{"report_id":"9c2d086b-bf06-4bb1-92fa-a59dbc49b15a","version":6,"status":"done","tags":[],"date":"2025-12-03T21:19:57Z","url":{"schema":"http","addr":"esimrev.com/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":0,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"final":{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"title":"- Search Results - eSIMREV","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"esimrev.com/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":0,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-07T21:19:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"tj.zcot.cn","ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":8,"received_data":277908,"sent_data":5006,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"esimrev.com","ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":82,"request_count":82,"received_data":7066826,"sent_data":45802,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Polylang","description":"Polylang is a WordPress plugin which allows you to create multilingual WordPress site.","website":"https://wordpress.org/plugins/polylang","common_platform_enumeration":"","icon":"Polylang.svg","categories":["WordPress plugins","Translation"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"a1e822512d275a4da751fd6c827ba776","sha1":"028efeeb93d70d1a550dd97e86261d72657ab6b0","sha256":"e6c52f698132e9413f80c2d7f49cc2ab6fc40608eed6e22b33952ad3e56173b0","sha512":"03be67a18c2b18d1c0b89430fcff5c72865d0824db5e99d00b41045ccbdec5269796d8e69df4b090beb91e92099ea9832411bd3eb5a066f1a85125b401ca3f35","ssdeep":"","tlshash":"965000c030000000000300003030030000000000000303f00000000000000000003030","size":8,"data":"","first_seen":"2023-03-07T01:15:04Z","last_seen":"2026-04-03T18:55:01.452783Z","times_seen":992,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"9e73c2fb91bf712b249e371270b50acd","sha1":"9205b97d82e266cf58fa9e7672732996d5275a7a","sha256":"cfdf7c67a0fbc86d50431bd7f09eb8f38005288240b1707a4813d470501ca8eb","sha512":"4b2433cfc07e101418fdb8cf47e2b96a0efc6f19fc8fbef9bc92da01cf20bea6273dddc1b5f13a07bb29dd2ae18346d4623b3d923711a3816bde82704b0952b2","ssdeep":"","tlshash":"77600000333f0c0cc0303f03f03c0f303c00000000003f00003f0000000000000f0030","size":15,"data":"","first_seen":"2023-03-08T06:38:19Z","last_seen":"2026-04-03T02:42:57.71447Z","times_seen":663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"56711393d09e2c5cdc00858714763f8a","sha1":"6f6665e9356ade880c4753b08a59ecb0134dc421","sha256":"28eaff738eed74709603ed7b081fa1b4a06c33694f1a02ec67f7f05c0a42c238","sha512":"e5da5c6eb19e3e2b7370844dbe3dbd056a811e006c2f44a60c9c68b52ef0d27ad3fb2584f616369328a44db9c4ed224b0cbbc9e4b0639dfbe770c1e7208ea652","ssdeep":"","tlshash":"b4f0e9e3a407567327b317a0d97fed11e74e7168ec8191a5b6378c0cb5d0c62a0d7e44","size":510,"data":"","first_seen":"2025-12-03T21:20:11.552675Z","last_seen":"2025-12-03T21:20:11.552675Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","size":68884,"data":"","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","size":235015,"data":"","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"8600609620ff8e936d210700f21206dd","sha1":"ba0daffcc6a8857d504a220cd24de055bb48adca","sha256":"55f069bf272d08d6e84f8e31a794ced440750081f8b54903dd61e138f2580b0b","sha512":"798ea56b9074d9c3d433a52d17eeb97f9a7ca32988f4b36dbade076e56990b12e4849c93f42b5dd6b2ab2454b8bfa019a9f08928a4a54129e2700dc5afc149a0","ssdeep":"","tlshash":"b4c0803950130c234771524564005f0572cd97699004654552791c0da8de6338158741","size":157,"data":"","first_seen":"2025-12-03T21:20:11.555572Z","last_seen":"2025-12-03T21:20:11.555572Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5a0e55a1a387ef4a77a77e69293e4c8","sha1":"e3eb7268baffa8f375572ea21fdde96053fc1f3e","sha256":"31c23ad629443b8b70a623f38e40946ce870a847fd4f26bd70eeb55d1a41bd85","sha512":"d446c86506bdf9c028bf25cb4372b605d43de2587e6dafaca30e3fe0312f280ef1a0a397549b4ae60d02030ffa8d041796fd3599b9f3180ab49a6ba94c33c220","ssdeep":"","tlshash":"96c02b5185c41ed322f01df82564717383a66169e8309415175ac0456a30c01ccce503","size":132,"data":"","first_seen":"2025-12-03T21:20:11.557325Z","last_seen":"2025-12-03T21:20:11.557325Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"26995d99efe6e973483a2659393f4e93","sha1":"2a64587c5363921653bc9b058f39aff27879a634","sha256":"ec41a11a5395c39f76ead4c8def42c5956e1cc8019b495b3b854c877fef35800","sha512":"6b99c82e2b8183a0d585f9f5b0df81e9c100860bf56fe1d745db1a49aba1183ecd5b8641bcded323bb93582365d3cd41b585856dbbcb5bcb1d70bd1aa10e33bd","ssdeep":"","tlshash":"8fa0021815c709558c26cc1053135a005f674741e571cd314c4d75c4cf0777d13d9951","size":77,"data":"","first_seen":"2023-04-09T21:39:39Z","last_seen":"2026-03-29T20:15:53.248324Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/erphpdown-js-extra","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0262d82ecf26e05f5d0527084d987bc","sha1":"1049cf4da8f9899ff13e3151610174581463cde6","sha256":"d05a089eb549d370b05406bfc4e617410cbf4cda141411bdcc3c68eb73909e6e","sha512":"c14d04a2b83b016f62fdd6cfa274e1bd2e5969d94615c79cb3dbd7aa4d824bea9061449c8c48306c96901e476ff587901640136afc8617787173a17e9fc86465","ssdeep":"","tlshash":"8bf02b51c5c41ed322f01df825a4717383e67169e830a415175bc0456a30c01ccce603","size":489,"data":"","first_seen":"2025-12-03T21:20:11.559956Z","last_seen":"2025-12-03T21:20:11.559956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"96961039dda2a6d3363972ee8c4b30c8","sha1":"cf08d1c233af92869fd8a82b1301ccfb90096f83","sha256":"3afe8d0ece51b4e0c78af7d401dbf92d5d5e1fafc2a4d4c487212e6bd02c504d","sha512":"34ba0b45b7428d535d60e5c25620ed3b25c2c2a15f53b353a0047c34b5553b661e9cbbe8d42c7c3cce24af5c80d9082d5c00fc2f4b527cbd1cad71210bee1b5a","ssdeep":"","tlshash":"7af059155aef1dfd613a627e6dbe8d2d72ab281aa0a0c0446e90a8155e7298186542c8","size":502,"data":"","first_seen":"2025-12-03T21:20:11.561469Z","last_seen":"2025-12-03T21:20:11.561469Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","size":74844,"data":"","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","size":68884,"data":"","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","size":125556,"data":"","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"9e73c2fb91bf712b249e371270b50acd","sha1":"9205b97d82e266cf58fa9e7672732996d5275a7a","sha256":"cfdf7c67a0fbc86d50431bd7f09eb8f38005288240b1707a4813d470501ca8eb","sha512":"4b2433cfc07e101418fdb8cf47e2b96a0efc6f19fc8fbef9bc92da01cf20bea6273dddc1b5f13a07bb29dd2ae18346d4623b3d923711a3816bde82704b0952b2","ssdeep":"","tlshash":"77600000333f0c0cc0303f03f03c0f303c00000000003f00003f0000000000000f0030","size":15,"data":"","first_seen":"2023-03-08T06:38:19Z","last_seen":"2026-04-03T02:42:57.71447Z","times_seen":663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","size":74844,"data":"","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","size":68884,"data":"","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","size":125556,"data":"","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","size":235015,"data":"","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"c05969322d70e465676746a1e8d98159","sha1":"9ef13a41aa2590e938b8dcc015aa2cfc88ad0dba","sha256":"19a9c9e40f03b2b4d115b63b3734312019c67716847894d0288454e0e79f4099","sha512":"f50164c312db1f71d9bf1203518d9dada52bd02a91dcde701713151e2323bc7caea79be684bbb95cf248c4222d12a97015717045337eecacad80c7bba8f36ca5","ssdeep":"384:2n+duDjCTEDaBo0iEIps0qLMDJyicywejMNQfyXG9GWVzqy+:6+dEOkuoMwFHIrNQfyXGkWVzz+","tlshash":"69522c9d39942b6c935012740cef606568f529289e0c7cf0f3badd3068a5e99506ffee","size":13604,"data":"","first_seen":"2023-03-07T15:01:33Z","last_seen":"2026-04-03T17:23:21.812184Z","times_seen":984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"56711393d09e2c5cdc00858714763f8a","sha1":"6f6665e9356ade880c4753b08a59ecb0134dc421","sha256":"28eaff738eed74709603ed7b081fa1b4a06c33694f1a02ec67f7f05c0a42c238","sha512":"e5da5c6eb19e3e2b7370844dbe3dbd056a811e006c2f44a60c9c68b52ef0d27ad3fb2584f616369328a44db9c4ed224b0cbbc9e4b0639dfbe770c1e7208ea652","ssdeep":"","tlshash":"b4f0e9e3a407567327b317a0d97fed11e74e7168ec8191a5b6378c0cb5d0c62a0d7e44","size":510,"data":"","first_seen":"2025-12-03T21:20:11.552675Z","last_seen":"2025-12-03T21:20:11.552675Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","size":68884,"data":"","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"a1e822512d275a4da751fd6c827ba776","sha1":"028efeeb93d70d1a550dd97e86261d72657ab6b0","sha256":"e6c52f698132e9413f80c2d7f49cc2ab6fc40608eed6e22b33952ad3e56173b0","sha512":"03be67a18c2b18d1c0b89430fcff5c72865d0824db5e99d00b41045ccbdec5269796d8e69df4b090beb91e92099ea9832411bd3eb5a066f1a85125b401ca3f35","ssdeep":"","tlshash":"965000c030000000000300003030030000000000000303f00000000000000000003030","size":8,"data":"","first_seen":"2023-03-07T01:15:04Z","last_seen":"2026-04-03T18:55:01.452783Z","times_seen":992,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","size":235015,"data":"","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","size":235015,"data":"","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/erphpdown-js-extra","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0262d82ecf26e05f5d0527084d987bc","sha1":"1049cf4da8f9899ff13e3151610174581463cde6","sha256":"d05a089eb549d370b05406bfc4e617410cbf4cda141411bdcc3c68eb73909e6e","sha512":"c14d04a2b83b016f62fdd6cfa274e1bd2e5969d94615c79cb3dbd7aa4d824bea9061449c8c48306c96901e476ff587901640136afc8617787173a17e9fc86465","ssdeep":"","tlshash":"8bf02b51c5c41ed322f01df825a4717383e67169e830a415175bc0456a30c01ccce603","size":489,"data":"","first_seen":"2025-12-03T21:20:11.559956Z","last_seen":"2025-12-03T21:20:11.559956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","size":74844,"data":"","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"c05969322d70e465676746a1e8d98159","sha1":"9ef13a41aa2590e938b8dcc015aa2cfc88ad0dba","sha256":"19a9c9e40f03b2b4d115b63b3734312019c67716847894d0288454e0e79f4099","sha512":"f50164c312db1f71d9bf1203518d9dada52bd02a91dcde701713151e2323bc7caea79be684bbb95cf248c4222d12a97015717045337eecacad80c7bba8f36ca5","ssdeep":"384:2n+duDjCTEDaBo0iEIps0qLMDJyicywejMNQfyXG9GWVzqy+:6+dEOkuoMwFHIrNQfyXGkWVzz+","tlshash":"69522c9d39942b6c935012740cef606568f529289e0c7cf0f3badd3068a5e99506ffee","size":13604,"data":"","first_seen":"2023-03-07T15:01:33Z","last_seen":"2026-04-03T17:23:21.812184Z","times_seen":984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","size":68884,"data":"","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","size":125556,"data":"","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","size":74844,"data":"","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/erphpdown-js-extra","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0262d82ecf26e05f5d0527084d987bc","sha1":"1049cf4da8f9899ff13e3151610174581463cde6","sha256":"d05a089eb549d370b05406bfc4e617410cbf4cda141411bdcc3c68eb73909e6e","sha512":"c14d04a2b83b016f62fdd6cfa274e1bd2e5969d94615c79cb3dbd7aa4d824bea9061449c8c48306c96901e476ff587901640136afc8617787173a17e9fc86465","ssdeep":"","tlshash":"8bf02b51c5c41ed322f01df825a4717383e67169e830a415175bc0456a30c01ccce603","size":489,"data":"","first_seen":"2025-12-03T21:20:11.559956Z","last_seen":"2025-12-03T21:20:11.559956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"c05969322d70e465676746a1e8d98159","sha1":"9ef13a41aa2590e938b8dcc015aa2cfc88ad0dba","sha256":"19a9c9e40f03b2b4d115b63b3734312019c67716847894d0288454e0e79f4099","sha512":"f50164c312db1f71d9bf1203518d9dada52bd02a91dcde701713151e2323bc7caea79be684bbb95cf248c4222d12a97015717045337eecacad80c7bba8f36ca5","ssdeep":"384:2n+duDjCTEDaBo0iEIps0qLMDJyicywejMNQfyXG9GWVzqy+:6+dEOkuoMwFHIrNQfyXGkWVzz+","tlshash":"69522c9d39942b6c935012740cef606568f529289e0c7cf0f3badd3068a5e99506ffee","size":13604,"data":"","first_seen":"2023-03-07T15:01:33Z","last_seen":"2026-04-03T17:23:21.812184Z","times_seen":984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"a1e822512d275a4da751fd6c827ba776","sha1":"028efeeb93d70d1a550dd97e86261d72657ab6b0","sha256":"e6c52f698132e9413f80c2d7f49cc2ab6fc40608eed6e22b33952ad3e56173b0","sha512":"03be67a18c2b18d1c0b89430fcff5c72865d0824db5e99d00b41045ccbdec5269796d8e69df4b090beb91e92099ea9832411bd3eb5a066f1a85125b401ca3f35","ssdeep":"","tlshash":"965000c030000000000300003030030000000000000303f00000000000000000003030","size":8,"data":"","first_seen":"2023-03-07T01:15:04Z","last_seen":"2026-04-03T18:55:01.452783Z","times_seen":992,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"c05969322d70e465676746a1e8d98159","sha1":"9ef13a41aa2590e938b8dcc015aa2cfc88ad0dba","sha256":"19a9c9e40f03b2b4d115b63b3734312019c67716847894d0288454e0e79f4099","sha512":"f50164c312db1f71d9bf1203518d9dada52bd02a91dcde701713151e2323bc7caea79be684bbb95cf248c4222d12a97015717045337eecacad80c7bba8f36ca5","ssdeep":"384:2n+duDjCTEDaBo0iEIps0qLMDJyicywejMNQfyXG9GWVzqy+:6+dEOkuoMwFHIrNQfyXGkWVzz+","tlshash":"69522c9d39942b6c935012740cef606568f529289e0c7cf0f3badd3068a5e99506ffee","size":13604,"data":"","first_seen":"2023-03-07T15:01:33Z","last_seen":"2026-04-03T17:23:21.812184Z","times_seen":984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"8600609620ff8e936d210700f21206dd","sha1":"ba0daffcc6a8857d504a220cd24de055bb48adca","sha256":"55f069bf272d08d6e84f8e31a794ced440750081f8b54903dd61e138f2580b0b","sha512":"798ea56b9074d9c3d433a52d17eeb97f9a7ca32988f4b36dbade076e56990b12e4849c93f42b5dd6b2ab2454b8bfa019a9f08928a4a54129e2700dc5afc149a0","ssdeep":"","tlshash":"b4c0803950130c234771524564005f0572cd97699004654552791c0da8de6338158741","size":157,"data":"","first_seen":"2025-12-03T21:20:11.555572Z","last_seen":"2025-12-03T21:20:11.555572Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5a0e55a1a387ef4a77a77e69293e4c8","sha1":"e3eb7268baffa8f375572ea21fdde96053fc1f3e","sha256":"31c23ad629443b8b70a623f38e40946ce870a847fd4f26bd70eeb55d1a41bd85","sha512":"d446c86506bdf9c028bf25cb4372b605d43de2587e6dafaca30e3fe0312f280ef1a0a397549b4ae60d02030ffa8d041796fd3599b9f3180ab49a6ba94c33c220","ssdeep":"","tlshash":"96c02b5185c41ed322f01df82564717383a66169e8309415175ac0456a30c01ccce503","size":132,"data":"","first_seen":"2025-12-03T21:20:11.557325Z","last_seen":"2025-12-03T21:20:11.557325Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","size":125556,"data":"","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"a1e822512d275a4da751fd6c827ba776","sha1":"028efeeb93d70d1a550dd97e86261d72657ab6b0","sha256":"e6c52f698132e9413f80c2d7f49cc2ab6fc40608eed6e22b33952ad3e56173b0","sha512":"03be67a18c2b18d1c0b89430fcff5c72865d0824db5e99d00b41045ccbdec5269796d8e69df4b090beb91e92099ea9832411bd3eb5a066f1a85125b401ca3f35","ssdeep":"","tlshash":"965000c030000000000300003030030000000000000303f00000000000000000003030","size":8,"data":"","first_seen":"2023-03-07T01:15:04Z","last_seen":"2026-04-03T18:55:01.452783Z","times_seen":992,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","size":74844,"data":"","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/erphpdown-js-extra","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"80fbbf6ae4d7a1238c49d31a168bfd7f","sha1":"ccc1cf0b9816f0f47e41e56c0026cc0307d5bfea","sha256":"da23e417935099a2a5749c98512b0ebf408e9f22a07e167d3faf77e92a6fe2e5","sha512":"0296a2c7b4934360666dd493a029e2f8273ead914dda0c5035da4efebf7ee31cef04e35a59aaa72e1d027ff1e36e0be5326833293cb8cd43e67dfaf8aa64318d","ssdeep":"","tlshash":"4df02b51c5c41ed322f01df825a4717383e67169e830a415175bc0456a30c01ccce603","size":458,"data":"","first_seen":"2025-12-03T21:20:11.564113Z","last_seen":"2025-12-03T21:20:11.564113Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","size":125556,"data":"","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","size":235015,"data":"","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/erphpdown-js-extra","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0262d82ecf26e05f5d0527084d987bc","sha1":"1049cf4da8f9899ff13e3151610174581463cde6","sha256":"d05a089eb549d370b05406bfc4e617410cbf4cda141411bdcc3c68eb73909e6e","sha512":"c14d04a2b83b016f62fdd6cfa274e1bd2e5969d94615c79cb3dbd7aa4d824bea9061449c8c48306c96901e476ff587901640136afc8617787173a17e9fc86465","ssdeep":"","tlshash":"8bf02b51c5c41ed322f01df825a4717383e67169e830a415175bc0456a30c01ccce603","size":489,"data":"","first_seen":"2025-12-03T21:20:11.559956Z","last_seen":"2025-12-03T21:20:11.559956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"c05969322d70e465676746a1e8d98159","sha1":"9ef13a41aa2590e938b8dcc015aa2cfc88ad0dba","sha256":"19a9c9e40f03b2b4d115b63b3734312019c67716847894d0288454e0e79f4099","sha512":"f50164c312db1f71d9bf1203518d9dada52bd02a91dcde701713151e2323bc7caea79be684bbb95cf248c4222d12a97015717045337eecacad80c7bba8f36ca5","ssdeep":"384:2n+duDjCTEDaBo0iEIps0qLMDJyicywejMNQfyXG9GWVzqy+:6+dEOkuoMwFHIrNQfyXGkWVzz+","tlshash":"69522c9d39942b6c935012740cef606568f529289e0c7cf0f3badd3068a5e99506ffee","size":13604,"data":"","first_seen":"2023-03-07T15:01:33Z","last_seen":"2026-04-03T17:23:21.812184Z","times_seen":984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"26995d99efe6e973483a2659393f4e93","sha1":"2a64587c5363921653bc9b058f39aff27879a634","sha256":"ec41a11a5395c39f76ead4c8def42c5956e1cc8019b495b3b854c877fef35800","sha512":"6b99c82e2b8183a0d585f9f5b0df81e9c100860bf56fe1d745db1a49aba1183ecd5b8641bcded323bb93582365d3cd41b585856dbbcb5bcb1d70bd1aa10e33bd","ssdeep":"","tlshash":"8fa0021815c709558c26cc1053135a005f674741e571cd314c4d75c4cf0777d13d9951","size":77,"data":"","first_seen":"2023-04-09T21:39:39Z","last_seen":"2026-03-29T20:15:53.248324Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"eval","is_inline":false,"md5":"a1e822512d275a4da751fd6c827ba776","sha1":"028efeeb93d70d1a550dd97e86261d72657ab6b0","sha256":"e6c52f698132e9413f80c2d7f49cc2ab6fc40608eed6e22b33952ad3e56173b0","sha512":"03be67a18c2b18d1c0b89430fcff5c72865d0824db5e99d00b41045ccbdec5269796d8e69df4b090beb91e92099ea9832411bd3eb5a066f1a85125b401ca3f35","ssdeep":"","tlshash":"965000c030000000000300003030030000000000000303f00000000000000000003030","size":8,"data":"","first_seen":"2023-03-07T01:15:04Z","last_seen":"2026-04-03T18:55:01.452783Z","times_seen":992,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:38.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/fonts.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-445e\"\r\nexpires: Thu, 04 Dec 2025 09:19:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17502,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8453), with CRLF line terminators","md5":"f914eae25c04c912c27b7398d0224023","sha1":"03a0fa2bb2ed3417ebc28100b54b75d1220b9664","sha256":"3a23649321e271bb4caf3113b9ef4dbd245636fe271b3c98ccb72fe7bf40a6e6","sha512":"5840aa8a5c70f02fe19a6a449171f57ec5803b486263564703c51d43570233897443ec2b11c45a3f140c97c0c9913fba25d41909d9495726b30c48b88bee07b8","ssdeep":"192:5pxqw+yoNkyC17gWrdMeKDQjPJJeLBDo+:powMTErM5o+","tlshash":"647211e6d24e20da3732ce43a349f35a9c95f922e9e28c9af00f551c1ef1615d2c5b78","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.255311Z","times_seen":27,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:42.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/lib.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-39607\"\r\nexpires: Thu, 04 Dec 2025 09:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":235015,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24811), with CRLF line terminators","md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"resource_available":true,"data":null}},"time_used":769,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":769,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 12:53:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6c53-2195b\"\r\nexpires: Fri, 02 Jan 2026 21:19:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":137563,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x737, components 3","md5":"d1bb6cf471e662c505e5953f02fb30b6","sha1":"ef99666b8208868e45d54df65364c203dfd8bf9a","sha256":"cb91afc03536e2a035c5f8b321811fb63062943b3f2cf47b126ccf845632cbec","sha512":"d0c56da77b4f7a34737fd1b4395a7291e491430d23a83d60c28af6a38f0daf63aa5aa9fe07dc70fb37b975af05811cdeae14308d22f00ce4258ffb1b475c5e6d","ssdeep":"3072:cT3xjXSMDeZ3WG7jiNkqGRzviVZQVZ2KxVznG0r3j3UNRZXV:cT3RXSWY7jiqqGRzviVZGZx7zn13ul","tlshash":"19d3d04b6d1990e3f00ca79efe622d6c3d3e9754f98239fa54102ccc7be85434d8956a","first_seen":"2025-12-03T21:20:11.517139Z","last_seen":"2025-12-03T21:20:11.517139Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:49.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 13 Nov 2025 12:49:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6915d3dd-2027\"\r\nexpires: Fri, 02 Jan 2026 21:19:49 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8231,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 192x192, components 3","md5":"88e7b4ea4754fab47f142b144052a9c1","sha1":"0109096511008cd9deb30564b95bb704796f0267","sha256":"611d391156d340240e5c73c7a7ecda254a2aedfbe957e08be898a4b302b52fbb","sha512":"535ccef9fa0be19a16b5ab338b377d59a21963f82810bd113013f0472bd0580a4c62d4fd396dd01fdf40bcef560122bb12b763b6636c9190bad25fd300c86eaa","ssdeep":"192:/PlW/LcdWlQr/jSbTLcA8gSPeZje1G1egSe9bNZDkI:3lxWlysT3SPepZgAbNZDkI","tlshash":"4d02b0a53e94a8408d060e77592ec3a7c6a66605610fe71abf70c580ff80fdd7848c9e","first_seen":"2025-12-03T21:20:11.518234Z","last_seen":"2025-12-03T21:20:11.518234Z","times_seen":1,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:51.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:51 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 20 Nov 2025 13:47:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f1bee-130f8\"\r\nexpires: Fri, 02 Jan 2026 21:19:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78072,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 654x1024, components 3","md5":"81b0177d23f925212eec877bc0cd0787","sha1":"ed6de2c9ebcb3a4b8bd873ca5f70c1a33dffe9c1","sha256":"9d0768896423f2422e3e945c7da391b20a456296cb0ce19f601f2246dee506b0","sha512":"d3ab1774c1ebe645efb19a5a650472b91363b7a5710a460e0c14630dc06516f15f8c1b604f1f66c4927cd91dd21909b4d6909d86f5525e54297a3032231649b7","ssdeep":"1536:ewEBlMIpMkTEu+TdOf1iaui+Cce2ozNaZXLsYCxmUmunbeUqQKlkM:DE9CucGwJCxxmKLtKlkM","tlshash":"0573e117bd050973a50ad3a72cd61d1d18aa978876c3a6ee47b78cc07f163468e4f0fa","first_seen":"2025-12-03T21:20:11.52632Z","last_seen":"2025-12-03T21:20:11.52632Z","times_seen":1,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:38.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 09:39:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911b2b6-1245c\"\r\nexpires: Thu, 04 Dec 2025 09:19:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74844,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21455), with CRLF line terminators","md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"resource_available":true,"data":null}},"time_used":518,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":518,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:45.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 13 Nov 2025 12:49:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6915d3dd-2027\"\r\nexpires: Fri, 02 Jan 2026 21:19:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8231,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 192x192, components 3","md5":"88e7b4ea4754fab47f142b144052a9c1","sha1":"0109096511008cd9deb30564b95bb704796f0267","sha256":"611d391156d340240e5c73c7a7ecda254a2aedfbe957e08be898a4b302b52fbb","sha512":"535ccef9fa0be19a16b5ab338b377d59a21963f82810bd113013f0472bd0580a4c62d4fd396dd01fdf40bcef560122bb12b763b6636c9190bad25fd300c86eaa","ssdeep":"192:/PlW/LcdWlQr/jSbTLcA8gSPeZje1G1egSe9bNZDkI:3lxWlysT3SPepZgAbNZDkI","tlshash":"4d02b0a53e94a8408d060e77592ec3a7c6a66605610fe71abf70c580ff80fdd7848c9e","first_seen":"2025-12-03T21:20:11.518234Z","last_seen":"2025-12-03T21:20:11.518234Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:50.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/base.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-1ea74\"\r\nexpires: Thu, 04 Dec 2025 09:19:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":125556,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"resource_available":true,"data":null}},"time_used":1024,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1024,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/img/avatar.png","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/img/avatar.png HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 706\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-2c2\"\r\nexpires: Fri, 02 Jan 2026 21:19:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit grayscale, non-interlaced","md5":"1a79b1429cf019111f2cb2c928cc7748","sha1":"f9976bef841ee213c68e18e1d6f939930bbf262e","sha256":"1074b9c2a5d909a661a99f6edecb6bca1a8d267c9f9415ac7c615c47d1987b01","sha512":"cc6782cddcc2bdf0abf94672da0b578b1a74a6dc0ec7587139eabe46e4b0bc3dcf5338a964f1d1395878e9da5147393e0ebee50ea2e5e25175e9ee9ea6e7009e","ssdeep":"","tlshash":"e00144aaae1782a6efb2c732462f41a1de6cb2759044545252c80307cabd2395d89b61","first_seen":"2023-12-03T08:43:46Z","last_seen":"2026-03-01T08:46:04.442347Z","times_seen":19,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":447,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:51.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:51 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 01 Dec 2025 13:31:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692d98ae-10c3f\"\r\nexpires: Fri, 02 Jan 2026 21:19:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68671,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1062x760, components 3","md5":"ee5aff3c50e90d0c75ced1ad57212071","sha1":"450c3829b816cc63a4f6ce961a7775160fe5b0e2","sha256":"a3e92e71c9a926e497c27842bf859054940c1c1776d2d4f94b5960b88b13e1e4","sha512":"fd833e75c312f95cc0ef3d29d852f45bb22e2576fcb1c38918594cfb7269cd79bfa874da0a4ce3c3b8e44c83aae7c0d096f0f70530fe21102186b223fb71b162","ssdeep":"768:xpEkYycfbbbbbbbbbbbbJ3fQwFOPxC5Hp+wUSHaktnkgtnPMEshAAEPXxwGDNzWv:xpEkYNQwE0+DYM7ANGMO9Cj/g","tlshash":"e76328576525dbc3c4bd87f0be131eac8b0b5b58a88265eb00360f9f7e281635cc961e","first_seen":"2025-12-03T21:20:11.532611Z","last_seen":"2025-12-03T21:20:11.532611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":450,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.php?action_name=eSIMREV%20-%20Global%20eSIM%20Comparison%2C%20Setup%20Guides%20%26%20Data%20Plan%20Reviews\u0026idsite=13\u0026rec=1\u0026r=737124\u0026h=21\u0026m=19\u0026s=37\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F\u0026_id=d7a7630d99253a08\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=n2n3Zi\u0026pf_net=0\u0026pf_srv=738\u0026pf_tfr=0\u0026pf_dm1=2212\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:37.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"POST /matomo.php?action_name=eSIMREV%20-%20Global%20eSIM%20Comparison%2C%20Setup%20Guides%20%26%20Data%20Plan%20Reviews\u0026idsite=13\u0026rec=1\u0026r=737124\u0026h=21\u0026m=19\u0026s=37\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F\u0026_id=d7a7630d99253a08\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=n2n3Zi\u0026pf_net=0\u0026pf_srv=738\u0026pf_tfr=0\u0026pf_dm1=2212\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://esimrev.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\naccess-control-allow-origin: https://esimrev.com\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":1320,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1320,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/img/banner.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:35.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/img/banner.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/wp-content/themes/modown/static/css/base.css?ver=9.4\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:35 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-2fdb2\"\r\nexpires: Fri, 02 Jan 2026 21:19:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":196018,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 3840x292, components 3","md5":"343413ef2ad1d40aa3749d1120bed1ac","sha1":"9c5b045e0e2f034d0e23bcf365739ba371ceb77f","sha256":"e3089e5f7348ff65bda80eefaf08152da119cc441a11487d9b2e4a38b4e9dc54","sha512":"a86e3da8a7d04cfcc86fb3dbd21f0e1692110da731e11c4571c607a9f60e82926c336e73a18f087f8897b32b66d7e6312ee56f91a4e0c60ff7cf48ec2c42c88e","ssdeep":"3072:Oe1qdqN7Epv9MFHFAZmj5Dkhtj89Ybpe84lXJ5KZxCrkFOVYtBr5LkBTpLuxaAte:OeZ7ElAlAZmjz9YbU8EQZxiJVYv5INk2","tlshash":"b714125e53ce8654f462b5125309239b2ecf2c2158e3ef5342fb964a3ea6dac447d8c3","first_seen":"2023-05-16T09:02:17Z","last_seen":"2026-03-07T19:07:45.130858Z","times_seen":16,"resource_available":false,"data":null}},"time_used":1500,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/img/avatar.png","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/img/avatar.png HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 706\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-2c2\"\r\nexpires: Fri, 02 Jan 2026 21:19:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit grayscale, non-interlaced","md5":"1a79b1429cf019111f2cb2c928cc7748","sha1":"f9976bef841ee213c68e18e1d6f939930bbf262e","sha256":"1074b9c2a5d909a661a99f6edecb6bca1a8d267c9f9415ac7c615c47d1987b01","sha512":"cc6782cddcc2bdf0abf94672da0b578b1a74a6dc0ec7587139eabe46e4b0bc3dcf5338a964f1d1395878e9da5147393e0ebee50ea2e5e25175e9ee9ea6e7009e","ssdeep":"","tlshash":"e00144aaae1782a6efb2c732462f41a1de6cb2759044545252c80307cabd2395d89b61","first_seen":"2023-12-03T08:43:46Z","last_seen":"2026-03-01T08:46:04.442347Z","times_seen":19,"resource_available":false,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":417,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 01 Dec 2025 13:31:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692d98ae-10c3f\"\r\nexpires: Fri, 02 Jan 2026 21:19:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68671,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1062x760, components 3","md5":"ee5aff3c50e90d0c75ced1ad57212071","sha1":"450c3829b816cc63a4f6ce961a7775160fe5b0e2","sha256":"a3e92e71c9a926e497c27842bf859054940c1c1776d2d4f94b5960b88b13e1e4","sha512":"fd833e75c312f95cc0ef3d29d852f45bb22e2576fcb1c38918594cfb7269cd79bfa874da0a4ce3c3b8e44c83aae7c0d096f0f70530fe21102186b223fb71b162","ssdeep":"768:xpEkYycfbbbbbbbbbbbbJ3fQwFOPxC5Hp+wUSHaktnkgtnPMEshAAEPXxwGDNzWv:xpEkYNQwE0+DYM7ANGMO9Cj/g","tlshash":"e76328576525dbc3c4bd87f0be131eac8b0b5b58a88265eb00360f9f7e281635cc961e","first_seen":"2025-12-03T21:20:11.532611Z","last_seen":"2025-12-03T21:20:11.532611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":448,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":448,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 20 Nov 2025 13:47:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f1bee-130f8\"\r\nexpires: Fri, 02 Jan 2026 21:19:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78072,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 654x1024, components 3","md5":"81b0177d23f925212eec877bc0cd0787","sha1":"ed6de2c9ebcb3a4b8bd873ca5f70c1a33dffe9c1","sha256":"9d0768896423f2422e3e945c7da391b20a456296cb0ce19f601f2246dee506b0","sha512":"d3ab1774c1ebe645efb19a5a650472b91363b7a5710a460e0c14630dc06516f15f8c1b604f1f66c4927cd91dd21909b4d6909d86f5525e54297a3032231649b7","ssdeep":"1536:ewEBlMIpMkTEu+TdOf1iaui+Cce2ozNaZXLsYCxmUmunbeUqQKlkM:DE9CucGwJCxxmKLtKlkM","tlshash":"0573e117bd050973a50ad3a72cd61d1d18aa978876c3a6ee47b78cc07f163468e4f0fa","first_seen":"2025-12-03T21:20:11.52632Z","last_seen":"2025-12-03T21:20:11.52632Z","times_seen":1,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":449,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/base.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/base.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-50599\"\r\nexpires: Thu, 04 Dec 2025 09:19:33 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":329113,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (627), with CRLF line terminators","md5":"be036380d52ff937f5651aa5a8d8c314","sha1":"fbee817dc3d510fb14bff69b67ec12821ae160d7","sha256":"24c3a0d2cff35eec128ebcd37224bfe82f41d4a7aa7fa775f3d6a5f93d0e1341","sha512":"7f5d14312ee815a25cc7fa88da4b3aea8b3fba04e86fbc4fac2829efec7d339c610f62dae0e88ff472bb745f8596ae6d2386ba35c1d09b9029c55997c9cfa76c","ssdeep":"6144:5w1ERP86ISrdfuk2ArHAREMHAEGA1/AisRn3UnDljP9XXHKOq/fi5ouXO5F:i1ERP86ISrdfuk/rHjMHlGO/hJjP9K/","tlshash":"ad64fa2292502118712beaa6f5fba7997e3f8112f20307f9f5d17558c7ce8ba107274b","first_seen":"2025-05-11T17:32:58.478094Z","last_seen":"2026-02-14T20:56:45.264479Z","times_seen":27,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":514,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 09:39:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911b2b6-1245c\"\r\nexpires: Thu, 04 Dec 2025 09:19:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74844,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21455), with CRLF line terminators","md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"resource_available":true,"data":null}},"time_used":1534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:50.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 09:39:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911b2b6-1245c\"\r\nexpires: Thu, 04 Dec 2025 09:19:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74844,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21455), with CRLF line terminators","md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"resource_available":true,"data":null}},"time_used":768,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":768,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 13:07:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6f8b-22676\"\r\nexpires: Fri, 02 Jan 2026 21:19:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140918,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x683, components 3","md5":"368c962fb4fb0bbb91cce6d2c4ab8b40","sha1":"f5951a9ebc48295165cb5662abb6982ad2bd2bef","sha256":"7181ec860d189fbb35d339f547822f37d9f903e47afaa235c0be954f1f0f5647","sha512":"35a936d4645deba881f65b08d5822fed3bb7f5ed65670f30ac0ca6c2a10134e88c1345efa5c4bae2e6d1a54f4fc362acb91aab43fa464ad7bef8c1b86918f0ca","ssdeep":"3072:UzItFvADRuLiUl/ZRXBEpzTeWOKUGNfJOPCoBzHA0rsdO7EFlsl14HRpHGiKSIg+:VveR0i4xEFtn7fJv+bJrscbl14RpHS6+","tlshash":"9fd3f1178d201bc3596c9ba5be132cac1b9aaf6d04856be841191edf3fc5311dcbb11e","first_seen":"2025-12-03T21:20:11.538312Z","last_seen":"2025-12-03T21:20:11.538312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1535,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1535,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 20 Nov 2025 13:47:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f1bee-130f8\"\r\nexpires: Fri, 02 Jan 2026 21:19:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78072,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 654x1024, components 3","md5":"81b0177d23f925212eec877bc0cd0787","sha1":"ed6de2c9ebcb3a4b8bd873ca5f70c1a33dffe9c1","sha256":"9d0768896423f2422e3e945c7da391b20a456296cb0ce19f601f2246dee506b0","sha512":"d3ab1774c1ebe645efb19a5a650472b91363b7a5710a460e0c14630dc06516f15f8c1b604f1f66c4927cd91dd21909b4d6909d86f5525e54297a3032231649b7","ssdeep":"1536:ewEBlMIpMkTEu+TdOf1iaui+Cce2ozNaZXLsYCxmUmunbeUqQKlkM:DE9CucGwJCxxmKLtKlkM","tlshash":"0573e117bd050973a50ad3a72cd61d1d18aa978876c3a6ee47b78cc07f163468e4f0fa","first_seen":"2025-12-03T21:20:11.52632Z","last_seen":"2025-12-03T21:20:11.52632Z","times_seen":1,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":410,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/base.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:46.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/base.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-50599\"\r\nexpires: Thu, 04 Dec 2025 09:19:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":329113,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (627), with CRLF line terminators","md5":"be036380d52ff937f5651aa5a8d8c314","sha1":"fbee817dc3d510fb14bff69b67ec12821ae160d7","sha256":"24c3a0d2cff35eec128ebcd37224bfe82f41d4a7aa7fa775f3d6a5f93d0e1341","sha512":"7f5d14312ee815a25cc7fa88da4b3aea8b3fba04e86fbc4fac2829efec7d339c610f62dae0e88ff472bb745f8596ae6d2386ba35c1d09b9029c55997c9cfa76c","ssdeep":"6144:5w1ERP86ISrdfuk2ArHAREMHAEGA1/AisRn3UnDljP9XXHKOq/fi5ouXO5F:i1ERP86ISrdfuk/rHjMHlGO/hJjP9K/","tlshash":"ad64fa2292502118712beaa6f5fba7997e3f8112f20307f9f5d17558c7ce8ba107274b","first_seen":"2025-05-11T17:32:58.478094Z","last_seen":"2026-02-14T20:56:45.264479Z","times_seen":27,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:47 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 20 Nov 2025 13:47:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f1bee-130f8\"\r\nexpires: Fri, 02 Jan 2026 21:19:47 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78072,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 654x1024, components 3","md5":"81b0177d23f925212eec877bc0cd0787","sha1":"ed6de2c9ebcb3a4b8bd873ca5f70c1a33dffe9c1","sha256":"9d0768896423f2422e3e945c7da391b20a456296cb0ce19f601f2246dee506b0","sha512":"d3ab1774c1ebe645efb19a5a650472b91363b7a5710a460e0c14630dc06516f15f8c1b604f1f66c4927cd91dd21909b4d6909d86f5525e54297a3032231649b7","ssdeep":"1536:ewEBlMIpMkTEu+TdOf1iaui+Cce2ozNaZXLsYCxmUmunbeUqQKlkM:DE9CucGwJCxxmKLtKlkM","tlshash":"0573e117bd050973a50ad3a72cd61d1d18aa978876c3a6ee47b78cc07f163468e4f0fa","first_seen":"2025-12-03T21:20:11.52632Z","last_seen":"2025-12-03T21:20:11.52632Z","times_seen":1,"resource_available":false,"data":null}},"time_used":460,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":460,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:47 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 13:07:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6f8b-22676\"\r\nexpires: Fri, 02 Jan 2026 21:19:47 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140918,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x683, components 3","md5":"368c962fb4fb0bbb91cce6d2c4ab8b40","sha1":"f5951a9ebc48295165cb5662abb6982ad2bd2bef","sha256":"7181ec860d189fbb35d339f547822f37d9f903e47afaa235c0be954f1f0f5647","sha512":"35a936d4645deba881f65b08d5822fed3bb7f5ed65670f30ac0ca6c2a10134e88c1345efa5c4bae2e6d1a54f4fc362acb91aab43fa464ad7bef8c1b86918f0ca","ssdeep":"3072:UzItFvADRuLiUl/ZRXBEpzTeWOKUGNfJOPCoBzHA0rsdO7EFlsl14HRpHGiKSIg+:VveR0i4xEFtn7fJv+bJrscbl14RpHS6+","tlshash":"9fd3f1178d201bc3596c9ba5be132cac1b9aaf6d04856be841191edf3fc5311dcbb11e","first_seen":"2025-12-03T21:20:11.538312Z","last_seen":"2025-12-03T21:20:11.538312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":714,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":714,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:50.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/fonts.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-445e\"\r\nexpires: Thu, 04 Dec 2025 09:19:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17502,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8453), with CRLF line terminators","md5":"f914eae25c04c912c27b7398d0224023","sha1":"03a0fa2bb2ed3417ebc28100b54b75d1220b9664","sha256":"3a23649321e271bb4caf3113b9ef4dbd245636fe271b3c98ccb72fe7bf40a6e6","sha512":"5840aa8a5c70f02fe19a6a449171f57ec5803b486263564703c51d43570233897443ec2b11c45a3f140c97c0c9913fba25d41909d9495726b30c48b88bee07b8","ssdeep":"192:5pxqw+yoNkyC17gWrdMeKDQjPJJeLBDo+:powMTErM5o+","tlshash":"647211e6d24e20da3732ce43a349f35a9c95f922e9e28c9af00f551c1ef1615d2c5b78","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.255311Z","times_seen":27,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:50.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 28 Aug 2023 09:14:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64ec6570-15601\"\r\nexpires: Thu, 04 Dec 2025 09:19:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"resource_available":true,"data":null}},"time_used":767,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":767,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T21:19:31.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:32 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://esimrev.com/en/\r\nset-cookie: pll_language=en; expires=Thu, 03 Dec 2026 21:19:32 GMT; Max-Age=31536000; path=/; secure; SameSite=Lax\r\nvary: Accept-Language\r\nx-redirect-by: Polylang\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Polylang","description":"Polylang is a WordPress plugin which allows you to create multilingual WordPress site.","website":"https://wordpress.org/plugins/polylang","common_platform_enumeration":"","icon":"Polylang.svg","categories":["WordPress plugins","Translation"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37486,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":1880,"timings":{"blocked":537,"dns":17,"connect":257,"send":0,"wait":806,"receive":0,"ssl":261},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 13:07:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6f8b-22676\"\r\nexpires: Fri, 02 Jan 2026 21:19:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140918,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x683, components 3","md5":"368c962fb4fb0bbb91cce6d2c4ab8b40","sha1":"f5951a9ebc48295165cb5662abb6982ad2bd2bef","sha256":"7181ec860d189fbb35d339f547822f37d9f903e47afaa235c0be954f1f0f5647","sha512":"35a936d4645deba881f65b08d5822fed3bb7f5ed65670f30ac0ca6c2a10134e88c1345efa5c4bae2e6d1a54f4fc362acb91aab43fa464ad7bef8c1b86918f0ca","ssdeep":"3072:UzItFvADRuLiUl/ZRXBEpzTeWOKUGNfJOPCoBzHA0rsdO7EFlsl14HRpHGiKSIg+:VveR0i4xEFtn7fJv+bJrscbl14RpHS6+","tlshash":"9fd3f1178d201bc3596c9ba5be132cac1b9aaf6d04856be841191edf3fc5311dcbb11e","first_seen":"2025-12-03T21:20:11.538312Z","last_seen":"2025-12-03T21:20:11.538312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":665,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":665,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:42.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/fonts.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-445e\"\r\nexpires: Thu, 04 Dec 2025 09:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17502,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8453), with CRLF line terminators","md5":"f914eae25c04c912c27b7398d0224023","sha1":"03a0fa2bb2ed3417ebc28100b54b75d1220b9664","sha256":"3a23649321e271bb4caf3113b9ef4dbd245636fe271b3c98ccb72fe7bf40a6e6","sha512":"5840aa8a5c70f02fe19a6a449171f57ec5803b486263564703c51d43570233897443ec2b11c45a3f140c97c0c9913fba25d41909d9495726b30c48b88bee07b8","ssdeep":"192:5pxqw+yoNkyC17gWrdMeKDQjPJJeLBDo+:powMTErM5o+","tlshash":"647211e6d24e20da3732ce43a349f35a9c95f922e9e28c9af00f551c1ef1615d2c5b78","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.255311Z","times_seen":27,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:46.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/base.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-1ea74\"\r\nexpires: Thu, 04 Dec 2025 09:19:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":125556,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"resource_available":true,"data":null}},"time_used":1028,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1028,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:47 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 02 Dec 2025 06:39:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692e89a9-9d8a\"\r\nexpires: Fri, 02 Jan 2026 21:19:47 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40330,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 844x678, components 3","md5":"bd6a47982ad65c98056e9ff9fdf35125","sha1":"5b827f6d4dd683c822c522a5ffc82dec874d5a51","sha256":"8661af54c2227a7661022222246666dc07baf39f03452951bdc04c3812dd6f10","sha512":"6fb5a636df84b30ef58fbac44557012d8a618b531cd0784cdf9f35b1b1693642a6a4595d1a12d128e4379db9f60ed7210e247376b5cc81aa5a65cdd10308e28e","ssdeep":"768:X5////1X1ERMD0diNuVEuEvy0FxEaDcvAjIL2q9Jluly7m+ANgT:XDLImfE0Z6JlaHBm","tlshash":"c4037c23894949d5646d4ee2ad038dacaeb60f0df98a6ff707938f4dfad11430d2846d","first_seen":"2025-12-03T21:20:11.540613Z","last_seen":"2025-12-03T21:20:11.540613Z","times_seen":1,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T21:19:50.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /en/?s=\u0026cat= HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlink: \u003chttps://esimrev.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":39964,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8832), with CRLF, LF line terminators","md5":"67c051f3e7b3e275dac6e230dc7c2944","sha1":"7a3e6648285376d6b35cb024c410412351dfc7eb","sha256":"35afc57506f3b8c9229f75c8667d8d3b3605882a9a6b8ec5e224b5e3598fdd18","sha512":"f03f907cebf78f3520671937d52cd82517ab50d1355d2afd06b47ce784917cf5a3e392e8562a14abbc6c2cf5421e1ac4d59692cf76714204e10f1579c0b8183f","ssdeep":"768:MXzYGwNLBZdypJ/tmkgcEjuwKUx1dQu83BpO9hS63uSVPKK0pB47ludD:MXkGwNFyp2cE6wKUqu6CS63uSVPKK0pl","tlshash":"ad03e83295da00332a77c7ec8aa0b309f986e156cf024e9573fd569caf95db204d7a0d","first_seen":"2025-12-03T21:20:11.542145Z","last_seen":"2025-12-03T21:20:11.542145Z","times_seen":1,"resource_available":false,"data":null}},"time_used":755,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":755,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:38.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/lib.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-39607\"\r\nexpires: Thu, 04 Dec 2025 09:19:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":235015,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24811), with CRLF line terminators","md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"resource_available":true,"data":null}},"time_used":563,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":563,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:49.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 13 Nov 2025 12:49:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6915d3dd-4ec\"\r\nexpires: Fri, 02 Jan 2026 21:19:49 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1260,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 32x32, components 3","md5":"e0eb0f80e118aad1449a985dbc399c2c","sha1":"e40e1dd0a5405cd50880fea3068cf79eb607f702","sha256":"a636afda77dfde4fc88ba6f3586c8ef448a067e6ff702486d5e00146e32ced31","sha512":"d9af20c952fb203a966189b756d6a5ee2ca8ae2720427b24b71bd3e26891a9f08e8a0f10241d8d184f1c9b3bb2d7bfe52af7f7e27d06d7f4df722c62d44a7bdc","ssdeep":"","tlshash":"0121b75eef124280b912ccbb48f5109dd65a7902b648af407f70c270ca208c9d6d8e94","first_seen":"2025-12-03T21:20:11.543542Z","last_seen":"2025-12-03T21:20:11.543542Z","times_seen":1,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 01 Dec 2025 13:31:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692d98ae-10c3f\"\r\nexpires: Fri, 02 Jan 2026 21:19:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68671,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1062x760, components 3","md5":"ee5aff3c50e90d0c75ced1ad57212071","sha1":"450c3829b816cc63a4f6ce961a7775160fe5b0e2","sha256":"a3e92e71c9a926e497c27842bf859054940c1c1776d2d4f94b5960b88b13e1e4","sha512":"fd833e75c312f95cc0ef3d29d852f45bb22e2576fcb1c38918594cfb7269cd79bfa874da0a4ce3c3b8e44c83aae7c0d096f0f70530fe21102186b223fb71b162","ssdeep":"768:xpEkYycfbbbbbbbbbbbbJ3fQwFOPxC5Hp+wUSHaktnkgtnPMEshAAEPXxwGDNzWv:xpEkYNQwE0+DYM7ANGMO9Cj/g","tlshash":"e76328576525dbc3c4bd87f0be131eac8b0b5b58a88265eb00360f9f7e281635cc961e","first_seen":"2025-12-03T21:20:11.532611Z","last_seen":"2025-12-03T21:20:11.532611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T21:19:38.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /en/?s=\u0026cat= HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlink: \u003chttps://esimrev.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39964,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8832), with CRLF, LF line terminators","md5":"67c051f3e7b3e275dac6e230dc7c2944","sha1":"7a3e6648285376d6b35cb024c410412351dfc7eb","sha256":"35afc57506f3b8c9229f75c8667d8d3b3605882a9a6b8ec5e224b5e3598fdd18","sha512":"f03f907cebf78f3520671937d52cd82517ab50d1355d2afd06b47ce784917cf5a3e392e8562a14abbc6c2cf5421e1ac4d59692cf76714204e10f1579c0b8183f","ssdeep":"768:MXzYGwNLBZdypJ/tmkgcEjuwKUx1dQu83BpO9hS63uSVPKK0pB47ludD:MXkGwNFyp2cE6wKUqu6CS63uSVPKK0pl","tlshash":"ad03e83295da00332a77c7ec8aa0b309f986e156cf024e9573fd569caf95db204d7a0d","first_seen":"2025-12-03T21:20:11.542145Z","last_seen":"2025-12-03T21:20:11.542145Z","times_seen":1,"resource_available":false,"data":null}},"time_used":743,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":743,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:45.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 13 Nov 2025 12:49:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6915d3dd-4ec\"\r\nexpires: Fri, 02 Jan 2026 21:19:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1260,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 32x32, components 3","md5":"e0eb0f80e118aad1449a985dbc399c2c","sha1":"e40e1dd0a5405cd50880fea3068cf79eb607f702","sha256":"a636afda77dfde4fc88ba6f3586c8ef448a067e6ff702486d5e00146e32ced31","sha512":"d9af20c952fb203a966189b756d6a5ee2ca8ae2720427b24b71bd3e26891a9f08e8a0f10241d8d184f1c9b3bb2d7bfe52af7f7e27d06d7f4df722c62d44a7bdc","ssdeep":"","tlshash":"0121b75eef124280b912ccbb48f5109dd65a7902b648af407f70c270ca208c9d6d8e94","first_seen":"2025-12-03T21:20:11.543542Z","last_seen":"2025-12-03T21:20:11.543542Z","times_seen":1,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:46.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/fonts.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-445e\"\r\nexpires: Thu, 04 Dec 2025 09:19:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17502,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8453), with CRLF line terminators","md5":"f914eae25c04c912c27b7398d0224023","sha1":"03a0fa2bb2ed3417ebc28100b54b75d1220b9664","sha256":"3a23649321e271bb4caf3113b9ef4dbd245636fe271b3c98ccb72fe7bf40a6e6","sha512":"5840aa8a5c70f02fe19a6a449171f57ec5803b486263564703c51d43570233897443ec2b11c45a3f140c97c0c9913fba25d41909d9495726b30c48b88bee07b8","ssdeep":"192:5pxqw+yoNkyC17gWrdMeKDQjPJJeLBDo+:powMTErM5o+","tlshash":"647211e6d24e20da3732ce43a349f35a9c95f922e9e28c9af00f551c1ef1615d2c5b78","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.255311Z","times_seen":27,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:37.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.php?action_name=-%20Search%20Results%20-%20eSIMREV\u0026idsite=13\u0026rec=1\u0026r=644766\u0026h=21\u0026m=19\u0026s=44\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026urlref=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026_id=d7a7630d99253a08\u0026_idn=0\u0026send_image=0\u0026_refts=0\u0026pv_id=5FeH9P\u0026pf_net=0\u0026pf_srv=734\u0026pf_tfr=2\u0026pf_dm1=1183\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:44.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"POST /matomo.php?action_name=-%20Search%20Results%20-%20eSIMREV\u0026idsite=13\u0026rec=1\u0026r=644766\u0026h=21\u0026m=19\u0026s=44\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026urlref=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026_id=d7a7630d99253a08\u0026_idn=0\u0026send_image=0\u0026_refts=0\u0026pv_id=5FeH9P\u0026pf_net=0\u0026pf_srv=734\u0026pf_tfr=2\u0026pf_dm1=1183\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://esimrev.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:44 GMT\r\naccess-control-allow-origin: https://esimrev.com\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":515,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":507,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:38.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 08 Jun 2023 21:49:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64824ce4-3509\"\r\nexpires: Thu, 04 Dec 2025 09:19:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"resource_available":true,"data":null}},"time_used":518,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":518,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.php?action_name=-%20Search%20Results%20-%20eSIMREV\u0026idsite=13\u0026rec=1\u0026r=309900\u0026h=21\u0026m=19\u0026s=40\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026urlref=https%3A%2F%2Fesimrev.com%2Fen%2F\u0026_id=d7a7630d99253a08\u0026_idn=0\u0026send_image=0\u0026_refts=0\u0026pv_id=QLGCQ5\u0026pf_net=0\u0026pf_srv=743\u0026pf_tfr=1\u0026pf_dm1=894\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:40.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"POST /matomo.php?action_name=-%20Search%20Results%20-%20eSIMREV\u0026idsite=13\u0026rec=1\u0026r=309900\u0026h=21\u0026m=19\u0026s=40\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026urlref=https%3A%2F%2Fesimrev.com%2Fen%2F\u0026_id=d7a7630d99253a08\u0026_idn=0\u0026send_image=0\u0026_refts=0\u0026pv_id=QLGCQ5\u0026pf_net=0\u0026pf_srv=743\u0026pf_tfr=1\u0026pf_dm1=894\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://esimrev.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:40 GMT\r\naccess-control-allow-origin: https://esimrev.com\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":529,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":525,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:41.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:41 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 13 Nov 2025 12:49:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6915d3dd-4ec\"\r\nexpires: Fri, 02 Jan 2026 21:19:41 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1260,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 32x32, components 3","md5":"e0eb0f80e118aad1449a985dbc399c2c","sha1":"e40e1dd0a5405cd50880fea3068cf79eb607f702","sha256":"a636afda77dfde4fc88ba6f3586c8ef448a067e6ff702486d5e00146e32ced31","sha512":"d9af20c952fb203a966189b756d6a5ee2ca8ae2720427b24b71bd3e26891a9f08e8a0f10241d8d184f1c9b3bb2d7bfe52af7f7e27d06d7f4df722c62d44a7bdc","ssdeep":"","tlshash":"0121b75eef124280b912ccbb48f5109dd65a7902b648af407f70c270ca208c9d6d8e94","first_seen":"2025-12-03T21:20:11.543542Z","last_seen":"2025-12-03T21:20:11.543542Z","times_seen":1,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:42.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 09:39:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911b2b6-1245c\"\r\nexpires: Thu, 04 Dec 2025 09:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74844,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21455), with CRLF line terminators","md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"resource_available":true,"data":null}},"time_used":770,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":770,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:50.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/lib.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-39607\"\r\nexpires: Thu, 04 Dec 2025 09:19:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":235015,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24811), with CRLF line terminators","md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"resource_available":true,"data":null}},"time_used":768,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":768,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:37.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-32x32.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.535Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24460\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-5f8c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24460,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24460, version 1.0","md5":"c30b62e1bcf75fdfb74a723f2b0cccc5","sha1":"6bfe4388ed55d1e29a6fb0dbc03ce4eca0d20add","sha256":"dc6470aad89afc04c094946d1d03c8ce24b080faaa60afb687daac16e9e5f97c","sha512":"49c909c7124ba8bcb841606ee011f96651d6f50ca96f9d945e68806238e12074b92533e2b07c57d09bbb2b6549e5d52bedafe9928697b51aba5038b75b308769","ssdeep":"384:GsJEtHzJG+Lrf4bAya40FUoW7KtOisIvTFyeui1NhFBMBTExlRcvENs1mpCiA:GlD3f4bAyv0Fh5Z3uWnMlGlRcNmphA","tlshash":"e0b2e0b87a0eb43ce7fbb764f3830ed2aa250f352126d219667d63479543ec11931683","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.33191Z","times_seen":28,"resource_available":false,"data":null}},"time_used":1525,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1520,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:47 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24460\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-5f8c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24460,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24460, version 1.0","md5":"c30b62e1bcf75fdfb74a723f2b0cccc5","sha1":"6bfe4388ed55d1e29a6fb0dbc03ce4eca0d20add","sha256":"dc6470aad89afc04c094946d1d03c8ce24b080faaa60afb687daac16e9e5f97c","sha512":"49c909c7124ba8bcb841606ee011f96651d6f50ca96f9d945e68806238e12074b92533e2b07c57d09bbb2b6549e5d52bedafe9928697b51aba5038b75b308769","ssdeep":"384:GsJEtHzJG+Lrf4bAya40FUoW7KtOisIvTFyeui1NhFBMBTExlRcvENs1mpCiA:GlD3f4bAyv0Fh5Z3uWnMlGlRcNmphA","tlshash":"e0b2e0b87a0eb43ce7fbb764f3830ed2aa250f352126d219667d63479543ec11931683","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.33191Z","times_seen":28,"resource_available":false,"data":null}},"time_used":1303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1261,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T21:19:32.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /en/ HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: pll_language=en\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlink: \u003chttps://esimrev.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]}],"data":{"size":37486,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8832), with CRLF, LF line terminators","md5":"111ea0c78142d63bde34cb8dc1ab5456","sha1":"133105a74b3926b051a8f6035d30f93011e85347","sha256":"c0976f43a6edd65ee08558855557cc8ce300e0bb7e6d17bfde5cf8f80079b05c","sha512":"508e0ceba28834a3f2e166a293ac4865053e3d87569f4f9b682d80466b3fcf7f17ddb3d9647b7f74845477f6a6ed90d958036469a9b844c2f9fc818bab88bddd","ssdeep":"768:qXzYGwNLBZdypJjxcEjuwKUx1d/u83BpOLS63uSVPKK0pB47ludD:qXkGwNFyp/cE6wKUNu6WS63uSVPKK0pl","tlshash":"5df2d63295d900332a77c7ec89a0b319f889e156cf025e95b3fd668caf95db204d3a1c","first_seen":"2025-12-03T21:20:11.547398Z","last_seen":"2025-12-03T21:20:11.547398Z","times_seen":1,"resource_available":false,"data":null}},"time_used":737,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":737,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/base.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:38.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/base.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-50599\"\r\nexpires: Thu, 04 Dec 2025 09:19:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":329113,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (627), with CRLF line terminators","md5":"be036380d52ff937f5651aa5a8d8c314","sha1":"fbee817dc3d510fb14bff69b67ec12821ae160d7","sha256":"24c3a0d2cff35eec128ebcd37224bfe82f41d4a7aa7fa775f3d6a5f93d0e1341","sha512":"7f5d14312ee815a25cc7fa88da4b3aea8b3fba04e86fbc4fac2829efec7d339c610f62dae0e88ff472bb745f8596ae6d2386ba35c1d09b9029c55997c9cfa76c","ssdeep":"6144:5w1ERP86ISrdfuk2ArHAREMHAEGA1/AisRn3UnDljP9XXHKOq/fi5ouXO5F:i1ERP86ISrdfuk/rHjMHlGO/hJjP9K/","tlshash":"ad64fa2292502118712beaa6f5fba7997e3f8112f20307f9f5d17558c7ce8ba107274b","first_seen":"2025-05-11T17:32:58.478094Z","last_seen":"2026-02-14T20:56:45.264479Z","times_seen":27,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 02:26:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69290846-10d14\"\r\nexpires: Thu, 04 Dec 2025 09:19:43 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68884,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":560,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T21:19:46.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /en/?s=\u0026cat= HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlink: \u003chttps://esimrev.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39964,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8832), with CRLF, LF line terminators","md5":"67c051f3e7b3e275dac6e230dc7c2944","sha1":"7a3e6648285376d6b35cb024c410412351dfc7eb","sha256":"35afc57506f3b8c9229f75c8667d8d3b3605882a9a6b8ec5e224b5e3598fdd18","sha512":"f03f907cebf78f3520671937d52cd82517ab50d1355d2afd06b47ce784917cf5a3e392e8562a14abbc6c2cf5421e1ac4d59692cf76714204e10f1579c0b8183f","ssdeep":"768:MXzYGwNLBZdypJ/tmkgcEjuwKUx1dQu83BpO9hS63uSVPKK0pB47ludD:MXkGwNFyp2cE6wKUqu6CS63uSVPKK0pl","tlshash":"ad03e83295da00332a77c7ec8aa0b309f986e156cf024e9573fd569caf95db204d7a0d","first_seen":"2025-12-03T21:20:11.542145Z","last_seen":"2025-12-03T21:20:11.542145Z","times_seen":1,"resource_available":false,"data":null}},"time_used":720,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":720,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/en/?s=\u0026cat=","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T21:19:41.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /en/?s=\u0026cat= HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlink: \u003chttps://esimrev.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39964,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8832), with CRLF, LF line terminators","md5":"67c051f3e7b3e275dac6e230dc7c2944","sha1":"7a3e6648285376d6b35cb024c410412351dfc7eb","sha256":"35afc57506f3b8c9229f75c8667d8d3b3605882a9a6b8ec5e224b5e3598fdd18","sha512":"f03f907cebf78f3520671937d52cd82517ab50d1355d2afd06b47ce784917cf5a3e392e8562a14abbc6c2cf5421e1ac4d59692cf76714204e10f1579c0b8183f","ssdeep":"768:MXzYGwNLBZdypJ/tmkgcEjuwKUx1dQu83BpO9hS63uSVPKK0pB47ludD:MXkGwNFyp2cE6wKUqu6CS63uSVPKK0pl","tlshash":"ad03e83295da00332a77c7ec8aa0b309f986e156cf024e9573fd569caf95db204d7a0d","first_seen":"2025-12-03T21:20:11.542145Z","last_seen":"2025-12-03T21:20:11.542145Z","times_seen":1,"resource_available":false,"data":null}},"time_used":735,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":735,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:42.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 08 Jun 2023 21:49:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64824ce4-3509\"\r\nexpires: Thu, 04 Dec 2025 09:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"resource_available":true,"data":null}},"time_used":771,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":771,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:42.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/base.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-1ea74\"\r\nexpires: Thu, 04 Dec 2025 09:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":125556,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"resource_available":true,"data":null}},"time_used":1025,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1025,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:47 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 12:53:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6c53-2195b\"\r\nexpires: Fri, 02 Jan 2026 21:19:47 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":137563,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x737, components 3","md5":"d1bb6cf471e662c505e5953f02fb30b6","sha1":"ef99666b8208868e45d54df65364c203dfd8bf9a","sha256":"cb91afc03536e2a035c5f8b321811fb63062943b3f2cf47b126ccf845632cbec","sha512":"d0c56da77b4f7a34737fd1b4395a7291e491430d23a83d60c28af6a38f0daf63aa5aa9fe07dc70fb37b975af05811cdeae14308d22f00ce4258ffb1b475c5e6d","ssdeep":"3072:cT3xjXSMDeZ3WG7jiNkqGRzviVZQVZ2KxVznG0r3j3UNRZXV:cT3RXSWY7jiqqGRzviVZGZx7zn13ul","tlshash":"19d3d04b6d1990e3f00ca79efe622d6c3d3e9754f98239fa54102ccc7be85434d8956a","first_seen":"2025-12-03T21:20:11.517139Z","last_seen":"2025-12-03T21:20:11.517139Z","times_seen":1,"resource_available":false,"data":null}},"time_used":971,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":971,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 02 Dec 2025 06:39:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692e89a9-9d8a\"\r\nexpires: Fri, 02 Jan 2026 21:19:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40330,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 844x678, components 3","md5":"bd6a47982ad65c98056e9ff9fdf35125","sha1":"5b827f6d4dd683c822c522a5ffc82dec874d5a51","sha256":"8661af54c2227a7661022222246666dc07baf39f03452951bdc04c3812dd6f10","sha512":"6fb5a636df84b30ef58fbac44557012d8a618b531cd0784cdf9f35b1b1693642a6a4595d1a12d128e4379db9f60ed7210e247376b5cc81aa5a65cdd10308e28e","ssdeep":"768:X5////1X1ERMD0diNuVEuEvy0FxEaDcvAjIL2q9Jluly7m+ANgT:XDLImfE0Z6JlaHBm","tlshash":"c4037c23894949d5646d4ee2ad038dacaeb60f0df98a6ff707938f4dfad11430d2846d","first_seen":"2025-12-03T21:20:11.540613Z","last_seen":"2025-12-03T21:20:11.540613Z","times_seen":1,"resource_available":false,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":417,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 02:26:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69290846-10d14\"\r\nexpires: Thu, 04 Dec 2025 09:19:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68884,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"resource_available":true,"data":null}},"time_used":559,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":559,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/img/avatar.png","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:51.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/img/avatar.png HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 706\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-2c2\"\r\nexpires: Fri, 02 Jan 2026 21:19:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit grayscale, non-interlaced","md5":"1a79b1429cf019111f2cb2c928cc7748","sha1":"f9976bef841ee213c68e18e1d6f939930bbf262e","sha256":"1074b9c2a5d909a661a99f6edecb6bca1a8d267c9f9415ac7c615c47d1987b01","sha512":"cc6782cddcc2bdf0abf94672da0b578b1a74a6dc0ec7587139eabe46e4b0bc3dcf5338a964f1d1395878e9da5147393e0ebee50ea2e5e25175e9ee9ea6e7009e","ssdeep":"","tlshash":"e00144aaae1782a6efb2c732462f41a1de6cb2759044545252c80307cabd2395d89b61","first_seen":"2023-12-03T08:43:46Z","last_seen":"2026-03-01T08:46:04.442347Z","times_seen":19,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:38.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 28 Aug 2023 09:14:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64ec6570-15601\"\r\nexpires: Thu, 04 Dec 2025 09:19:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"resource_available":true,"data":null}},"time_used":517,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":517,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:38.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/base.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-1ea74\"\r\nexpires: Thu, 04 Dec 2025 09:19:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":125556,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":773,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:48 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 02:26:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69290846-10d14\"\r\nexpires: Thu, 04 Dec 2025 09:19:48 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68884,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":560,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 28 Aug 2023 09:14:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64ec6570-15601\"\r\nexpires: Thu, 04 Dec 2025 09:19:33 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":773,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 08 Jun 2023 21:49:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64824ce4-3509\"\r\nexpires: Thu, 04 Dec 2025 09:19:33 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"resource_available":true,"data":null}},"time_used":1284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/fonts.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-445e\"\r\nexpires: Thu, 04 Dec 2025 09:19:33 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17502,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8453), with CRLF line terminators","md5":"f914eae25c04c912c27b7398d0224023","sha1":"03a0fa2bb2ed3417ebc28100b54b75d1220b9664","sha256":"3a23649321e271bb4caf3113b9ef4dbd245636fe271b3c98ccb72fe7bf40a6e6","sha512":"5840aa8a5c70f02fe19a6a449171f57ec5803b486263564703c51d43570233897443ec2b11c45a3f140c97c0c9913fba25d41909d9495726b30c48b88bee07b8","ssdeep":"192:5pxqw+yoNkyC17gWrdMeKDQjPJJeLBDo+:powMTErM5o+","tlshash":"647211e6d24e20da3732ce43a349f35a9c95f922e9e28c9af00f551c1ef1615d2c5b78","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.255311Z","times_seen":27,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:42.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 28 Aug 2023 09:14:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64ec6570-15601\"\r\nexpires: Thu, 04 Dec 2025 09:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"resource_available":true,"data":null}},"time_used":769,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":769,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:50.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 08 Jun 2023 21:49:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64824ce4-3509\"\r\nexpires: Thu, 04 Dec 2025 09:19:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"resource_available":true,"data":null}},"time_used":771,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":771,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:46.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 08 Jun 2023 21:49:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64824ce4-3509\"\r\nexpires: Thu, 04 Dec 2025 09:19:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-03T19:30:20.082588Z","times_seen":637330,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":773,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/img/avatar.png","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/img/avatar.png HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: image/png\r\ncontent-length: 706\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-2c2\"\r\nexpires: Fri, 02 Jan 2026 21:19:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit grayscale, non-interlaced","md5":"1a79b1429cf019111f2cb2c928cc7748","sha1":"f9976bef841ee213c68e18e1d6f939930bbf262e","sha256":"1074b9c2a5d909a661a99f6edecb6bca1a8d267c9f9415ac7c615c47d1987b01","sha512":"cc6782cddcc2bdf0abf94672da0b578b1a74a6dc0ec7587139eabe46e4b0bc3dcf5338a964f1d1395878e9da5147393e0ebee50ea2e5e25175e9ee9ea6e7009e","ssdeep":"","tlshash":"e00144aaae1782a6efb2c732462f41a1de6cb2759044545252c80307cabd2395d89b61","first_seen":"2023-12-03T08:43:46Z","last_seen":"2026-03-01T08:46:04.442347Z","times_seen":19,"resource_available":false,"data":null}},"time_used":2309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1283,"receive":1026,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.js","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:35.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 28 Nov 2025 02:26:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69290846-10d14\"\r\nexpires: Thu, 04 Dec 2025 09:19:37 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68884,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"71862705237d9630909951b908710624","sha1":"15c852a7bad91acbd420946dcc9c13d6f5e0482b","sha256":"1326914b9f2b647642bc23855794219f306858f5f9f349d5e7e17624ed4ea72d","sha512":"3885d18266c495ed3ea088bceebb598418b2988d79dc5b77922054eaa6071d644b73f57c7d34d6ed31788c00fd2a272876c5605b6bd0263337770427ec28f3c5","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFqa:AT+Z2fuqXYy1PGJ9dm","tlshash":"e963d8ce72c2753a5bcb7075a43f114ab27a9caa1448c4b4e22ac4f6383491d657bf7c","first_seen":"2025-10-11T19:30:21.143914Z","last_seen":"2026-03-31T22:44:14.762068Z","times_seen":16,"resource_available":true,"data":null}},"time_used":2677,"timings":{"blocked":1198,"dns":634,"connect":279,"send":0,"wait":279,"receive":0,"ssl":284},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-20_21.39.49-654x1024.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 20 Nov 2025 13:47:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f1bee-130f8\"\r\nexpires: Fri, 02 Jan 2026 21:19:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78072,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 654x1024, components 3","md5":"81b0177d23f925212eec877bc0cd0787","sha1":"ed6de2c9ebcb3a4b8bd873ca5f70c1a33dffe9c1","sha256":"9d0768896423f2422e3e945c7da391b20a456296cb0ce19f601f2246dee506b0","sha512":"d3ab1774c1ebe645efb19a5a650472b91363b7a5710a460e0c14630dc06516f15f8c1b604f1f66c4927cd91dd21909b4d6909d86f5525e54297a3032231649b7","ssdeep":"1536:ewEBlMIpMkTEu+TdOf1iaui+Cce2ozNaZXLsYCxmUmunbeUqQKlkM:DE9CucGwJCxxmKLtKlkM","tlshash":"0573e117bd050973a50ad3a72cd61d1d18aa978876c3a6ee47b78cc07f163468e4f0fa","first_seen":"2025-12-03T21:20:11.52632Z","last_seen":"2025-12-03T21:20:11.52632Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:46.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/lib.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-39607\"\r\nexpires: Thu, 04 Dec 2025 09:19:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":235015,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24811), with CRLF line terminators","md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"resource_available":true,"data":null}},"time_used":772,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":772,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:51.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:51 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 02 Dec 2025 06:39:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692e89a9-9d8a\"\r\nexpires: Fri, 02 Jan 2026 21:19:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40330,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 844x678, components 3","md5":"bd6a47982ad65c98056e9ff9fdf35125","sha1":"5b827f6d4dd683c822c522a5ffc82dec874d5a51","sha256":"8661af54c2227a7661022222246666dc07baf39f03452951bdc04c3812dd6f10","sha512":"6fb5a636df84b30ef58fbac44557012d8a618b531cd0784cdf9f35b1b1693642a6a4595d1a12d128e4379db9f60ed7210e247376b5cc81aa5a65cdd10308e28e","ssdeep":"768:X5////1X1ERMD0diNuVEuEvy0FxEaDcvAjIL2q9Jluly7m+ANgT:XDLImfE0Z6JlaHBm","tlshash":"c4037c23894949d5646d4ee2ad038dacaeb60f0df98a6ff707938f4dfad11430d2846d","first_seen":"2025-12-03T21:20:11.540613Z","last_seen":"2025-12-03T21:20:11.540613Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 02 Dec 2025 06:39:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692e89a9-9d8a\"\r\nexpires: Fri, 02 Jan 2026 21:19:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40330,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 844x678, components 3","md5":"bd6a47982ad65c98056e9ff9fdf35125","sha1":"5b827f6d4dd683c822c522a5ffc82dec874d5a51","sha256":"8661af54c2227a7661022222246666dc07baf39f03452951bdc04c3812dd6f10","sha512":"6fb5a636df84b30ef58fbac44557012d8a618b531cd0784cdf9f35b1b1693642a6a4595d1a12d128e4379db9f60ed7210e247376b5cc81aa5a65cdd10308e28e","ssdeep":"768:X5////1X1ERMD0diNuVEuEvy0FxEaDcvAjIL2q9Jluly7m+ANgT:XDLImfE0Z6JlaHBm","tlshash":"c4037c23894949d5646d4ee2ad038dacaeb60f0df98a6ff707938f4dfad11430d2846d","first_seen":"2025-12-03T21:20:11.540613Z","last_seen":"2025-12-03T21:20:11.540613Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/base.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:50.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/base.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-50599\"\r\nexpires: Thu, 04 Dec 2025 09:19:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329113,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (627), with CRLF line terminators","md5":"be036380d52ff937f5651aa5a8d8c314","sha1":"fbee817dc3d510fb14bff69b67ec12821ae160d7","sha256":"24c3a0d2cff35eec128ebcd37224bfe82f41d4a7aa7fa775f3d6a5f93d0e1341","sha512":"7f5d14312ee815a25cc7fa88da4b3aea8b3fba04e86fbc4fac2829efec7d339c610f62dae0e88ff472bb745f8596ae6d2386ba35c1d09b9029c55997c9cfa76c","ssdeep":"6144:5w1ERP86ISrdfuk2ArHAREMHAEGA1/AisRn3UnDljP9XXHKOq/fi5ouXO5F:i1ERP86ISrdfuk/rHjMHlGO/hJjP9K/","tlshash":"ad64fa2292502118712beaa6f5fba7997e3f8112f20307f9f5d17558c7ce8ba107274b","first_seen":"2025-05-11T17:32:58.478094Z","last_seen":"2026-02-14T20:56:45.264479Z","times_seen":27,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-02_12.01.11.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 02 Dec 2025 06:39:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692e89a9-9d8a\"\r\nexpires: Fri, 02 Jan 2026 21:19:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40330,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 844x678, components 3","md5":"bd6a47982ad65c98056e9ff9fdf35125","sha1":"5b827f6d4dd683c822c522a5ffc82dec874d5a51","sha256":"8661af54c2227a7661022222246666dc07baf39f03452951bdc04c3812dd6f10","sha512":"6fb5a636df84b30ef58fbac44557012d8a618b531cd0784cdf9f35b1b1693642a6a4595d1a12d128e4379db9f60ed7210e247376b5cc81aa5a65cdd10308e28e","ssdeep":"768:X5////1X1ERMD0diNuVEuEvy0FxEaDcvAjIL2q9Jluly7m+ANgT:XDLImfE0Z6JlaHBm","tlshash":"c4037c23894949d5646d4ee2ad038dacaeb60f0df98a6ff707938f4dfad11430d2846d","first_seen":"2025-12-03T21:20:11.540613Z","last_seen":"2025-12-03T21:20:11.540613Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:46.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 28 Aug 2023 09:14:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64ec6570-15601\"\r\nexpires: Thu, 04 Dec 2025 09:19:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T19:30:20.096582Z","times_seen":683705,"resource_available":true,"data":null}},"time_used":770,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":770,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:47 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 01 Dec 2025 13:31:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692d98ae-10c3f\"\r\nexpires: Fri, 02 Jan 2026 21:19:47 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68671,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1062x760, components 3","md5":"ee5aff3c50e90d0c75ced1ad57212071","sha1":"450c3829b816cc63a4f6ce961a7775160fe5b0e2","sha256":"a3e92e71c9a926e497c27842bf859054940c1c1776d2d4f94b5960b88b13e1e4","sha512":"fd833e75c312f95cc0ef3d29d852f45bb22e2576fcb1c38918594cfb7269cd79bfa874da0a4ce3c3b8e44c83aae7c0d096f0f70530fe21102186b223fb71b162","ssdeep":"768:xpEkYycfbbbbbbbbbbbbJ3fQwFOPxC5Hp+wUSHaktnkgtnPMEshAAEPXxwGDNzWv:xpEkYNQwE0+DYM7ANGMO9Cj/g","tlshash":"e76328576525dbc3c4bd87f0be131eac8b0b5b58a88265eb00360f9f7e281635cc961e","first_seen":"2025-12-03T21:20:11.532611Z","last_seen":"2025-12-03T21:20:11.532611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/base.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/base.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-1ea74\"\r\nexpires: Thu, 04 Dec 2025 09:19:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":125556,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"ca267b76d0bb5d354cf4a7e3c85d96b5","sha1":"7c38df9c6d3c604c04a5ddc5f9070037b87aa75d","sha256":"036533cd0ea9228b7f22f778215a34505c54a8af666810cb92aea1a61ce2885a","sha512":"097e5e4ffead283ead4ab2d6fb0e01522e4cb9477dba3c26b0f6117efc378b2416118c27e2fb670530d9d3f92c6e187d87239f06c5107898b6dfac993da51f2e","ssdeep":"1536:xFaw8ThLRuVWYZFgG4444P4444B4444s444454444OF4444C4444G444484444IC:reLqZFZNnXuZ","tlshash":"70c3c695b34c15eda4f22214e97f5218fc3ed23ba101527cfa9e60643fb4554a3a0ebe","first_seen":"2024-08-20T03:24:44Z","last_seen":"2026-02-14T20:56:45.319538Z","times_seen":30,"resource_available":true,"data":null}},"time_used":1534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24460\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-5f8c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24460,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24460, version 1.0","md5":"c30b62e1bcf75fdfb74a723f2b0cccc5","sha1":"6bfe4388ed55d1e29a6fb0dbc03ce4eca0d20add","sha256":"dc6470aad89afc04c094946d1d03c8ce24b080faaa60afb687daac16e9e5f97c","sha512":"49c909c7124ba8bcb841606ee011f96651d6f50ca96f9d945e68806238e12074b92533e2b07c57d09bbb2b6549e5d52bedafe9928697b51aba5038b75b308769","ssdeep":"384:GsJEtHzJG+Lrf4bAya40FUoW7KtOisIvTFyeui1NhFBMBTExlRcvENs1mpCiA:GlD3f4bAyv0Fh5Z3uWnMlGlRcNmphA","tlshash":"e0b2e0b87a0eb43ce7fbb764f3830ed2aa250f352126d219667d63479543ec11931683","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.33191Z","times_seen":28,"resource_available":false,"data":null}},"time_used":1422,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1421,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:41.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/cropped-iShot_2025-11-13_20.48.56-192x192.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:41 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 13 Nov 2025 12:49:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6915d3dd-2027\"\r\nexpires: Fri, 02 Jan 2026 21:19:41 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8231,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 192x192, components 3","md5":"88e7b4ea4754fab47f142b144052a9c1","sha1":"0109096511008cd9deb30564b95bb704796f0267","sha256":"611d391156d340240e5c73c7a7ecda254a2aedfbe957e08be898a4b302b52fbb","sha512":"535ccef9fa0be19a16b5ab338b377d59a21963f82810bd113013f0472bd0580a4c62d4fd396dd01fdf40bcef560122bb12b763b6636c9190bad25fd300c86eaa","ssdeep":"192:/PlW/LcdWlQr/jSbTLcA8gSPeZje1G1egSe9bNZDkI:3lxWlysT3SPepZgAbNZDkI","tlshash":"4d02b0a53e94a8408d060e77592ec3a7c6a66605610fe71abf70c580ff80fdd7848c9e","first_seen":"2025-12-03T21:20:11.518234Z","last_seen":"2025-12-03T21:20:11.518234Z","times_seen":1,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/css/base.css?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:42.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/css/base.css?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-50599\"\r\nexpires: Thu, 04 Dec 2025 09:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329113,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (627), with CRLF line terminators","md5":"be036380d52ff937f5651aa5a8d8c314","sha1":"fbee817dc3d510fb14bff69b67ec12821ae160d7","sha256":"24c3a0d2cff35eec128ebcd37224bfe82f41d4a7aa7fa775f3d6a5f93d0e1341","sha512":"7f5d14312ee815a25cc7fa88da4b3aea8b3fba04e86fbc4fac2829efec7d339c610f62dae0e88ff472bb745f8596ae6d2386ba35c1d09b9029c55997c9cfa76c","ssdeep":"6144:5w1ERP86ISrdfuk2ArHAREMHAEGA1/AisRn3UnDljP9XXHKOq/fi5ouXO5F:i1ERP86ISrdfuk/rHjMHlGO/hJjP9K/","tlshash":"ad64fa2292502118712beaa6f5fba7997e3f8112f20307f9f5d17558c7ce8ba107274b","first_seen":"2025-05-11T17:32:58.478094Z","last_seen":"2026-02-14T20:56:45.264479Z","times_seen":27,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:33 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 12:53:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6c53-2195b\"\r\nexpires: Fri, 02 Jan 2026 21:19:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":137563,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x737, components 3","md5":"d1bb6cf471e662c505e5953f02fb30b6","sha1":"ef99666b8208868e45d54df65364c203dfd8bf9a","sha256":"cb91afc03536e2a035c5f8b321811fb63062943b3f2cf47b126ccf845632cbec","sha512":"d0c56da77b4f7a34737fd1b4395a7291e491430d23a83d60c28af6a38f0daf63aa5aa9fe07dc70fb37b975af05811cdeae14308d22f00ce4258ffb1b475c5e6d","ssdeep":"3072:cT3xjXSMDeZ3WG7jiNkqGRzviVZQVZ2KxVznG0r3j3UNRZXV:cT3RXSWY7jiqqGRzviVZGZx7zn13ul","tlshash":"19d3d04b6d1990e3f00ca79efe622d6c3d3e9754f98239fa54102ccc7be85434d8956a","first_seen":"2025-12-03T21:20:11.517139Z","last_seen":"2025-12-03T21:20:11.517139Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1535,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1535,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:35.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/fonts/iconfont.woff2?t=1708144889283 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/wp-content/themes/modown/static/css/fonts.css?ver=9.4\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24460\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-5f8c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24460,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24460, version 1.0","md5":"c30b62e1bcf75fdfb74a723f2b0cccc5","sha1":"6bfe4388ed55d1e29a6fb0dbc03ce4eca0d20add","sha256":"dc6470aad89afc04c094946d1d03c8ce24b080faaa60afb687daac16e9e5f97c","sha512":"49c909c7124ba8bcb841606ee011f96651d6f50ca96f9d945e68806238e12074b92533e2b07c57d09bbb2b6549e5d52bedafe9928697b51aba5038b75b308769","ssdeep":"384:GsJEtHzJG+Lrf4bAya40FUoW7KtOisIvTFyeui1NhFBMBTExlRcvENs1mpCiA:GlD3f4bAyv0Fh5Z3uWnMlGlRcNmphA","tlshash":"e0b2e0b87a0eb43ce7fbb764f3830ed2aa250f352126d219667d63479543ec11931683","first_seen":"2024-06-29T08:44:50Z","last_seen":"2026-02-14T20:56:45.33191Z","times_seen":28,"resource_available":false,"data":null}},"time_used":1480,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1479,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_20.45.39-1024x737.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 12:53:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6c53-2195b\"\r\nexpires: Fri, 02 Jan 2026 21:19:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":137563,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x737, components 3","md5":"d1bb6cf471e662c505e5953f02fb30b6","sha1":"ef99666b8208868e45d54df65364c203dfd8bf9a","sha256":"cb91afc03536e2a035c5f8b321811fb63062943b3f2cf47b126ccf845632cbec","sha512":"d0c56da77b4f7a34737fd1b4395a7291e491430d23a83d60c28af6a38f0daf63aa5aa9fe07dc70fb37b975af05811cdeae14308d22f00ce4258ffb1b475c5e6d","ssdeep":"3072:cT3xjXSMDeZ3WG7jiNkqGRzviVZQVZ2KxVznG0r3j3UNRZXV:cT3RXSWY7jiqqGRzviVZGZx7zn13ul","tlshash":"19d3d04b6d1990e3f00ca79efe622d6c3d3e9754f98239fa54102ccc7be85434d8956a","first_seen":"2025-12-03T21:20:11.517139Z","last_seen":"2025-12-03T21:20:11.517139Z","times_seen":1,"resource_available":false,"data":null}},"time_used":922,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":922,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:46.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/plugins/erphpdown/static/erphpdown.js?ver=17.3 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 09:39:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911b2b6-1245c\"\r\nexpires: Thu, 04 Dec 2025 09:19:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74844,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21455), with CRLF line terminators","md5":"d28f108d9c36365853d04a9958903914","sha1":"a3f14b77fa64582b4a1098ba5de0e48672623755","sha256":"eaf16847be1b86b1078d5fafb53f83c8f32762a563ba7826e6ce56c364fb2f95","sha512":"c6958929c102e0240e97d8c017c2a5df32107967d8a2886640a2371f14ac5f4f000eb18bab281ee524bceb164e58a72b7c9cb606da43abadf9f2aa5156dbb808","ssdeep":"768:50iV3i+WtXItqF13kJn99Xxm3yvMQt+9LJ37wgDQsq0QeoiI51B6w1wZ+:5TVyRtXp/3wrXxm3lHIEw1p","tlshash":"0c73e648b388347a70b371a6d43f4a0af5b25517a6058624b93d90e83f78dac9163f7f","first_seen":"2024-08-20T03:24:43Z","last_seen":"2026-01-19T07:29:51.224532Z","times_seen":30,"resource_available":true,"data":null}},"time_used":772,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":772,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/img/avatar.png","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:47.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/img/avatar.png HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 706\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\netag: \"6911a940-2c2\"\r\nexpires: Fri, 02 Jan 2026 21:19:47 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit grayscale, non-interlaced","md5":"1a79b1429cf019111f2cb2c928cc7748","sha1":"f9976bef841ee213c68e18e1d6f939930bbf262e","sha256":"1074b9c2a5d909a661a99f6edecb6bca1a8d267c9f9415ac7c615c47d1987b01","sha512":"cc6782cddcc2bdf0abf94672da0b578b1a74a6dc0ec7587139eabe46e4b0bc3dcf5338a964f1d1395878e9da5147393e0ebee50ea2e5e25175e9ee9ea6e7009e","ssdeep":"","tlshash":"e00144aaae1782a6efb2c732462f41a1de6cb2759044545252c80307cabd2395d89b61","first_seen":"2023-12-03T08:43:46Z","last_seen":"2026-03-01T08:46:04.442347Z","times_seen":19,"resource_available":false,"data":null}},"time_used":463,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":461,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.zcot.cn/matomo.php?action_name=-%20Search%20Results%20-%20eSIMREV\u0026idsite=13\u0026rec=1\u0026r=053087\u0026h=21\u0026m=19\u0026s=48\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026urlref=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026_id=d7a7630d99253a08\u0026_idn=0\u0026send_image=0\u0026_refts=0\u0026pv_id=F0M5bX\u0026pf_net=0\u0026pf_srv=720\u0026pf_tfr=1\u0026pf_dm1=1164\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"tj.zcot.cn","domain":"zcot.cn","tld":"cn"},"ip":{"addr":"106.54.231.223","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:48.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tj.zcot.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 12:33:47 GMT","end":"Wed, 28 Jan 2026 12:33:46 GMT"},"fingerprint":{"sha1":"95:72:68:1B:92:48:FE:FE:92:C5:70:2F:BC:24:B3:81:69:BF:F6:FA","sha256":"B9:14:41:2B:FE:E2:BB:47:9A:50:83:77:0D:26:D8:A3:A4:21:D1:51:12:BE:BA:68:57:1A:0D:D3:55:49:19:B7"}}},"request":{"raw":"POST /matomo.php?action_name=-%20Search%20Results%20-%20eSIMREV\u0026idsite=13\u0026rec=1\u0026r=053087\u0026h=21\u0026m=19\u0026s=48\u0026url=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026urlref=https%3A%2F%2Fesimrev.com%2Fen%2F%3Fs%3D%26cat%3D\u0026_id=d7a7630d99253a08\u0026_idn=0\u0026send_image=0\u0026_refts=0\u0026pv_id=F0M5bX\u0026pf_net=0\u0026pf_srv=720\u0026pf_tfr=1\u0026pf_dm1=1164\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: tj.zcot.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://esimrev.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:48 GMT\r\naccess-control-allow-origin: https://esimrev.com\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":531,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":530,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/themes/modown/static/js/lib.js?ver=9.4","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://esimrev.com/en/","date":"2025-12-03T21:19:33.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/themes/modown/static/js/lib.js?ver=9.4 HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/\r\nCookie: pll_language=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 10 Nov 2025 08:58:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6911a940-39607\"\r\nexpires: Thu, 04 Dec 2025 09:19:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":235015,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24811), with CRLF line terminators","md5":"c7bf24a980380a5fb9eb9430cdf139e6","sha1":"27f5393f591342766d5835d53e0e023b8a872a2b","sha256":"e4a8158b02d7d2ab5ccce1dd1b95f90ebaae1a78ef4125f1834714bd763cf3c9","sha512":"49c33b95eff435bfb7b9f9a22deac3ee611ae6d23683c04d332b3686e9443d902b49dc3161ecbb5095bc83a15976f5a9370263b2a22e88165cdd22295eb7856e","ssdeep":"3072:Y5+1PIVwwF+vKyuCZ+6im3MlGGfsJdNYqOXXZ4A6r0b:Y5+1awwF+vLv+6bg0vNYqep4nrK","tlshash":"03343bc933517021819765e6547f02077237e8bab409892cf658c8ee3e7ce8961bbf79","first_seen":"2023-06-19T14:33:38Z","last_seen":"2026-04-01T15:14:25.067517Z","times_seen":632,"resource_available":true,"data":null}},"time_used":1534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:39.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/iShot_2025-12-01_20.44.33.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:39 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 01 Dec 2025 13:31:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692d98ae-10c3f\"\r\nexpires: Fri, 02 Jan 2026 21:19:39 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68671,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1062x760, components 3","md5":"ee5aff3c50e90d0c75ced1ad57212071","sha1":"450c3829b816cc63a4f6ce961a7775160fe5b0e2","sha256":"a3e92e71c9a926e497c27842bf859054940c1c1776d2d4f94b5960b88b13e1e4","sha512":"fd833e75c312f95cc0ef3d29d852f45bb22e2576fcb1c38918594cfb7269cd79bfa874da0a4ce3c3b8e44c83aae7c0d096f0f70530fe21102186b223fb71b162","ssdeep":"768:xpEkYycfbbbbbbbbbbbbJ3fQwFOPxC5Hp+wUSHaktnkgtnPMEshAAEPXxwGDNzWv:xpEkYNQwE0+DYM7ANGMO9Cj/g","tlshash":"e76328576525dbc3c4bd87f0be131eac8b0b5b58a88265eb00360f9f7e281635cc961e","first_seen":"2025-12-03T21:20:11.532611Z","last_seen":"2025-12-03T21:20:11.532611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":410,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"esimrev.com/wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg","fqdn":"esimrev.com","domain":"esimrev.com","tld":"com"},"ip":{"addr":"106.53.71.14","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://esimrev.com/en/?s=\u0026cat=","date":"2025-12-03T21:19:43.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esimrev.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 05:35:38 GMT","end":"Sun, 15 Feb 2026 05:35:37 GMT"},"fingerprint":{"sha1":"9D:96:D6:43:93:AD:7B:33:B6:AF:BC:A3:93:A9:DE:B5:25:1C:00:37","sha256":"0A:03:76:77:32:62:E7:2D:D4:6E:74:AA:77:94:43:83:8B:62:E0:33:15:30:FD:8E:11:06:04:C5:B3:88:A8:DC"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/iShot_2025-11-18_21.06.56-1024x683.jpg HTTP/1.1\r\nHost: esimrev.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://esimrev.com/en/?s=\u0026cat=\r\nCookie: pll_language=en; _pk_id.13.76c3=d7a7630d99253a08.1764796778.; _pk_ses.13.76c3=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 21:19:43 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 18 Nov 2025 13:07:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691c6f8b-22676\"\r\nexpires: Fri, 02 Jan 2026 21:19:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140918,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90\", baseline, precision 8, 1024x683, components 3","md5":"368c962fb4fb0bbb91cce6d2c4ab8b40","sha1":"f5951a9ebc48295165cb5662abb6982ad2bd2bef","sha256":"7181ec860d189fbb35d339f547822f37d9f903e47afaa235c0be954f1f0f5647","sha512":"35a936d4645deba881f65b08d5822fed3bb7f5ed65670f30ac0ca6c2a10134e88c1345efa5c4bae2e6d1a54f4fc362acb91aab43fa464ad7bef8c1b86918f0ca","ssdeep":"3072:UzItFvADRuLiUl/ZRXBEpzTeWOKUGNfJOPCoBzHA0rsdO7EFlsl14HRpHGiKSIg+:VveR0i4xEFtn7fJv+bJrscbl14RpHS6+","tlshash":"9fd3f1178d201bc3596c9ba5be132cac1b9aaf6d04856be841191edf3fc5311dcbb11e","first_seen":"2025-12-03T21:20:11.538312Z","last_seen":"2025-12-03T21:20:11.538312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":704,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":704,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"esimrev.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}