:EC:4C:F2:23:A9:63:11:AD:A6:9F:E9:DD:93:CC:C7:80:8B","sha256":"44:78:F0:79:8E:AA:7A:9E:5D:B8:A6:97:9F:89:A6:EE:85:00:74:FF:EC:30:01:25:DE:48:FE:4B:0F:BD:F7:44"}}},"request":{"raw":"OPTIONS / HTTP/1.1\r\nHost: jnpmfdgxlsafbsd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: HEAD\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://g9r6.com/\r\nOrigin: https://g9r6.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://g9r6.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":101,"dns":42,"connect":26,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"jnpmfdgxlsafbsd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/videoPagesBundle-BjPEz-uH.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/videoPagesBundle-BjPEz-uH.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 102321\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\netag: \"6951a5e9-18fb1\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 21:53:32 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 41275\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5sLf73v%2FLaofayfsmleLbWuwdY4b7rU5CDVvmcqCI80syXNzYCTdhiWFthA3SQNOgLIcXVMn3byaw0ebOosFsIU2%2FWWX7MEG5guDq2XE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a364b23b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":275678,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d1aad0400a975fc6d5acfccba4bce469","sha1":"af88ec21ab0c0640bb3a141995a56e6c96245901","sha256":"d3c600bf9b61de1119540ee962b7808e21721c7d1d6fc716bf7e83205da5bf56","sha512":"342de07f0039989756d9587388af6f0b7c840f92d5f31679ddec80dce27a2e46b75c03df4323ea19f8c0798297ecb9eed23bdd4bae482b1dfd26e2d2815290a1","ssdeep":"3072:6Q/VbguZPE7yybx7pB3MG7EB3MXqoiqf6G/gnZ7JgSPjWQu4rcwYl:6Q/xg6wFPMG6MXVf6agnbgwWl4y","tlshash":"41448e59a236a439a3f5055018af1002f5ec0ad0b52e5191f5aecc3e3fdbf52c1b7ea9","first_seen":"2025-12-28T21:54:06.989893Z","last_seen":"2025-12-30T13:42:26.521831Z","times_seen":5,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bysezejataos.com/assets/index-DRVHD9Qf.js","fqdn":"bysezejataos.com","domain":"bysezejataos.com","tld":"com"},"ip":{"addr":"104.21.23.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bysezejataos.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 09:53:59 GMT","end":"Thu, 05 Feb 2026 10:52:41 GMT"},"fingerprint":{"sha1":"69:9D:B5:29:7D:2E:72:33:DF:53:80:62:E3:5F:D0:64:64:29:4A:CF","sha256":"AC:98:86:A9:9B:F3:6D:EC:3A:AB:1F:41:5D:F3:9B:74:9B:C7:B8:3F:96:91:3C:88:5D:42:65:36:DC:74:08:06"}}},"request":{"raw":"GET /assets/index-DRVHD9Qf.js HTTP/1.1\r\nHost: bysezejataos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bysezejataos.com/e/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 4109\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\netag: \"6951a5e9-100d\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 27 Jan 2026 21:53:32 GMT\r\ncache-control: public, max-age=2592000, immutable\r\nage: 41275\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ev89dgsq%2BXnIrlV9lC7jiAnzsjD7c9TGAHimMZOfwNU3dkNdsBl2K7B89SF6C1GXS1KrIOkTjLxPK9rRnG6sFfRDkSAn3Juxr3OSALHA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b583a364b24b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11653,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11652)","md5":"debbd2498a09b21a47ae9b68ac447aa1","sha1":"38e01e0c13aa6b3ee54e93931f716415e718ec4c","sha256":"6caded267361f630082192aefd7a5adc4d141140b8b733ef8bfeed6d11ee594c","sha512":"69af786d7487782bd8420c8bc2e59bd6864102576f1d801225b975007d1bf9d01c6dc7f2c40ed0912d00ac3e878b14b1fdef9ea5e78d88e58e4e54b4937fb4bd","ssdeep":"192:qYEjQ7VQhyeyVK/2Nsq67qL3gl1I5/5uiadfkFEjfHodGlSkGJPXtC4/uQYO6qPq:qYEjQp8xyPNsz7eQa1a+UfHqGlmPXtju","tlshash":"3532fb50eaba747103b12495507d5253a227881d7cbd84d0f3aa4f2f2bc98465a3efbc","first_seen":"2025-12-28T21:54:06.987969Z","last_seen":"2025-12-30T13:42:26.518231Z","times_seen":5,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"bysezejataos.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/d25mm/cs12ya6fad1n","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://bysezejataos.com/e/cs12ya6fad1n","date":"2025-12-29T09:21:28.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /d25mm/cs12ya6fad1n HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bysezejataos.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GkuDPiWFtJ9DAJ4POydSKfrAMrqh4WS9ep2WgB1mAyro3akLO%2BixyssS8OwhQK%2BfjDWT9oyt4Jji2957a4DL5wckEv2rGA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b583a385edc5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2953,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (435)","md5":"ffb96831671753e69f322875bdfd007f","sha1":"37cb084f2cd8692af73efae8ea2cc397c0f8d1da","sha256":"319a17b2c606b23ca915a6f74163d58dd0c36cd6d291a5127cdb8f120e341873","sha512":"12e919a63f8e14e3b0d1b0fe5e39b020f636fa73521f7d7c9fb83fdd8c4957a2e6c220c58833b96d923d4b2a5a602099e48889811984a103a39e223865ef6447","ssdeep":"","tlshash":"27514246acf4c9b60176299f2e69f5083d6192c34109dc503aedc4b88f50fd90e6bdd4","first_seen":"2025-12-28T21:54:07.037771Z","last_seen":"2025-12-30T13:42:26.525896Z","times_seen":5,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":28,"dns":4,"connect":1,"send":0,"wait":153,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/polyfills-wjtqc2V4.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/polyfills-wjtqc2V4.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Thu, 25 Dec 2025 15:33:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Sat, 24 Jan 2026 15:36:57 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 323071\r\ncf-cache-status: HIT\r\netag: W/\"694d592d-1c853\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LD9Mg1fB2Dgjd05Ln65LzaQfxKd%2Fv9Vghykhr7zJaIlIgQp8tqiWka38WuixBtA%2Bs5y4kdRGPnDe4xfhVWLM1dI0E3pWmQ%3D%3D\"}]}\r\ncf-ray: 9b583a3a2b21b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":116819,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (51776), with NEL line terminators","md5":"a4b56155557a453ea36976b2606d1036","sha1":"b4e50c149eb7814fd09c80ff3aae1c56d0b06a69","sha256":"17d0242807c28e9035817535e844b9c01f1432131791e55e737f505d87506dcc","sha512":"4119b032629064240dbb5fc57e630809482d9ade76ba0e626e672874556024e63108d4992fd1285589134af213d9fe55a0bf027a214076b0673a6461b16aae4b","ssdeep":"1536:DLjYwaM4RAQToClLvkZ3lu1khHZXa3odk1dJnMB1tiwX8RJ/W:DfPaM4Rdo/Z3sOJa32kPJnitiwWe","tlshash":"efb3e5c9f6c2f4a247e764a4403f110bf23b6d55b80e8194e366d1d17cb9a8ac03bf69","first_seen":"2025-12-25T20:57:24.332571Z","last_seen":"2026-01-01T13:00:48.548931Z","times_seen":21,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/assets/videoPagesBundle-BjPEz-uH.js","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:28.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /assets/videoPagesBundle-BjPEz-uH.js HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:28 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 28 Dec 2025 21:49:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 27 Jan 2026 21:49:55 GMT\r\ncache-control: public, max-age=2592000, immutable\r\ncontent-encoding: br\r\nage: 41492\r\ncf-cache-status: HIT\r\netag: W/\"6951a5e9-434de\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UnZ%2Bf7Sf5JUV9GwHSw3CAJc5GOi6fmMf2FfW92W44yNKhL0mnFQ5IO2eBlHYa4jI8csQGeKvIWmOB5wMOVO8Xaka4vCZZA%3D%3D\"}]}\r\ncf-ray: 9b583a3b6b31b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":275678,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d1aad0400a975fc6d5acfccba4bce469","sha1":"af88ec21ab0c0640bb3a141995a56e6c96245901","sha256":"d3c600bf9b61de1119540ee962b7808e21721c7d1d6fc716bf7e83205da5bf56","sha512":"342de07f0039989756d9587388af6f0b7c840f92d5f31679ddec80dce27a2e46b75c03df4323ea19f8c0798297ecb9eed23bdd4bae482b1dfd26e2d2815290a1","ssdeep":"3072:6Q/VbguZPE7yybx7pB3MG7EB3MXqoiqf6G/gnZ7JgSPjWQu4rcwYl:6Q/xg6wFPMG6MXVf6agnbgwWl4y","tlshash":"41448e59a236a439a3f5055018af1002f5ec0ad0b52e5191f5aecc3e3fdbf52c1b7ea9","first_seen":"2025-12-28T21:54:06.989893Z","last_seen":"2025-12-30T13:42:26.521831Z","times_seen":5,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g9r6.com/player/jw8_26/provider.hlsjs.js?v=2","fqdn":"g9r6.com","domain":"g9r6.com","tld":"com"},"ip":{"addr":"172.67.161.185","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g9r6.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 15:29:03 GMT","end":"Thu, 05 Feb 2026 16:26:38 GMT"},"fingerprint":{"sha1":"1B:A7:70:8F:78:99:D4:3D:59:77:44:16:7D:FB:D8:83:FD:7F:1E:A3","sha256":"4F:AB:99:7F:D7:D6:30:F9:4E:18:15:5F:DA:EE:6D:1F:CC:2B:D3:56:5D:B6:36:D1:43:74:14:3C:09:4D:D0:39"}}},"request":{"raw":"GET /player/jw8_26/provider.hlsjs.js?v=2 HTTP/1.1\r\nHost: g9r6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/d25mm/cs12ya6fad1n\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Fri, 05 Apr 2024 14:57:50 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 4476\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"6610116e-6742f\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m5ankQ0PwYasIA%2BNRVy25A4SX9ityfb1rLUee1QdSfn%2F3%2BkBz9JXEhtI0vMO03eb02dkruBo0Sc41rHe9U%2BG%2F8oQsnb9og%3D%3D\"}]}\r\ncf-ray: 9b583a3e9b54b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":422959,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65143)","md5":"0f95e38aa7bb0943693b51bd6a7deed0","sha1":"26c89f76894108f76ad23af32ecc6b1e708993ba","sha256":"1b1263b7061aaca7fe0b69168b16cb2401a7fe2ada08ccfdd373ee06c7d125b1","sha512":"664696a45bacbf3ee40fe544f92104f568b10a6cffb6a3fffa9afe351294d00dc0a1883d50cc799a1b1dba0fd00797047729670ee72c19cf0e302539fe63b075","ssdeep":"6144:GCXemC8LqtXLauG9L2aEyflDc2iGLY6I2KlqJxRC9i5q9GYqT:1MXxG9L2By5cbOYRqJxRCG","tlshash":"36943bed7795a02642c2a1a5903f4617633b7d0a3409c1bcfa2be9d75db8849b03bf74","first_seen":"2024-04-13T15:29:15Z","last_seen":"2026-06-01T16:14:32.864577Z","times_seen":1539,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-29","alert":"Sinkholed","trigger":"g9r6.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g9r6.com/d25mm/cs12ya6fad1n","date":"2025-12-29T09:21:29.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Roboto:wght@400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g9r6.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 29 Dec 2025 09:21:29 GMT\r\ndate: Mon, 29 Dec 2025 09:21:29 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11170,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"872397029f2e679476239e9af1ee89d7","sha1":"d7d9f8128975cdc4d6b71f8f4d0179c39e636a9b","sha256":"f52a6da7c0ccc77c22b7933e4c9226361066fd8f7f850c2c9862c44a81aba486","sha512":"7ae4f1c02e523c0d9ebbb1e45f4f68e47b2c41dfb01f90a5f114cf2af8e8efbf0e5b1da5933109779a43384bf5f0fcc89b20a15662cbaff68f5eedf38978e715","ssdeep":"192:2NKfmNKfNK4NKfkNK/qbNKDbqGIwV4BNKnNKuwNKiNKfXNKuNKNNKfZNK/qqNKDZ:8KfMK1KWK6KyhK/qY4XKNKtK4KfdKkKW","tlshash":"023210a1041b50009b834ce223cebf75fe1f52117142d0b5abfdab6b9dcbc66526935d","first_seen":"2025-11-19T00:21:16.090021Z","last_seen":"2026-02-19T20:26:46.863195Z","times_seen":4215,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":94,"dns":1,"connect":7,"send":0,"wait":19,"receive":0,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}