{"report_id":"864c4bbb-c07c-4861-b466-2bbe74f314df","version":6,"status":"done","tags":[],"date":"2026-01-02T13:35:13Z","url":{"schema":"http","addr":"41a6.tsq1.cc/","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.253.43","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"41a6.tsq1.cc/","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"title":"推特射区","dom":{"size":10926,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (304)","md5":"a5cb03b9f05bbe74b6263d21a17a136e","sha1":"1186b6b753b44bd520b6efc6916fd32adc1fd89e","sha256":"4a5f4ca1fb53f4c4de44769e591b48f7ff4876c5fc6faea04d44cf7a6c4d1e80","sha512":"b4fa0b2cdfe3e847c3d66df16250eb56ec56a8038d2ca2fc718ab6729a621b4d69308876b251ec0c3d1416f2d2eba6ce4bc99caf8080b6b97399d3f2a9f1a206","ssdeep":"96:nyMPRhqnnQjtODDIDAPt2tvnhLNr/FVA2I9e:NfqnQpODDIDA1QvFNhKQ","tlshash":"8e323621a4f585a7658260c17a353a4b7f84e703c41f8a1876fd4ad96fc7e8acc1793c","dom_hash":"domhashc7f61ec68a21d6f93dfc2ec22051e481","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"41a6.tsq1.cc/","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.253.43","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-06T13:35:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"41a6.tsq1.cc","ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-02T13:35:14.595984Z","last_seen":"2026-01-02T13:35:14.595984Z","alert_count":93,"request_count":47,"received_data":2898993,"sent_data":19808,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"crypto-js","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/jQuery.min.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"48b9c0dda22c0ffe1297fb6556675a2e","sha1":"aa59b92e6fd86ad3f6f978dff836b509a20175fd","sha256":"91a540f0a5679a1f9a9e5efb7415a3f34e1154b7df6deed35fcb6108f9720c14","sha512":"2c74a46230d34d55e714696cbbcdf35906aea1806eade01c08f550f514fc3334eae318327369bde5d43c25fd0799e78f153c4f584ca876b3b4df4659e19945e1","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"d383d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","size":86721,"data":"","first_seen":"2023-03-07T12:03:15Z","last_seen":"2026-05-20T14:10:14.362099Z","times_seen":432,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/crypto-js.min.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ca03ad87885ab983541092b87adb299","sha1":"1a17f60bf776a8c468a185c1e8e985c41a50dc27","sha256":"8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762","sha512":"13c412bd66747822c6938926de1c52b0d98659b2ed48249471ec0340f416645ea9114f06953f1ae5f177db03a5d62f1fb5d321b2c4eb17f3a1c865b0a274dc5c","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS","tlshash":"19231ac5a19c605152a774c40d7f704b7463352a070d8aacf668e9eeecfcaea9039d7c","size":48316,"data":"","first_seen":"2023-03-07T01:31:53Z","last_seen":"2026-05-21T05:18:07.526024Z","times_seen":152222,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/jQuery.qrcode.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"78241183792b24a9d96fefcd8d857e03","sha1":"bbad6e1dd410da35410f21eacda76094eaf0f3d1","sha256":"2a4b1ecb3210eedd447bbdee9e9585fbc8f945c71916a50e027e6173f126828c","sha512":"e8acf4cd8f03f50a72e48a5bef99e89d4a3b2e2abd8a3ab5f3e11b1f2bfab179522e3c51c68ed4d51490b5d8d3fee201a285fd5294ef6938bacaf55c3a976d12","ssdeep":"384:bJqlCNJxmbWezpuC2BlAAdTRUA1ROIfs+8Z0iYJKHHHsgl3rBc:slCNX78ZYJKPW","tlshash":"4c72a7e0f3b602b6915a6cd8585b285a75e4b4532c1a5468bfbcc0e2db38fe1947cf34","size":16718,"data":"","first_seen":"2023-03-09T23:44:48Z","last_seen":"2026-05-14T12:51:53.000245Z","times_seen":231,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/tracker_DX.min.js?v=1","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"413ea78b4612f68aa4a28c38e8d6cb36","sha1":"8fee6ec7c7cf3a4f9b4ff91193c7ea07a3aa763e","sha256":"23bc6e6fd0c1e7a58870d40d5ef5a1faa1506be79bc26baa74777aaa06b5f023","sha512":"32c80dc060d95c2ff96797249e85bd56362a8a21b1cf251f6f93318a2d1557f4e6ffd485b2d693895ea4c06bf282e67e50024ac720c7565d8b4572761710e91b","ssdeep":"1536:KUG23v55go9IrmZ0Lq/3xpdMktT3ro+09Z+gn1QXAgu/gC/57DMM:733fSr0B//Wkro5ZhqqxH","tlshash":"8fc3c9b832d6b89d1796656e016f709bf6be6ed2344c2540c361d86c7cb0f1bc1b38a9","size":121350,"data":"","first_seen":"2025-12-26T07:43:52.545436Z","last_seen":"2026-05-20T14:10:14.378134Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/clipboard.min.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"15f52a1ee547f2bdd46e56747332ca2d","sha1":"9a7cb405f9beed005891587d41f76a0720893ffc","sha256":"e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9","sha512":"ecee695e9734a0246bc64f1151f0d81609f49ced6dfa32ee20e41d38c469e003c1eee678bd28eca73a79cba603b43b385735124db5b304567f2ca2619f214e2b","ssdeep":"192:s6IMH3HEG9JVwkHg4LyAal318/NYusfkApXMdgmkpj:sy0G9J1zG3eFYP/XMmmkpj","tlshash":"77126399b291b0b15ae731a9412f920bf2766969708b90d0d239d4f0acbcdde4463f3d","size":9160,"data":"","first_seen":"2023-03-07T12:23:44Z","last_seen":"2026-05-21T05:50:15.016271Z","times_seen":30632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/utf.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5dc141fe682c2f1ccb1761caeeee033e","sha1":"45671a68b4b33cc680668db6fd0eeb2d89d3cac8","sha256":"5320e7183389cc63272118aa530cb699afffb4c066705135f74946a203942db0","sha512":"1fbc6c786781c34401aa3971410ed13542ab7209a3df4353c242c241cb4bd89da02ada8586289a090a751666645f437d4de404c01dcc53298037c5798576762a","ssdeep":"","tlshash":"3c316d4dd8eb228018b27367cb0f1085898589471714de99ff2edb928fc546461f3fd9","size":1584,"data":"","first_seen":"2023-03-13T23:45:53Z","last_seen":"2026-05-15T02:07:49.243311Z","times_seen":240,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/main.js?v=1.4","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f1f9cb69271d308f5c009b8d66660c6","sha1":"ab9d05dcf8c51fbc76617d049f2c71d58997407a","sha256":"2752e51fca1ec0dc3fdc03bc2fb283a063df530346b40376b933e687476e280e","sha512":"093c5161d0dc1e8a60d53a779254f4098f04a9db783f7438a3bd6ff0012f7bf249b700c8c486daab1c77aeae160206f0754660adf9f6d2d1aeef2144a9854135","ssdeep":"","tlshash":"c981dd9a79f3010a523730da4e9f81043e37601fd45ece6c3d4c0ee46fac578a6aab19","size":4047,"data":"","first_seen":"2026-01-02T13:35:24.496994Z","last_seen":"2026-04-13T22:27:18.226737Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/ios-u.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/ios-u.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 29876\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-74b4\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YzMxCzd0tJaMOOx7NsPpGaSl%2FWCsctEuaUlzhSHf6N471a%2BbOsh6bd2GjXL9267bI0lG3UuLMOl0A8Q0FGNRIEc88u%2BgyUuKmD20IQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9dbc783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29876,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 219 x 71, 8-bit/color RGBA, non-interlaced","md5":"af9f9aacbbe6b394b79f949eae3d1101","sha1":"45146658c7de4301a7fa402e5f2fa52c6c018547","sha256":"06c9f070dfe5ec9672a1d4bbdb0ae233272dd775fe9dcbdbde8c122837a6f4fc","sha512":"e518e76aa7b7f10d6c11e66408aea845a067a3f5232c5f3d63a3d728be0cdab6b77cea20e3f387207bb5abac381b28824a536755ff6f276a492b8b64f5fe050a","ssdeep":"768:FTf7wn9cf1hL3OYKQXSILIWgCgg2YXIpY44h:FTf7WU1lHCiEsdX2Ydh","tlshash":"76d2f1d18d81617e84e4b718d1d3b34818100c396d9f475f33fab3b8e92ca9ba95c9a7","first_seen":"2025-11-20T19:09:03.433962Z","last_seen":"2026-04-13T22:27:18.203177Z","times_seen":6,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/u-t-1.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/u-t-1.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 44698\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-ae9a\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SeKIoYw1lwC139P7QDa1mlPJ0k86LBbP0B%2BRkpnFrWYa9m9c%2FuyFZ0fNG6ttfhSmSsFjPn1n44ZHSU9ObtbhKANmqZXBrHP1ZuLx4w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daade4783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":44698,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 711 x 396, 8-bit colormap, non-interlaced","md5":"dd2f793a9b608cd4ba87cf632534f2d2","sha1":"bbb9945a701915884feda869c12f304dd2a442ed","sha256":"7c988b21626420796f76d164b02e3b4b26716da94173b288adcea99be60c5c99","sha512":"a7f253090eaac2815f921ecebadfbab10fdab91bd73888b2ff85e229c4fa50edf8ffab02085665c3057ea3f0495797f4c2aa2dfc036564b13c316e067a548b79","ssdeep":"768:EW5aCUMWLkYyKLAje8W6uBovfd8K2hG97ocwTGUeYlUH90hicObISOl:EWLGOPC6nF4h4UcwTG3YaH9MObIDl","tlshash":"c513f16269c182c08baf86f4522beb13951b76f2043ad450f114d6bdc5e4cbba80b7fc","first_seen":"2025-11-20T19:09:03.457929Z","last_seen":"2026-04-13T22:27:18.237451Z","times_seen":7,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/index.php/index/api_index?url=https%3A%2F%2F41a6.tsq1.cc%2F","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /index.php/index/api_index?url=https%3A%2F%2F41a6.tsq1.cc%2F HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __sdk_device_id__=device_ed987ccffbff8129\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nx-powered-by: PHP/7.4.33\r\np3p: CP=\"CAO PSA OUR\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, PUT,DELETE,OPTIONS,PATCH\r\naccess-control-allow-headers: content-type,token\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cMZlfz1JhW1SCKUFnfUCDp09b9cniYVx0AqIKFrdttKVSvyrrgtcC657Lg0wb9RCp0LGHJnCs1Scv90cvcKDzrEF4mNothRZomg7CQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b7aa2df1b35783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":590,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d66ccc8c1d7f1809b83f6a8d40a2723c","sha1":"d71f2ea7339ccdfddbf0a103444975c6fb519e2a","sha256":"b349e55495f5eaa8036c4659589937100e35ee6b6573c512ebaedd3bf678b922","sha512":"a341136eed272bb8b5c700cb7c21a7fcc926d2511af53c0e4c527a0d83c161ba7cd0ac492481e653144a7d7101b5182e43c1f268d1a58454b8d2ad0f05a23b08","ssdeep":"","tlshash":"bdf0e17776e1ef11c3e02bc12d85340c9afba1578c78a2275d4e7f24087dad4a47ae12","first_seen":"2026-01-02T13:35:24.468532Z","last_seen":"2026-01-02T13:35:24.468532Z","times_seen":1,"resource_available":false,"data":null}},"time_used":969,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":969,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/u-1.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/u-1.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2872\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-b38\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ClMiDoHo2K1eZtCSoyF7J4mNiudsVZCkmzlO%2FAo71zNbks0ZB9BIID9yQxAm201BtmCnuzjrY%2FWsUIfZGLRJ0Hxa%2BVY17Tn3bGlFiw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe03783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2872,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7ee971901fb19acc6a3562715ce44778","sha1":"58f7f85fdb99ef629fb71077dec488bd9f1c642d","sha256":"800fa0380a80f1841a4cb5e32bbc1cf35162b7e95a01b48000ee17f0d8a714a8","sha512":"17b0bac595bdee02b0de6d40b1634a30373e9f5b568000c5616291c0f4f48df8d37afc60919074e3f0ee24c7cf4faf27b342dde506857392594d48ce1605e9af","ssdeep":"","tlshash":"27512a011b942336dc01067561c58b82c2fadcfb275b9fa25285016d9f33cd74daeaec","first_seen":"2024-12-23T08:52:50.176177Z","last_seen":"2026-04-13T22:27:18.225504Z","times_seen":45,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/tips.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/tips.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 40752\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-9f30\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3pD7qLwg77%2BY%2Fe62BlZPbop1SSwB89lllO67kW4RCLN8j2PnvMFpUjB27mqdXlYFAcjshULxAjq0yUE0qMKVfIH9itsU1VMZVHY2Hg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daadfc783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40752,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 560 x 73, 8-bit/color RGBA, non-interlaced","md5":"a506ec81c93b83f03adb5b2d9010cdd4","sha1":"f19a624c940773841719f6c4d1b5a7bcd9249b14","sha256":"5048448853f7a253d78404e687aadbf0a766ca9b6428bd59884503d115601531","sha512":"20dad7fe557b8e2bdbe78893a68349d060e86f425096393e025d41d38eb2f9fb98b2072daf0685018a802faac72ce62aa1ff6413b79a823f6c88625c7d477283","ssdeep":"768:oe0FAuVO435Pg2jkTl3LsOQrFxIlMUgQfCkDKKRKkpBbHZaT54zYArc:oeOAuVOv2YxgVrFxIfTfDAsBbHa54zYt","tlshash":"8103f29b01eb72aa081f783750bf86071256eea44e70560bda16d42e4b1f1fee78052f","first_seen":"2025-11-20T19:09:03.448015Z","last_seen":"2026-04-13T22:27:18.210016Z","times_seen":6,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":389,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-02T13:34:49.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:49 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Wed, 31 Dec 2025 08:13:00 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1xXe2jkzIrqui9D7bKUKi7nT%2BzN6S1vuI86tM63LlHCOgHabNNN4LzjNp2CH20L17tNi%2F%2FfQrty4lFb6n3jEE8aRmph%2BNsACxYI%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b7aa2d81b1bb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"crypto-js","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":10519,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"3c6cbd589a8a96b655554ad4421a896d","sha1":"f61f8e6fa9c6b68a913d9f5b168ebb44d96b9358","sha256":"fe456c5f1a6cdfe67b5e80cdc94cce6c1637b6011fb1ad8e546b863fbd308add","sha512":"f8a07e245104e98610e05de7a412cfde0c426ac935da9eb651408d89491421e1977b86cf0ca7bc2b06a9a385c1a37088851646dba08cbb108c8b2515d62ac913","ssdeep":"96:fXORWO0NDiD/C8nhLNkWP0adTsGmaSeriO0N8JNd9pM:GMdDiD7FNkW8adsGmaSe+O02JvvM","tlshash":"e822562298f584a711c660c17a357a1b7fc4e743c62f8a0836bd4ad56fc7e89cc27978","first_seen":"2026-01-02T13:35:24.471394Z","last_seen":"2026-04-13T22:27:18.2458Z","times_seen":4,"resource_available":true,"data":null}},"time_used":236,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":192,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/a-1.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/a-1.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 286125\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-45dad\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bP5znVM88EOT5BeOH62UoZYQ5n%2Bf8sh7qDQIEgtoNaEgb%2FgFKYaxj208C%2BYCIQAb8Qx%2F8a%2F5uq2fIAktyEP7rDi2y5cboFSWf8JUWw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9dcb783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":286125,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 665 x 1080, 8-bit colormap, non-interlaced","md5":"bdb9c439584cacca7de1f2b26ac995f9","sha1":"c2dae4d4f5db5ff8926266d5b0629d95a250de06","sha256":"9974c4263b43247ccc02b7975de2203da782d1fc69e32b7117bd19daa0f5eae6","sha512":"1c42f385904f0ae63f9b005ad06e3eff6da0de8bac41c3747cea7eddfd8f959e9a7dcb05dc5651cbf2892662f0f12c80e9aedc0f80ec59bbf3b7313d595f24f0","ssdeep":"6144:IgIZtjJQdkkCeev1wCVD6II8z5ybFA/Oz0Dn4JGOz2BD/:SZtlQbeuHM8A/4zr2BD/","tlshash":"605423eb1bbbc9daa715d4d76a1b1391931bc0c3d9212cb476b7389b2c1332db2d6601","first_seen":"2025-11-20T19:09:03.454937Z","last_seen":"2026-04-13T22:27:18.212178Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1145,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell2.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell2.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9312\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-2460\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=odxonwttEMaE6jQlmMP7YsPP3WmoVvS78bYDzVLVMrSov%2BTByrbT0eEqSfZf3shVnd0ozseh7l4L8VMW63oteJEGuvOBhmpI2kvyhQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe0c783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9312,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1520c52f62543549334850e8cf90da95","sha1":"6aaa18cf59dc3cca6f45160b4bcdd44bff87e6aa","sha256":"b8a56d378edadc0c524fc10a8ae3d339db48826d9e685fe589a9479fabc311e9","sha512":"0633210f86231c39b63cd0fbf2bf4faaad61ef1aa92f354d5ae5436a36ff7ca6111c4753091af0d38a0aee64bce27a94d22a05a401289b4f63a6eddf63dcb84e","ssdeep":"192:0wh437fIF2KtdpoGvi9PozFU02tNxdb68k:0wG3bIzpoGvCo0bxd5k","tlshash":"5a126ef442f0e39bf78e6036a6a095e0c5a67825479449cbb271681fe363ec07f37564","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.46262Z","times_seen":282,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell5.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell5.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8842\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-228a\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jYIWfdkfg0kB%2Biq3pF7rYFoi0%2BnlQDKkczf3OMvTUU6TqIkUHuoETfw5IOO4d8pH6CAtvoasGoAj5zUiR8OawlOBLOrX3mJXoPB3hA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe28783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8842,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"3b66abf3c8bda92c22d0a59d63e07a66","sha1":"00477331770130099b1f22f5771cd67c441e8862","sha256":"693e6969ed61b954f0db0293a3467f0d65244ab8f1f79a8171e19ea774d3dce5","sha512":"61823b1542bf1268ecd7fd83a64ec8ce912a9893c4b7977330f4dac2394c1bb613c279b0709c7e602d81c52007d1ae12af1c72690f81f835161bc4536d62eb61","ssdeep":"192:cwEavbKw1Dgp75lZ+Jie02mWEQNiTVuxPc:cwEslu71tX2Q/yc","tlshash":"ce026cd0522c4266fccf86f22421138acd96fac9b299cda1a571c335b61b6c1b34938f","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.445612Z","times_seen":282,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/bg-u.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/bg-u.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://41a6.tsq1.cc/assets/css/index.css?v=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 796770\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-c2862\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yMxSqBUKs90n3rT6nqOD33jV6oLwDM7lQs3fqa1XW0Lwb1mYAnhhbH6aNruhUlb46O%2FaFpUVIMRYvoGI2JgeW%2FRPXm13%2FmUOtJvOOA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2de6946783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":796770,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced","md5":"cc6bc98767203533b289e14319c65f2f","sha1":"d8af1f846a344df90b445861e34d309cbf6a9ed9","sha256":"153b7811f9637992aa4ca0ad401732fca2016564a61a36176f5aab2bd4447d15","sha512":"a2ca49e502b8255c9ec1701e879da9206a32760639afe7d214542b26e7802394f996ef2e36a7bbdc2112e3aa14acf9adac219fd4dc59e76c2292510e12748eaf","ssdeep":"24576:dN+/epIk5Q+Y2FyvWQRVMS2jjjrzcxUXBdEekyBnHm:n+/epIkBfFyOQRWpjjjZXBdBHm","tlshash":"a80523bc8a8f25d1bf0db2cf11192ea4e0a1c511ea85371c07d8a923793511bbbd9de7","first_seen":"2025-11-20T19:09:03.451063Z","last_seen":"2026-04-13T22:27:18.233705Z","times_seen":6,"resource_available":false,"data":null}},"time_used":761,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":631,"receive":130,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/favicon.ico?v=1","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:51.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/favicon.ico?v=1 HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __sdk_device_id__=device_ed987ccffbff8129\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jCJ%2BXOpNWmKlnsNQjgcl1MC47comuVg5MrR3BppJpjGYZPliVTcbTewKnNrd3wqms5%2Ft%2Bfi%2FWVJ%2BpA4FPJWIZQ9ozvEcO5LZnEoZwg%3D%3D\"}]}\r\netag: W/\"691dd072-10be\"\r\ncontent-encoding: br\r\ncf-ray: 9b7aa2e46b77783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"de07e34efb9f0916fa384d8cb6a03d9e","sha1":"d54516e117f0513ac8d02eb712b80d17447e8d5f","sha256":"b8a42f73029793ac83656ed63a4268b52c421aa4b74b022ccfeeeb46addb0959","sha512":"b186e0967c0d683101f63d641122bf7533fce66d9527f790d869dcc0a1aa1fe61134e9690fd413cd01646d11bed463ef22693a76e233fbfc6da7ae23bb556bcb","ssdeep":"96:+jsj6jMOOkRXHiyEgKT+P7nLY7JK6Neyp3:+sj6jxOI7ELw7LstAyp3","tlshash":"e091cad6b1e00510dea66f3816255b20c027bd79fc54edc6a8baf4223b732e3d039527","first_seen":"2025-11-20T19:09:03.452094Z","last_seen":"2026-04-13T22:27:18.239995Z","times_seen":6,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell7.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell7.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10686\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-29be\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6JZ2ECSFqPECuU1%2BJZ9IhISa6R%2BtZmiLYu0ctxlmxZDiW%2BqNT0ITgbeoWtWFjuDiYI4NR%2BtSET8lAbdEAyfToXaIBfsiFB83RQlQxg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe37783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10686,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"58944cfdaa5aa11a365123e4cc147805","sha1":"b8be1f579ea962d0d0dd2651a181f6b637e6050a","sha256":"1720b33024904abc808d24c82936e560b448cf2684981c25e5a7813c2df61d33","sha512":"0482b4bef7d2f7c2cfb16ab25276fd4aef692585ef07513f003d26ed0c38f1f95b0b160630e997e1baa6a026fa15a7312b2d39e7c5de46ce714765d1c959c85d","ssdeep":"192:jw2QdSCKAoyZkxr73JJ7LDu4ja0K1bUUID:jwBd4c+r7T5jKyUID","tlshash":"6f227de0c671d2e9fe8f60b730153bf621ca7c619241dae7f734961d82075276940ade","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.505033Z","times_seen":281,"resource_available":false,"data":null}},"time_used":1186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1185,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/crypto-js.min.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/js/crypto-js.min.js HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 31 Dec 2025 08:13:00 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: \"6954db0c-bcbc\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PQ90POZK%2Fw23odAvPUgWyF4%2FhYelHm%2F9JLKhwvnY5yqi%2BOxUGyZeZmaa8T0HS7Nquvi96jISAr%2BuCQo3wkFgSTxOJt4b%2FULVBSalPg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace75783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48316,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48316), with no line terminators","md5":"2ca03ad87885ab983541092b87adb299","sha1":"1a17f60bf776a8c468a185c1e8e985c41a50dc27","sha256":"8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762","sha512":"13c412bd66747822c6938926de1c52b0d98659b2ed48249471ec0340f416645ea9114f06953f1ae5f177db03a5d62f1fb5d321b2c4eb17f3a1c865b0a274dc5c","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS","tlshash":"19231ac5a19c605152a774c40d7f704b7463352a070d8aacf668e9eeecfcaea9039d7c","first_seen":"2023-03-07T01:31:53Z","last_seen":"2026-05-21T05:18:07.526024Z","times_seen":152222,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell1.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell1.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10202\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-27da\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V5TSBbcMqj6f45z%2BKTBCgPur25Php%2B3JWfrESmJbKWu6DvJtp5vRAp%2Bg3nUgAAN5t4n9qWo7B1lkg3xfafhYL01diUq5DaFWXXzOlQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe05783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10202,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"33f9d3726b2a9816086a7d544bfdfd6c","sha1":"5c2beecc0fa48d4336f47a67c28fd61841e78b00","sha256":"3c4ca491270b3de428e727e81ccf6ab149f94fc6c0fee0904c271b7156dad0fc","sha512":"729dd04c10be8523fa0d92b8a0dbd301a04ec28e255a933f94f03c663d712a18f97f77758c0c9a54d4846cf7bb9009f37279a251fb1c365b649fb4b58428b531","ssdeep":"192:VwDBI81kPdccF2hrU16lKKDZlxBvU33jwCnxYWaT9s/hLGefYZnnk:VwDBI81kPdcxrUMxvBvaECnCWhNQpnk","tlshash":"41228ce4a1f4d0fdfd4b92fb30a31be213dafe02d81412926f02e53ee5516966e0948d","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.45761Z","times_seen":282,"resource_available":false,"data":null}},"time_used":487,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":486,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/img-2.png?v=1","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/img-2.png?v=1 HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 16713\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-4149\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=29yyhznZOAfqFIw1cVXNAdlMAVFwrKCxvIAcyN48I%2FyYw85xiSE8l6etNJvAbiAVTDzmNhDv1C6v7hNCgNhqDs9UmEo5A%2Bacg0ikAw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9da6783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16713,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 241 x 87, 8-bit/color RGBA, non-interlaced","md5":"854cf353c727a81102a13e995ceeb197","sha1":"66b33ce098a45ceb976179264cd8a8d924410d5b","sha256":"ba2851b3f0188a0f55d6c155b1d6df766b860465a525ca288691bf8364f957e9","sha512":"c17eb11d1bd78b7d53670c671097ef94dac4b72d92be42f3958472e85a70c635baedc34f650bc17e2bbe123c34cd86674ccddb9b9e29ca77c3161d2d75f039dc","ssdeep":"384:c8WNWR876UZ3wSyH42VTsL7QfjDd9uPaThedFh6Wvg5XoVfnU+GFx95:DWsREpzyH42KfUpwU+Fh6Qg2q95","tlshash":"d272d01b749c9e4907ee5467dac649acabaae130d30d542def08b885c4f237c174b3c2","first_seen":"2025-11-20T19:09:03.441787Z","last_seen":"2026-04-13T22:27:18.229438Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1152,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/android-be.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/android-be.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 30149\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-75c5\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BvOu68GilVXdOGcXpJTlR4oOETbv6Vdbz4KUk6nMf0POsUiUqnGwnh0tIckIKhOfpfHYs%2BCokoVh24%2BVxmE5OdxDPceDsaebJxd9nw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daadf7783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30149,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 219 x 71, 8-bit/color RGBA, non-interlaced","md5":"1caea3ebdd6f72090148f0791ced3960","sha1":"6ee2af6565a0e5b879bade5a24063fa5e3db9f2e","sha256":"c4e0929a1d76f6302dabf1321dc954f58b6495ca7174360051618b3c0c36d904","sha512":"281851de8475915b3a28a7507988057e4c109b6e05c1ae889269a6f9bc5e0730fbbff44109d06841cfd5deb4862cb47ca4ef1cf080c328e56eaf1e0703c1df64","ssdeep":"768:FWkYz263s21IQe3aCIMi7td9km9AwU/PboupD:F7k2iR1IDMMib9km9LUT","tlshash":"bad2f1c6e07831b4ab299fc86c6dd4be406eb09a5102d9fdc20f52c9f709f503d972a9","first_seen":"2025-11-20T19:09:03.468432Z","last_seen":"2026-04-13T22:27:18.238075Z","times_seen":7,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell9.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell9.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9800\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-2648\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uX154NgF2LKCIuhm44b6%2BUpO%2ByvYRITfUe7sskzlsQMSoGIIs0EK5VcpJRa1ZIfDwVLduFidVPI%2BIOMxng6nPV%2BJzDXqGCP5Pw1Jlg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe45783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9800,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"31030ab6a67326d147976fb7fc01474b","sha1":"1add16a03f8a11286750415718f3ae9e9fd1b330","sha256":"d7deb0660db88ffdd0205e5866f114e5a3076b7ddd91f7df093edd1c1aa9df29","sha512":"be384d554f2a46408aa75f6263bca2810442727e2dc921b07954a1beb9091af3d46be9f75e5c3697d01ef441898cdfe0b5ef8aff691e5bb988792f6d308acaff","ssdeep":"96:3Elbw+iLuvNcPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP8:qwnuvT8ZewU0eRACT88MBmm2gbY7","tlshash":"54127dc492faa2fefe6b80f3785307d057e2b965f491ccf13b86d2150a16a614d2885f","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.472586Z","times_seen":282,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/jQuery.min.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/js/jQuery.min.js HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: \"691dd072-152c1\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dZWO7dlh3MbJlm6ZqZdUS5yXUH58DBVH48opjBMGjo2%2BZTPzbDqGpqO4fY%2BmHRwRalgEYbQlwTYXwZfRrrxMi%2Fm7cnx%2BK8NVH8KQNA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace65783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86721,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32030)","md5":"48b9c0dda22c0ffe1297fb6556675a2e","sha1":"aa59b92e6fd86ad3f6f978dff836b509a20175fd","sha256":"91a540f0a5679a1f9a9e5efb7415a3f34e1154b7df6deed35fcb6108f9720c14","sha512":"2c74a46230d34d55e714696cbbcdf35906aea1806eade01c08f550f514fc3334eae318327369bde5d43c25fd0799e78f153c4f584ca876b3b4df4659e19945e1","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"d383d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","first_seen":"2023-03-07T12:03:15Z","last_seen":"2026-05-20T14:10:14.362099Z","times_seen":432,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/tracker_DX.min.js?v=1","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/js/tracker_DX.min.js?v=1 HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 31 Dec 2025 08:13:00 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: \"6954db0c-1da06\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BzLBVEMFAX3pqMoxagSs2zJfR1jiPYdxRUpTnqvv6ZPRc2Sh%2FATykfWW4hDJLTHBxuZNNKfbnD3%2F4i8Uquc8iV8UjayuhLO9%2F9%2FcIA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace7a783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":121350,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65272), with no line terminators","md5":"413ea78b4612f68aa4a28c38e8d6cb36","sha1":"8fee6ec7c7cf3a4f9b4ff91193c7ea07a3aa763e","sha256":"23bc6e6fd0c1e7a58870d40d5ef5a1faa1506be79bc26baa74777aaa06b5f023","sha512":"32c80dc060d95c2ff96797249e85bd56362a8a21b1cf251f6f93318a2d1557f4e6ffd485b2d693895ea4c06bf282e67e50024ac720c7565d8b4572761710e91b","ssdeep":"1536:KUG23v55go9IrmZ0Lq/3xpdMktT3ro+09Z+gn1QXAgu/gC/57DMM:733fSr0B//Wkro5ZhqqxH","tlshash":"8fc3c9b832d6b89d1796656e016f709bf6be6ed2344c2540c361d86c7cb0f1bc1b38a9","first_seen":"2025-12-26T07:43:52.545436Z","last_seen":"2026-05-20T14:10:14.378134Z","times_seen":71,"resource_available":true,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/doc-ios-1.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/doc-ios-1.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 637192\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-9b908\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bbvij8axWDeIQHOfRKjWJfOO4rDjP6w1G%2FvnXG5ZRMR%2BZzfwOWpMr4k8jYbABGwC9yQNhjia3xYkds%2BptpVFFnihZSb3sZZb7JCXCQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace58783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":637192,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2a8cb86638ce819c17e7b2f13a3b825e","sha1":"15c6eae3620e07a3f1455f463eb22791c94d6d6c","sha256":"0587a0ffb1a1ee17a4b7901c3543780078d702f563a6947172e80d5a27cf50c4","sha512":"a8f8ba72a0debebf061c0588d41f105980ac28a646def4cf9c57653ffa013d4a496b4c93b6af5559653b1c1c8a2a9c1b367267ed426eba8189793613fb3f63e8","ssdeep":"6144:c8iBdE75OnN+IkzII5HEkjIbReavhJyf/2RHPHWRIVfl7D:6qIkEhyoReaJw4HvKCtv","tlshash":"b1d4230e9404a0a9fc2336794d0afd5d6845f8261203c5eff2d63afd4d652abcd2267b","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.464388Z","times_seen":266,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/index.php/index/report_event","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:51.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"POST /index.php/index/report_event HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 555\r\nOrigin: https://41a6.tsq1.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __sdk_device_id__=device_ed987ccffbff8129\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:52 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\np3p: CP=\"CAO PSA OUR\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, PUT,DELETE,OPTIONS,PATCH\r\naccess-control-allow-headers: content-type,token\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uQtd8sXzZGS1w3yYVK8KJBxHuefFapj2EDCgbTfEPoPRcTgHpdkDzr%2FMuv2e%2FGAKdBWQW7uDl4GUXy8AVbFJ96xTTXKeAm4W7U3Jrg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b7aa2e5cf2e783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":55,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"5ad4d323373ab1c20ac1ac6b26409a7d","sha1":"96aa789acea1c4a195531194897e5adfacf38593","sha256":"c6da6c4c02bd4e14ac6f2b7d7e142a73c0525629b244fa34b1a8b2d7b4a1c136","sha512":"927b65b1bd6b76ce6c6988bd4b596f3b3de006b7b2405f426125cb7fb72a7ca5e77da6eac0d9f458ffcae1a2a04c3e69ec1b84122c1d58b6c3b4739e8a03a6b2","ssdeep":"","tlshash":"f590020838881026d885178d5c0417155a901640090982f246bc0972514a4b6d304934","first_seen":"2025-12-21T14:15:26.25059Z","last_seen":"2026-05-20T14:10:14.418831Z","times_seen":49,"resource_available":false,"data":null}},"time_used":598,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":598,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/android-u.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/android-u.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 30135\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-75b7\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ICPubmJI4v8bmSutynzLvuDLVZIfkbTMJgPU09YQ4P4L7FBJOB%2BHeH3ecpKPVysQ3rHOLKHqTZEQtmxxSKhO2ePKfgYcIiz7LeUWQw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daadf3783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30135,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 219 x 71, 8-bit/color RGBA, non-interlaced","md5":"10922f5eb162b18ef706a41077313a62","sha1":"ee15686046b9737e532c8b7fdaa9371121a4c7da","sha256":"2c44a40dc874df4c1d85ce09ecd62e6eced235e3705a6960ccd2e3a1c6c3c567","sha512":"1952c1a03c60061bf0517af38ee58a608359484fc7c0916f95c4756c9fa6af33a39b51e6033066adcf6e7831495324dd14c29d88b7071f51bb4a600fe5dae14e","ssdeep":"768:7epLa3fNoqCzwabqatWW7TXTDxbw6n+sHWbuoGkQ6G/J:GLa3fNoTHbqy7TXfZwQkSh","tlshash":"edd2e1d00274833b78b79febf4145e0897936b419aba15c2d3366bdaed20b6c21771c1","first_seen":"2025-11-20T19:09:03.41833Z","last_seen":"2026-04-13T22:27:18.207004Z","times_seen":7,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/back-black.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/back-black.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 682\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-2aa\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zb13BUsYxroKZWV2FrXdkcqhYLQPQnz87d9pmUAYL71%2B8fEi%2FzMD07z4Jvrpl7P9jmzKTULw7flUFH908hsaUFc%2FaJ3VX%2Fa6Dd%2Folw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daadfe783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":682,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"96547a9ec64fdc49bea05989af66c120","sha1":"cb466102cfd8fc8890b9284664677403aba48c00","sha256":"4ee7c1a4fce8e9bdcbae90568c0519c807f0f5d5fb4de853d2605040f5c40ebd","sha512":"7230da8358b52bb889c204196108614b3b02b6c8e5e0de53bdeac7c2af0de12305697e13200c3869aafeef6f59151f81f0d114640de795d04fcfaca6d9b64001","ssdeep":"","tlshash":"7d0105319324139cf020777c52a21f52e3787c21c647d759814443271b148c55c6c3cb","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.45684Z","times_seen":283,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell4.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell4.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11410\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-2c92\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C7NaTuYNm%2Ff2G9UlyKeTZyfzveDtgEKdlUPOOb%2F1uoLLjALa07vVZMju%2BHEXNblBGLA0%2FR66g6U1f8gpAY1xCcT5D10jfxy%2FcLTPEw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe1a783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11410,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"3d8d66ce94c169581deb3754ee2a09b5","sha1":"05712e9b6167812b5dfea95c0a98b009ace3a95f","sha256":"0d6696f3dd49730f4d4b74b52c5f821ef1c231a9d1e5e8152eaee5494fc906f4","sha512":"6dfe87abe45ce756adc8486a2fb9f42ab3619e2502bed8e906c65d26ebd266bdb92bfbdaa51600ae8a8479fb45ae88c7e4ce1655eb9d23a44a095b7bc645fca0","ssdeep":"192:WwNTE/IprvYvSHQJovOmsAjHU/lBIbssavXaLOL+GjBN74vDp6QstALX:WwW/IprSSrhU/lDXOi+GeDQQd","tlshash":"0d32e3d49076c5d8fd1798b7745277e152d6be20b019cff2f32692acc40a1822a895cf","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.463448Z","times_seen":282,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/jQuery.qrcode.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.090Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/js/jQuery.qrcode.js HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: \"691dd072-414e\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5IOSuq%2Fq2gdg7zkGzRe3Fo1bVDGVXaNsOx12R5yNG6Y%2BqmUyz3p4i5Ek%2FGsMqmxpoNuNAZwFqKfBPv%2FF0KXOO37lNZFd8RXsj4D4Eg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace6a783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16718,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (14307)","md5":"78241183792b24a9d96fefcd8d857e03","sha1":"bbad6e1dd410da35410f21eacda76094eaf0f3d1","sha256":"2a4b1ecb3210eedd447bbdee9e9585fbc8f945c71916a50e027e6173f126828c","sha512":"e8acf4cd8f03f50a72e48a5bef99e89d4a3b2e2abd8a3ab5f3e11b1f2bfab179522e3c51c68ed4d51490b5d8d3fee201a285fd5294ef6938bacaf55c3a976d12","ssdeep":"384:bJqlCNJxmbWezpuC2BlAAdTRUA1ROIfs+8Z0iYJKHHHsgl3rBc:slCNX78ZYJKPW","tlshash":"4c72a7e0f3b602b6915a6cd8585b285a75e4b4532c1a5468bfbcc0e2db38fe1947cf34","first_seen":"2023-03-09T23:44:48Z","last_seen":"2026-05-14T12:51:53.000245Z","times_seen":231,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell6.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell6.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10910\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-2a9e\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sS23HEHIrnarlB3oldIdUmjyzH2Tb4gyeFOycBYh%2By2xAKHuTSmywSI%2Fu6jjnhUx%2FoRlcczp1OaEGUoYg1F704t%2FP7Iv2pPGxjtuhw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe2c783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10910,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1d880a769a38224a351f65cc57b06a84","sha1":"c6bbf98edefe24757c42199f4abc2f520dee38b7","sha256":"1039ec3e3ccc2616aa12662b36b96c8131a5ea1f4cb63f844394c2a5d06ce277","sha512":"6458cbf72bf2932dc1b2f7dd66a7281f85446ad31319bd8800bd1fe922c45cf389f9a50e190641f72830adddd2cca88b10afcfa507db7ffc1cb430b005eccbf7","ssdeep":"192:Awj3b1tZG/sFsnKbB910C1esqk7KJfl11Xem:Awj3b1tZG/Csnc0oJf7K7Xr","tlshash":"0e327fca82b2c8eefd03d0b3359b2bf197c67d20d6858be6fb26805dd60650a7c0459d","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.455235Z","times_seen":282,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":404,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell3.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell3.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 12364\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-304c\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J4Uv3UJi5nZMGTRvp5yEW820n0FUkAEwZuYJW2RMnRTPzHzxTd8Jen465LaFJ9U1boEaZwiN80nzXUn4dEIH6h8jECzuhYdPfmjjOA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe15783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12364,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5e6e30ea6070b9c14ad4e2637b1e0558","sha1":"07cff1812857828df1cec6502bf5876dcba2e9e1","sha256":"3187d5f8d236951670c4af6a204fc56dafc229f268b2cfc293b4d4b6c6e500b1","sha512":"1df262c4cb9af4f228992840bab8f466c919fd5fa4cbf66278a5c9db4c0135124ff6c06e38625a99fe36bb78a934e8eac14ba4e7a1f9a1e07b53f9e272935bbe","ssdeep":"192:EwwDMh6ozDM1rSfXxhO4yArFIRHNq+72LPopzcVS7oOVZaLi2Lk0vl:EweMhohae45BIRHNDyozcVonEi2b","tlshash":"ce4205d9da3a02c9fe6f62b7749037f16ac13c95a2a5d3e7f775002912a7a9770180cc","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.467776Z","times_seen":281,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/img-1.png?v=1","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/img-1.png?v=1 HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 13898\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-364a\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cN%2FVKiZs46%2B7laPEaQLxS9p6%2F7xm%2FVaDC%2FFnJ3o%2B6YAkhgRg13qxvVi1zTiNlQVhDRUG%2FoCWzR%2FFWWq3ZN88%2BKm5vQk9FWa7bMuWqQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daadd0783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13898,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 212 x 78, 8-bit/color RGBA, non-interlaced","md5":"a52fa5290110caded34411456ca37fef","sha1":"286ff4a9dd6115c3c39a2c43509f25e12569bd90","sha256":"2ea83ed05c7a33b588e588ccdd4f78312f01add0b39d5048aa2728ba19635530","sha512":"566c8503a45a5145703f136531fe50a6d46293502274dc13f683d31d435487fb067b40a60abfe1d4117ea4a85daf3a170c9d8d5e16a349b077946ab8035ead76","ssdeep":"192:lSvsdR3wUZA/+IrASWvchZSnFDc0cQHE5YZmGoP+IbywRmDuQGkHZQei1pX:EEdRAmQAFRnFZzKmI2Akfi1pX","tlshash":"4452c1ef1192f876e63500aa6b39012874adc20b33e472d1a4c19763be6de5df03db54","first_seen":"2025-11-20T19:09:03.463974Z","last_seen":"2026-04-13T22:27:18.222644Z","times_seen":7,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":474,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/main.js?v=1.4","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/js/main.js?v=1.4 HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 31 Dec 2025 08:13:00 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: \"6954db0c-fcf\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vDeJCMjEaTvRBUZcZM6yTRJlLzrPyy%2FbIevtW2OUqYjmo5APrtz1q6ucxD0cvbYVICBzK5KwMmRFVA7RpqnXEEyRpwyy6VxiLzUQeg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace6d783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4047,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"5f1f9cb69271d308f5c009b8d66660c6","sha1":"ab9d05dcf8c51fbc76617d049f2c71d58997407a","sha256":"2752e51fca1ec0dc3fdc03bc2fb283a063df530346b40376b933e687476e280e","sha512":"093c5161d0dc1e8a60d53a779254f4098f04a9db783f7438a3bd6ff0012f7bf249b700c8c486daab1c77aeae160206f0754660adf9f6d2d1aeef2144a9854135","ssdeep":"","tlshash":"c981dd9a79f3010a523730da4e9f81043e37601fd45ece6c3d4c0ee46fac578a6aab19","first_seen":"2026-01-02T13:35:24.496994Z","last_seen":"2026-04-13T22:27:18.226737Z","times_seen":4,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/i-1.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/i-1.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 6329\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-18b9\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cOci5wWGPvpqEnm5VeI6lcy4a7w%2BrbmRRBWd7LASe7JxE2qABS3ai%2FOhG%2B4UF6zrfQmcXcM2At%2Bgjrj8ov5v%2BBMQdaRJVjKxMzREdA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9dad783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6329,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 185 x 51, 8-bit/color RGBA, non-interlaced","md5":"3b6336850e5a3d50d28740a7d06f903d","sha1":"b6c1adaaaf58b464213a5267cc5a5b0c0eabab03","sha256":"00782db5b3ff364cf982e0583a7e2430b3fa74554821a5ca9b04da9d2542b6a4","sha512":"ffdfcfecc33feecaf702cac74bfc4333da8b2af2295c53eb4994b2465ee6eff7fa4683adfd51ec3cbffbf5bcce758a2795def8292375d6f2b9a36abd0a693704","ssdeep":"192:lSzRuBSpDEwndCmL8OpLH9R+cQkfSl+ameDTTKYGW:EzsBubdDDxH9RltbeDTTKk","tlshash":"2cd19ec41fc447b2dd59deb3710786da37c2ac71154af78243e411c1aca551d16ad08f","first_seen":"2025-11-20T19:09:03.455985Z","last_seen":"2026-04-13T22:27:18.23631Z","times_seen":6,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/a-t-1.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/a-t-1.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 296621\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-486ad\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4oh3YNsb5NRAyl%2Bjv3lBNWQTpmJWX4pW5bqgKQCwqvVA20ivdAe9IUFg6OvD%2BgTR8wI5Cojjbkrb91a65xVMg8wIr8DKvRhpYlT1jA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9db7783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":296621,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 939 x 514, 8-bit/color RGBA, non-interlaced","md5":"b2358ee5013a90bbf48f33ce947bf14f","sha1":"a7bc4d45b7702e5b33e5e40bef0dfe5a242d4daf","sha256":"0f5da59c158d120e4e943b736b006410567538890ff56e6a4934a1d4daf11db3","sha512":"bec96e1f8174ce7be74e246f9982aabebdcc1e596b2e03acb85200cfafbdf2d16db4022fa2e29b9148358650513cc0cbe1a477b20db8e3b2cfbb3061d9815343","ssdeep":"6144:Cai5cnfH1dP9Burz0iJjTjVVZ5sRlBDfRVmActjJS+C5zTG:C321dPTaz0ih5xsNREFIzTG","tlshash":"a25422e1f1160cecfb43e9b5efd94b4dbd6060eacac4995d54c0700a2929c96feb290d","first_seen":"2025-11-20T19:09:03.457047Z","last_seen":"2026-04-13T22:27:18.219327Z","times_seen":6,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/u-2.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/u-2.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1808\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-710\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FKEs8s17VW7bWpiq8nizMgqbPArvFsuvJAV0ZlDOQ4pVFXYyCtip6E2AwEHfdWO1I%2BTVmqGM5qSMZOGnbdyYB5Jrj2bzRIi9%2FbRbKw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace4d783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1808,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b0e7f8c13113060722d2496f49766fd1","sha1":"c25f76a071aa681e8ae0366776f58919963ea115","sha256":"55738ab3bfc84558f228576fa2621e9b768908f585c96c09409fc38b5b8161db","sha512":"b93690c6a36a53cbd4642b92952c525c8870ab37fc9890f9d36e644dc4335b80af3469f5d3ae018c39fa1c15bc6813c78051f9ac96a6bdf2ad6e3ee615eeb42a","ssdeep":"","tlshash":"3831c8657715631df9191df8b0a01f07bb543c2024b54d41d2e9b47e87598d7384d28f","first_seen":"2024-12-23T08:52:50.158864Z","last_seen":"2026-04-13T22:27:18.239283Z","times_seen":45,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/android-u.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/android-u.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 30135\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-75b7\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t9fLOj5Ch2E1CtjAtAqcXQYeWGE1X4LRW%2F6uXAlRJ65pdwl9cmcG9dRT2Tv76vmvirHkuFZr13OBBn4n7qEcc69VNLTDCIrBHwB1sg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9dc0783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30135,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 219 x 71, 8-bit/color RGBA, non-interlaced","md5":"10922f5eb162b18ef706a41077313a62","sha1":"ee15686046b9737e532c8b7fdaa9371121a4c7da","sha256":"2c44a40dc874df4c1d85ce09ecd62e6eced235e3705a6960ccd2e3a1c6c3c567","sha512":"1952c1a03c60061bf0517af38ee58a608359484fc7c0916f95c4756c9fa6af33a39b51e6033066adcf6e7831495324dd14c29d88b7071f51bb4a600fe5dae14e","ssdeep":"768:7epLa3fNoqCzwabqatWW7TXTDxbw6n+sHWbuoGkQ6G/J:GLa3fNoTHbqy7TXfZwQkSh","tlshash":"edd2e1d00274833b78b79febf4145e0897936b419aba15c2d3366bdaed20b6c21771c1","first_seen":"2025-11-20T19:09:03.41833Z","last_seen":"2026-04-13T22:27:18.207004Z","times_seen":7,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/i-2.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/i-2.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 5927\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-1727\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wTUX8VclhC9bKGu5YMqJmgtFvd2sKjTwIMcHcC4pPX6z7bCdO9%2BtktPzb%2FKYNbx2r29cuWTlwfVo%2FybdvNev2hwZD%2FtIqq9Lk9zHjg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daaddd783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5927,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 173 x 48, 8-bit/color RGBA, non-interlaced","md5":"3cb96dcbb03680966e64b7203e9fd4fb","sha1":"e047233c5ee360fd8ea5d795f93ddec8887882d8","sha256":"0314eef40292a9a5c69a47b83e1ca0697afa116a28f1bddb16cf5a0316cc6c6b","sha512":"fab89e27f55a78df63fea08e0ef01f76370721278b277aa68030ceb4b286645b11b9c88d74d05b3d3c84af68a6db43049fab3b95afa1a63ac19d75d981ea630d","ssdeep":"96:gSgz4paKObnyFPD1a7cspL10q+1A2aW/NsEQtt7OWXagpiUFvmnGhMXNva2YDkMp:gS51GePD1QSJag2Lr7OWXhiUFunGhy8R","tlshash":"fdc1aebc29d82242a374e201398fb5b8b1cf1a3d4d2512494a053b5c87848caf7e73f3","first_seen":"2025-11-20T19:09:03.442969Z","last_seen":"2026-04-13T22:27:18.215466Z","times_seen":6,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/css/mobile.css?v=3","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/css/mobile.css?v=3 HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: \"691dd072-16ec\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=piBw4uu4u8wqK6Niz2neQAvc1isWCwazSlzCKbU9RBGAnKM7s20m76F2n8MGmuS6tFbKvw3pfM7f8tJIXrVGgLP1pUvHm8a1MKUjDQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2de6932783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5868,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"4ed58d402b913513e4209ef1cc08b2a8","sha1":"4725646d1bfc4a8c70828254b852b82141aabe4c","sha256":"b352ef01da22d6fcf98d8347bd1b94715a75f30776441ed94870213f1d5b3a09","sha512":"1bcc32091272dab3a013f0819fe43d3866ee1a0f8f7f55b9061343268ef10838cc8a0880db918216299a345411bd095f4089f9c79f03bdc2e1436ad14d612c20","ssdeep":"96:OaNe7DNKawbfyQB9r2zJcUDvJFkF7F7+8FycCqZXyEZmk3P2Ekiq:OV7ZKaweQB9r2zJBJ2H7+8FycCqZXyew","tlshash":"14c1e35515731a44981bc4142fad4b94636cc0879b0fcd6d7fcea684cf8e65ca4e2bdc","first_seen":"2025-11-20T19:09:03.445914Z","last_seen":"2026-04-13T22:27:18.207642Z","times_seen":6,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/clipboard.min.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/js/clipboard.min.js HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: \"691dd072-23c8\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bN7fWXQMyhQzt8qiZfRBsFHyiiduDj7hMG%2Fohat8lYMVZGs35VTCJFdKsmnu%2BqjeN4EPXUcW2x3Py4L56bnXhe4dhq8ClUWYwQtFfw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9d9e783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9160,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9067)","md5":"15f52a1ee547f2bdd46e56747332ca2d","sha1":"9a7cb405f9beed005891587d41f76a0720893ffc","sha256":"e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9","sha512":"ecee695e9734a0246bc64f1151f0d81609f49ced6dfa32ee20e41d38c469e003c1eee678bd28eca73a79cba603b43b385735124db5b304567f2ca2619f214e2b","ssdeep":"192:s6IMH3HEG9JVwkHg4LyAal318/NYusfkApXMdgmkpj:sy0G9J1zG3eFYP/XMmmkpj","tlshash":"77126399b291b0b15ae731a9412f920bf2766969708b90d0d239d4f0acbcdde4463f3d","first_seen":"2023-03-07T12:23:44Z","last_seen":"2026-05-21T05:50:15.016271Z","times_seen":30632,"resource_available":true,"data":null}},"time_used":601,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":601,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/uc-u.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/uc-u.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 40392\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-9dc8\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=335VpKTNBsPaaPsWLM%2BWRo%2FfOLiKsNMMR7I1nL2wyysLiR3W4y394VLrmHsaJBSfWaDAzOdw%2FjUIkRMV3ekWV1xrSWEBx%2Ffq%2B9EB2w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9dc4783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40392,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 486 x 73, 8-bit/color RGBA, non-interlaced","md5":"e344642a391d2b61dd65e29266822a63","sha1":"77f7beec2b9e30c393a66862b2879b06e0dddf7c","sha256":"b4d8a4ad1fc0ac156a451178833bb159e33f12b3f3d1f97ca13cae309a8900a7","sha512":"fd8484676e37f622dce540ff00d71f5829ad2d4b872719f627eb5a568fb302b7f0ba32e0f8d04ea33f0e87a3171a50e4e12fe3fca1e0202e496d3c35aa5c56fe","ssdeep":"768:HGt1H9T2zQXioiNzz3pbfcleQcBnOuT92+exVmLKEhzNiqNjbqU:u7TIgioOp1QIOusPxVmLKs5iiyU","tlshash":"270301125f346e7f8d13d332ce77272a421259810ad92f2746326ddbc9b405584abf3e","first_seen":"2025-11-20T19:09:03.436718Z","last_seen":"2026-04-13T22:27:18.22443Z","times_seen":6,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":201,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/i-1.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/i-1.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 5776\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-1690\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GIQkLSSgeiRmQf6CGosvi%2BUP9mvtDrLH6PLINb31%2B5ki%2B%2FXsAmOE7ajCwwc9oOvzpFc2NdrOvkDKAxid1OlTIGfzjnyesuzkmW6Wag%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daadd5783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5776,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 173 x 48, 8-bit/color RGBA, non-interlaced","md5":"47a675e80e1c5be54cc20baafc5e5980","sha1":"1d9eaf9919d8390b5e42e9205392cc84a793e752","sha256":"af758ac9e1751b31610958b2416f696b2073d3d4c4fe376f0ee81b1dccb7feb6","sha512":"6804beae3a21c205a8b338b12b7741fd76633193bfd4d8a0ec29cd14d91aab17693aecf47b4d0dda79d25fc1a17a0c56bc1341b75aaaeb0d13c2eec8d98054c2","ssdeep":"96:gSpn+Q3Tb9gAPWhtZNqll5cj81grxcu3UsuTH4uOZBJfy167bD:gSx1H9gCWhtZ5j813OUNTgZXysbD","tlshash":"46c18de7d094ce502a4ec6e8372660898b32ab7dffc5b1a5449a38960a5b0c693d130a","first_seen":"2025-11-20T19:09:03.435104Z","last_seen":"2026-04-13T22:27:18.214152Z","times_seen":6,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/ios-u.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/ios-u.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 29876\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-74b4\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ocwUHLvsE5waHM8KlPMs9UYog8T%2FCHdpPPZewed%2BQu%2FG89h2ZildqIKRC42oSVYqpoXIIXNzT4bFKJoOoRC1oW3XlD3hROlHwuyPfw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daaded783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29876,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 219 x 71, 8-bit/color RGBA, non-interlaced","md5":"af9f9aacbbe6b394b79f949eae3d1101","sha1":"45146658c7de4301a7fa402e5f2fa52c6c018547","sha256":"06c9f070dfe5ec9672a1d4bbdb0ae233272dd775fe9dcbdbde8c122837a6f4fc","sha512":"e518e76aa7b7f10d6c11e66408aea845a067a3f5232c5f3d63a3d728be0cdab6b77cea20e3f387207bb5abac381b28824a536755ff6f276a492b8b64f5fe050a","ssdeep":"768:FTf7wn9cf1hL3OYKQXSILIWgCgg2YXIpY44h:FTf7WU1lHCiEsdX2Ydh","tlshash":"76d2f1d18d81617e84e4b718d1d3b34818100c396d9f475f33fab3b8e92ca9ba95c9a7","first_seen":"2025-11-20T19:09:03.433962Z","last_seen":"2026-04-13T22:27:18.203177Z","times_seen":6,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/cell8.webp","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/cell8.webp HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10240\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:07 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd073-2800\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FOyIpn66RNd%2FtZecLbLZjFwV3H8N8yKC%2BF7nwf0UBouKy9gHwVz7uaCKKnRN%2FGNqM9sd%2FdhyVROKZpk1iEZKaOmaoRRsnrxIS8N%2FbQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dabe3e783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10240,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fc51e02e9e932e84f6da4948a40b87ce","sha1":"49c00a80839d0e4f14a7642e64b211111cee817f","sha256":"2c88b01311b8c7d3016d08a86fc9853d2a9df37e158b6e7284782381812a2556","sha512":"838bf21cac525dc3900381ed47e626ca0a4b71c9df8a88fc176cdc0490d6379dfe98ace173d2f23094189042a7b11502411cc3d74721f495bf9f5744ab694115","ssdeep":"192:nwLJkizS0Ohsb9X4I82c+iIGe+8VgW1wfx5:nwii3OS9H7cPIGeDpuX","tlshash":"9922b1e956e20afcf86fe1f7304b63e193e5fe51d80889d4bf34e53941409862e6858c","first_seen":"2024-07-28T00:02:13Z","last_seen":"2026-05-16T03:56:36.458404Z","times_seen":281,"resource_available":false,"data":null}},"time_used":544,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":326,"receive":218,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/js/utf.js","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/js/utf.js HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: \"691dd072-630\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o9%2FsvdLxWzwasHJ%2B9CH0l99m%2BPvoKWMLWYavLYj4DyVTzrNI6dcN6oRBQ0CYgovtVHkp95xQVacxwwRoEGfJt%2Fyeez8j9g5lb4ZEog%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2dace6f783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1584,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"5dc141fe682c2f1ccb1761caeeee033e","sha1":"45671a68b4b33cc680668db6fd0eeb2d89d3cac8","sha256":"5320e7183389cc63272118aa530cb699afffb4c066705135f74946a203942db0","sha512":"1fbc6c786781c34401aa3971410ed13542ab7209a3df4353c242c241cb4bd89da02ada8586289a090a751666645f437d4de404c01dcc53298037c5798576762a","ssdeep":"","tlshash":"3c316d4dd8eb228018b27367cb0f1085898589471714de99ff2edb928fc546461f3fd9","first_seen":"2023-03-13T23:45:53Z","last_seen":"2026-05-15T02:07:49.243311Z","times_seen":240,"resource_available":true,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/css/index.css?v=1","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/css/index.css?v=1 HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: \"691dd072-1033\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z2L0qq8sAP2wgXVKpUOn%2BGfQ7QFEKQLRMbf1AejArVjJ0KZHL%2BJ0WpyBh6tCJiPD%2BzElEqIqsjoT93%2FyUFe4ulWBa7cfZzY2i9o9mg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da4cf4783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4147,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"4acbeea2ed004817b4192d7e8fb4877a","sha1":"2b102e0ded2cb4c5aa6288f0fceb2934eaa73641","sha256":"eec60d78569a8f82e5948bc574b4fc8a905da0a98b9a38421d1f4ed3906b1924","sha512":"cfe91c63813922fd7dffe894dcdbbfb6d6a28f5cb2f368122346d22729e2d80ee6a6c8b6c4900389d02355a61f1fab324695f577316d37a93dd7a1da484cb313","ssdeep":"96:qD0WGuimXW4zCizxCTC4gCLrFCin0kcw76WR19CZ7PCHqH3P7:UXimdu9O4HX4in05WR1g4HS3P7","tlshash":"3d8111541fa42618d92bc05828525b5833bdc443870fecbdbef1750cefc9686a8b2799","first_seen":"2025-11-20T19:09:03.413392Z","last_seen":"2026-04-13T22:27:18.223254Z","times_seen":6,"resource_available":false,"data":null}},"time_used":646,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":646,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/uc-bg.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/uc-bg.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://41a6.tsq1.cc/assets/css/index.css?v=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 7734\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-1e36\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lR2PG%2FAQhyAb1EmWSlF%2BZo3jWCuL25vu3Dp%2BxQ%2BihyyF%2FW4WqwpvAguv8DcMnQUk24v9AeakNjlJTOZYij313FmxLfREqEG14dfpPQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2deb9fe783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7734,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 222 x 284, 8-bit/color RGBA, non-interlaced","md5":"eacf38a74cc01f686e2c3ab0f7c1e341","sha1":"5941016c92313e5b49b762e2e3968338c55a02f5","sha256":"49fe255893075023c1d951ca817ef37203c2f09ad4a8c14d9b5328d8db1b3cf4","sha512":"81b2ad4a334d6d3f0c3059be99387df8c6fbe67bb20a8dfa5bc11d3d5ce4430ec5ff89f4ee81bc03ede67d4a36f1f61e8f30dfb3de371ac964b70cdf63212c2f","ssdeep":"192:ESKS000000000000000000000000000000000000000000000000000S8QbRn14B:DD00000000000000000000000000000p","tlshash":"16f1a1c1939a918fe8265a723231bf44deca120e9458c5b7628d1d2d444cfece727f4d","first_seen":"2025-11-20T19:09:03.44001Z","last_seen":"2026-04-13T22:27:18.227933Z","times_seen":6,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":377,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/index.php/index/report_enc?url=https%3A%2F%2F41a6.tsq1.cc%2F","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /index.php/index/report_enc?url=https%3A%2F%2F41a6.tsq1.cc%2F HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __sdk_device_id__=device_ed987ccffbff8129\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:51 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-powered-by: PHP/7.4.33\r\np3p: CP=\"CAO PSA OUR\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, PUT,DELETE,OPTIONS,PATCH\r\naccess-control-allow-headers: content-type,token\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VqDGpTpWYIYPLZXVxOS%2FFAuE3nKtGAK6X6FUa2pxVLbUTuoRGdR2wFOTa48XoZXL7TtBHyx7Vko5jQDYqLyEYcKwEMRKjcjjqXGNAA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b7aa2df0af4783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":492,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (492), with no line terminators","md5":"3198e29721e58174093e73dc706d87e1","sha1":"db7a1d213df4aa44dd27411c4819f2b0cf2ab5f7","sha256":"578280073bc7940c4e8bf26f52d27c6c23ea88e84909ec434f34bf50cf98e41f","sha512":"495987c3c2d0e638f4bfe42cc200aa71e98b26550dba01c7537d394b6f9c004d927e01b6493246d3316dbb0222a708b9e07312f4e244a5ac6ad5544a130b4f8e","ssdeep":"","tlshash":"95f00568d1f4d6315514496e30de2e0ec149a16f442a4026071e21cf82743af6431d5e","first_seen":"2026-01-02T13:35:24.512809Z","last_seen":"2026-03-07T17:09:45.898828Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1076,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1076,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/mobile/androidModal.css","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/mobile/androidModal.css HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: \"691dd072-4ec\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YCb86hVz4g6gIj7aDs9idWkppDVmq%2Bi%2F10%2FNCcExVU1SWwmo296UmeC%2BCzIvv%2FwFbeigy7tPXJ5QQhMdcnaV9U3Z%2BIVVrxSLBjBhEg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da4cfb783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1260,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"765d587f2fa06c24ff0171ac90b29970","sha1":"d39bdbc4539ba9510ab88d4ce37fc8610c97df5f","sha256":"c796a372f7fa5f4290fab96b7b2e5eb75ef5edc0bae9c84c96eebf92f84c5cc8","sha512":"5fdbdc23252620638d3ca7b680c592a172bb9dfa326aa899b40271278a3f987864d4ab6d4d6cd910ec8113306638028bc1f7a949f5e53f8cf2b8f42910e1aa65","ssdeep":"","tlshash":"0521ad208bfa0e95959ec1623a9c5e541d1d52b38a16cd1c3ff53bce1fc9200b4d5f85","first_seen":"2025-05-30T06:39:41.488235Z","last_seen":"2026-04-13T22:27:18.247008Z","times_seen":39,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/desktop/i-2.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/desktop/i-2.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 6276\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-1884\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IX6E%2BrbP%2BW7aVFzGiHy84qRfuG1HUeHHm%2FEwbGTDrIzLjSiCiK4cQLMTxSve%2B8PM%2Ff9MLmDNduYJ0vliynBgmZDSogJ%2Fwy25BNWjHg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2da9db3783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6276,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 185 x 51, 8-bit/color RGBA, non-interlaced","md5":"d8a3e6d24fa83167b7d930ce9ec7d4a6","sha1":"d7cdca0a764ebb0edb99ae34c068d5175691f74e","sha256":"4b7de4d18302cceaec116cfaea5b2ec36210538bd79d28be76e2e60afc9e46e4","sha512":"29ef7e5ac56422c195ee930c145aa315bc9d39da4af6906a22f69e4ff3cfd0a1d4b42fcf929d948b4698256bd2ecf18b3a2337ad6ff46874a5d97814355c117d","ssdeep":"192:lSCNZrr0G9pY8iIuCxde+5ImeV2xev3G2KgQ28TDJX:ECZrrXT7iIu05ImeVYevG2Kgr8BX","tlshash":"07d16cadb2c6c274a1d838f247156869bc9b97682230a1673fc6e941558cac1fdcd312","first_seen":"2025-11-20T19:09:03.416246Z","last_seen":"2026-04-13T22:27:18.20086Z","times_seen":6,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"41a6.tsq1.cc/assets/images/mobile/a-1.png","fqdn":"41a6.tsq1.cc","domain":"tsq1.cc","tld":"cc"},"ip":{"addr":"154.207.77.133","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://41a6.tsq1.cc/","date":"2026-01-02T13:34:50.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsq1.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 17:08:19 GMT","end":"Fri, 13 Feb 2026 18:06:57 GMT"},"fingerprint":{"sha1":"87:8C:04:17:C1:65:33:34:2E:8E:34:51:4B:2E:E2:C1:F4:BD:37:F9","sha256":"6D:5F:83:B6:82:68:13:E0:33:34:65:57:A0:A9:BA:BD:85:BB:57:68:E7:21:D3:25:4E:7E:0C:47:F4:38:06:61"}}},"request":{"raw":"GET /assets/images/mobile/a-1.png HTTP/1.1\r\nHost: 41a6.tsq1.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Jan 2026 13:34:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 96863\r\nserver: cloudflare\r\nlast-modified: Wed, 19 Nov 2025 14:13:06 GMT\r\npriority: u=4,i=?0\r\netag: \"691dd072-17a5f\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DzJgq6N6rCuDVR0mh1WayVXhySc4XozpnE6En05aeF%2F%2BtnVzfkQ8u2NlpfI8KMuM6U6D8uZoUu%2FNAxBpRbU0JQv7%2FrbbqQc6zsKYUA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b7aa2daade9783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96863,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 366 x 671, 8-bit colormap, non-interlaced","md5":"4fd6bdb7138e654c98b730d29c14e932","sha1":"29412d1d51375a00a8694e38d97c7753ad6fd0ea","sha256":"91a8002425719b4a63a8f50e6662a012bd49779afce16243066b0e85291a8e3b","sha512":"d7e962985c91e86852a2ca84fb52ff4c1e91d93cc6cfa4e54ec0e0c1b696af7ccade99619786a8cf8bfed7603c5c7a90b3fe7a06d27b8f6b28db179fee362e85","ssdeep":"1536:O2jXo0R2J41OBptkFGFiZut/98FkSYf7iIEhtkavU7BC0xSSHCRKRVQ+2gW9OlV2:OcY0ReIOn6uiESddIEhtkac7BCjFQVQz","tlshash":"db930246badfc065b528d1c77bc28665d8ebc0b1861fc750a8efc2057d137060aa9bad","first_seen":"2025-11-20T19:09:03.446983Z","last_seen":"2026-04-13T22:27:18.217072Z","times_seen":7,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"41a6.tsq1.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}