{"report_id":"9cc8698c-a675-4f7e-9879-7d7d81fe3d79","version":0,"status":"done","tags":[],"date":"2026-07-14T11:55:56Z","url":{"schema":"http","addr":"catcasinos31w.run","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":0,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"final":{"url":{"schema":"https","addr":"catcasinos31w.run/","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"title":"Cat Casino рабочее зеркало на сегодня, официальный сайт","dom":{"size":115465,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (54291)","md5":"2aad6446dacf34b0a8c33753be5aaf41","sha1":"be1a23f431194966e65172825e8dca0b2edf92e6","sha256":"6244b8c1fa20434d25e3cc80b41e4fcd521f34823314cd8eaf759bca2aed8f92","sha512":"2bef4208090eeecea810d401e5226f78e2aa945cb8ccad6988a520c9b92c53c2d67553a9f7af918fb1bb730e0eac761084cceaa91b1ed4959909f5837fc63687","ssdeep":"1536:DypNVhsHrRx7EfS7CjB0eY/HTN7YQJ+JDBp6DBDeDo9UDksy/h:uXV2HrRx7JtYQJ+Jlp61DeDTD/q","tlshash":"3eb3f9b0224991b71222e3e5c6217e29778654bfee4b6341c2fc9b9c9fd1ce8cce1641","dom_hash":"domhash5a3409bc25dacd18832d5e71bae122b9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"catcasinos31w.run","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":0,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-18T11:55:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-700.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-800.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-regular.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-500.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"catcasinos31w.run","ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-13T21:18:42.016139Z","last_seen":"2026-07-13T21:18:42.016139Z","alert_count":43,"request_count":39,"received_data":1256872,"sent_data":20979,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"W3 Total Cache","description":"W3 Total Cache (W3TC) improves the SEO and increases website performance and reducing load times by leveraging features like content delivery network (CDN) integration and the latest best practices.","website":"https://www.w3-edge.com/wordpress-plugins/w3-total-cache","common_platform_enumeration":"","icon":"W3 Total Cache.png","categories":["Caching","WordPress plugins"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"catcasinos31w.run/","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"introduction_type":"scriptElement","is_inline":true,"md5":"3cd8627224e4feddca8b18d60481c403","sha1":"4299424b2c41996dcedad9a9d15a43a76f27e88b","sha256":"146fe73a4dfef3e739a09891b8214f9400036edcc78ec29df2407f33157287a6","sha512":"5d1c47fc9d1d75a12054ee8d7021e469d901882ca15d7ded781e6209518e2550c6c09436a771eb0be0b68d7f9e76c3e65f0ff3a8e80fa30fdf2fe564c7839175","ssdeep":"","tlshash":"fdf0c0ebb6c030b3834a1166f53f2b3ad46b1ef24d2dd8488a10c5503164c2ac13aa9c","size":525,"data":"","first_seen":"2026-05-14T19:57:51.446424Z","last_seen":"2026-07-15T23:07:32.492473Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"introduction_type":"scriptElement","is_inline":true,"md5":"b26a11daf1eecc8a9f5307898e8d561c","sha1":"cf5d90e899411856fd6b60cb4359832cf9e665d3","sha256":"21485bfa75de07592d7b86f17ee589ca82caabf00b1a1df76bf8664fbe386d61","sha512":"7095e80878946c971ba662f4cc322a42d8430e7980ae7c613738491c8e3a0d6571620da2ae8b7735aaf6f5dff7dc61b2af7828473b86f2fd9fcd9444f9725559","ssdeep":"","tlshash":"f7f054993cdd40248373116137fbd148703a69292c0fed14f90cc4812f99ebc08bb90c","size":509,"data":"","first_seen":"2026-07-13T21:18:46.744564Z","last_seen":"2026-07-14T11:55:59.093766Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"introduction_type":"eventHandler","is_inline":false,"md5":"7c3c3ddeb80438dcbb3d081d2d00e152","sha1":"5a4016732ee72ec77b4f6ab17047bcea6d2ea34d","sha256":"321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187","sha512":"b252f7dc795284fe8ce404711809130d8e16670a8e49b271f9a24b04a542a0fccb7a8c7238c12b37db35fe73a2fbf1cdb374468574db4e6d39975a17dca547a3","ssdeep":"","tlshash":"de6000f0003000000003c30000330cf300000c0f00ccc30cfc0000c000c00000000c03","size":16,"data":"","first_seen":"2023-04-10T15:57:29Z","last_seen":"2026-07-16T10:58:30.802405Z","times_seen":333366,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/european_roulette1.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.862Z","timestamp":1784030128862,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/european_roulette1.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25632\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-6420\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25632,"size_decoded":27012,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"a4b8e4654639f48df8861601149cf759","sha1":"98571b7b51fe70f41a88b432201a4a25b951bcb1","sha256":"1f1cd45d5f300378d669ec54af08fd3c287c9d681e0091baf477d26f9e064fdd","sha512":"4e1cb3399ce54070887a4ff62ea947885db147d41f7c534bd81b8cd9e22e10559b1f3cd05c40edac9274dfcedf3f608f30337991e3dc08470323518ec325f798","ssdeep":"768:WHNk79jB8Qe4SloA9PmXdi81Fj3z0c9AOT:WtoNBk3JmtiMjTAOT","tlshash":"43b2e1eb3755e856c83f3ba24054c05ee645af16212f606cf9084a953f789fc3987a0e","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.047949Z","times_seen":28,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-regular.woff","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.906Z","timestamp":1784030128906,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-regular.woff HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 26184\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-6648\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26184,"size_decoded":27575,"mime_type":"application/font-woff","magic":"Web Open Font Format, CFF, length 26184, version 1.0","md5":"febd591dd63177e2bcf557f1e4e5f172","sha1":"7527aa20ece3e63273e2635e9cc7c65107bdfa62","sha256":"2ced9319751c73c428e310e540fea92feb4f0d5b0d2db2bb605195e4aed71ff4","sha512":"1351840622ce6cae91bca6383a0385e78b89190033eb6ba9169b6e9c7f99890ecd9eebe325a8509d930734109b8f301a7f51613753586c69f9edcb0f88939214","ssdeep":"768:uWn4u5nJA7c83AxXJmaPpADFp5L2lx4r4o8W0:um4qnJAZA1AN5Kx4rh8P","tlshash":"fbc2e1a177ae43c6b9db07fee1e746e19dd1aa61442bb4d032857205ec1e0cb396c151","first_seen":"2023-06-15T05:50:14Z","last_seen":"2026-07-16T04:25:14.175253Z","times_seen":192,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-500.woff","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.908Z","timestamp":1784030128908,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-500.woff HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 26480\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-6770\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26480,"size_decoded":27871,"mime_type":"application/font-woff","magic":"Web Open Font Format, CFF, length 26480, version 1.0","md5":"7bbe82d875721e81064c4822d31400da","sha1":"fbf507c6d27fe042b6c33536747c92fe5b248273","sha256":"8b0b9494487214fd57967322a85c43a0151d9e0e5981ffda7d43360d3c6b8763","sha512":"a8d8185c7f883940c7c68a17e4b0d1f745397b08bba1f9ad36ecac436fdbfb8f508a3468acc72401fccb9c9906c18f23ac71e4c641017e0228052476ecfefed4","ssdeep":"384:qZD1XwO648xdWxX4Czgxqtw5+CXkLQW8fbdjX3I24LmDrsgrx44heaCz5Oos/4MV:NF48x+MxCBn8fb1nIxmHhx4r4o8VTL","tlshash":"ecc2e19e9e2f7012716eca7a28fe1af14576e7b1a8f2a14433d4755088dd4e1b1cf2d0","first_seen":"2023-06-15T05:50:15Z","last_seen":"2026-07-16T04:25:14.151242Z","times_seen":68,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-700.woff2","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.512Z","timestamp":1784030128512,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-700.woff2 HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 52565\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-cd55\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52565,"size_decoded":53959,"mime_type":"application/octet-stream","magic":"PostScript Type 1 font program data (TTFirs-Bold 1.000)","md5":"ffd21235d302d8ac1f68315504636913","sha1":"1f4e9baa6992bc07030df88ab976dd03dbccf1e1","sha256":"efac70eaa0eb724be7958b3a6e4e8f9888723b5a48b5b85ef6aec291f8acfa86","sha512":"a4c5fbe8765b2a957820a443ea84168dc1252667b75af06e4817e275c5aedf551ea24d35ed00ee18268c93ca52838d320bc2488d0e88f6233cc17a554b90a059","ssdeep":"768:ear9z65szDMSFCzvqDkFwWZ9zDXRXYnd9BXgI69hfkowxz+q+FlKF/:hr9m5MDGhX/BIDdgI69iowxzh+FlK1","tlshash":"2133e142e9cfeb79da1b70cb60c6797c1b1ab0094de21c5ec5490cda5788564b2fc6a8","first_seen":"2023-06-15T05:50:15Z","last_seen":"2026-07-16T04:25:14.167145Z","times_seen":194,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-700.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/coins_of_fortune.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.532Z","timestamp":1784030128532,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/coins_of_fortune.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 33277\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-81fd\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33277,"size_decoded":34657,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"2b72ad39e75ac6515ed8aea572b74c1f","sha1":"fbddbf35769db339c3c8621e3286d083739ae22c","sha256":"cea4d67870b4803a28c09c52332a54a32cd1d4fba3264d1b6c38c40aeb3c7d24","sha512":"92a18f937b8f55cd36dc9bfe164c1e6edff3d911316a7d1d00b5e8dc5de968f102a937382bff8ef99a7b2a8b25f23281c13eec0bab37fae15b8a2360d30f0c61","ssdeep":"768:sae99++IPhC0GL7FbjanVkfzkZi7B9Hqmj1wF:sVFIPh7CynVt+/qmj1wF","tlshash":"8de2e1c9e52b65606321000de4edeb1adaf3752a3927da791c54528d3fa40ae6e1f3c4","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.054861Z","times_seen":28,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/european_roulette_sw.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.852Z","timestamp":1784030128852,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/european_roulette_sw.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25708\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-646c\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25708,"size_decoded":27088,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"e5837a73dd09329fceb28a7d0d0c3f03","sha1":"e724101a40de582c13ad9f1b1ef03bcb07ed5bfd","sha256":"caf324bc6f9d90d369049fc342213dd0962511298a7673fc0b5cd4d50666fe5f","sha512":"1fb7e2ac50097f1bce28d39c46cab0c42ffff181ac80ed8177a4d53f40e0f56f9859482947bf8355871bd3bbf9bcec3a700ec112a0cd25dc11551a2f42d88b4a","ssdeep":"768:AarD2gqGzG7eqVHU/qfvNTKap7G0W6wW1muz:NrJG79Vp9KUwumo","tlshash":"c2b2dfaa33cefd12d42bd67824dcc98c77e17a64f55b0e622924bee209121f16bc6174","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.055692Z","times_seen":28,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/minotaurus.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.528Z","timestamp":1784030128528,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/minotaurus.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26122\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-660a\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26122,"size_decoded":27502,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"845356adb4e292f472c06d1f5b529f62","sha1":"145407271c14989dc33364d10dbc568ff19572b9","sha256":"acdc38a3154d969ed6a0418e31c8bf2f536155515ea3d7492cc8001fdfc770af","sha512":"75f2daaf8e1f7ddc4ea2329bf8ff79e004deec2cf4d056a4a5da9d9cd2f1428e59277d08bc65890f34d99cfa65fc8b3ddd7c5cc9fe5eb69a23b4db3cb2258369","ssdeep":"768:hubRes+PONRGJFzdwg7/Cu18eatBBN4+tT:hubRes+uRShXojBN46","tlshash":"d5c2f111235db2aa9efa08f10f4c413964ecc24cd925ba7ae8f48ed36d2139a4cf50cd","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.056801Z","times_seen":28,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/triple_juicy_drops.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.846Z","timestamp":1784030128846,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/triple_juicy_drops.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 32921\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-8099\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32921,"size_decoded":34301,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"eb1e8995e809a0994871661ff8d4434d","sha1":"5da5361f08987bf260a14a9094222183a4e7b3c2","sha256":"3cbcea795833792efb961460f42233e73167f998f3d62b27d8e42eb72e90b2e4","sha512":"1594976d69ec2407491833312808113f9216741902e5e08286668ae1b6062f5cf50d6a57c5ba0313d99b6a00c8ddc6b1c9a06be34b126a3a8d98144f4485c9ee","ssdeep":"768:z8aEbn7NlQ2vVubOzr7LR+EgVNl2Zbof22BJKm:zZEb7NOGYbWr711yv2Zkf22/J","tlshash":"94e2f14a277babb8c4a4c473397264c0c8cacf22a6287b2e1eb05dd184536ee34dd751","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.058147Z","times_seen":28,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/p-center-banner-1.png","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.097Z","timestamp":1784030128097,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/p-center-banner-1.png HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/png\r\ncontent-length: 10435\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-28c3\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10435,"size_decoded":11814,"mime_type":"image/png","magic":"PNG image data, 268 x 260, 8-bit colormap, non-interlaced","md5":"bc4f0722bdf8498201e4e8c421e95a7a","sha1":"1ed3f2e63fedce22ee865cb20af1a235ebdccd0f","sha256":"b8dd2bd186881ba07c0cc28bc3a6c7fd5bd8bb2b117e025cc999838378a52963","sha512":"3fa6a90c1023c6bdb9dc1ac97c354b6ecaf8c2392827c93a4e8b7903fcaf53e198577a8e4942eef860f5ec9fe7d27235d8cc0b92228371d7ed0074ef32197c63","ssdeep":"192:ZXFHmzbGJYYAfhi/wp/zCMHLHIRt3GgYIWDMsAztVSGjCn:3AnXU/AOMzIKgYIWQs2tVlCn","tlshash":"9d22bfb36ebc0c42ea531b3970aa18904c36c3f40e616b8f5f67f89399467ed649d436","first_seen":"2024-05-26T17:26:05Z","last_seen":"2026-07-14T11:55:59.059082Z","times_seen":27,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/nolimitcity.svg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.533Z","timestamp":1784030128533,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/nolimitcity.svg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 9524\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-2534\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9524,"size_decoded":10906,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4258d11dfefb6da486e9eea713e1c42b","sha1":"099d0d054b3ef136edc4a04fc8a535f57d381bb1","sha256":"1ec0ade811c82ce0ca88be97d46a143e58f1e34d9503191adedb9b9eab17d2b8","sha512":"7cb757fcb380df13ede6240263cc9ec11c5540aba3f5cc9cd38bd32e701eea39f9822970d68fb25d6e3de0aa137492949bb6c7e9e5b7e6f8d35abefc8c80d746","ssdeep":"192:Jsxp8byY2FNO+7WYdJJdb1DjuohW8pA9X651CWXRpAHOdXbUL9:Js38mvuY9db1DjuohWOA9Xep/A5","tlshash":"6212b8d8737845d8b849f7d1bf5b04642d2b20fb6e79d66cc3a46d18ba16c9c4c98cc1","first_seen":"2025-06-26T01:16:27.95182Z","last_seen":"2026-07-14T11:55:59.059688Z","times_seen":133,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/p-right-banner-1.png","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.095Z","timestamp":1784030128095,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/p-right-banner-1.png HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/png\r\ncontent-length: 10283\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-282b\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10283,"size_decoded":11662,"mime_type":"image/png","magic":"PNG image data, 442 x 441, 8-bit colormap, non-interlaced","md5":"4fbac675f6dd996e8f4254c6a6206806","sha1":"64057b3091f23f471f0f7be657af6b4c417089d8","sha256":"6161308c89551b1a327b9663e99bbc2d837d3225f276bacc81be023c1b62da90","sha512":"fd86952657993d99a1e0a7adc92b4206c5e8f0e12c9067cebd8df11bf39298944dd7d02af84240598333b639f1b458b8017b8e0829f6e43d2add97595fdd7132","ssdeep":"192:0t7j3H+Wdo495AkJ6b8qtUcOg2pPHTA/6OPf6gSmGOMHAUBHCp:0dbH+Wd251tUDg29TACOPfC5pUp","tlshash":"de22afbba3df92a1fa26d65df7498af050540715db49e2e92cc7604337218e84b85618","first_seen":"2024-05-26T17:26:05Z","last_seen":"2026-07-14T11:55:59.061189Z","times_seen":27,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-800.woff2","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.509Z","timestamp":1784030128509,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-800.woff2 HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 59824\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-e9b0\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":59824,"size_decoded":61218,"mime_type":"application/octet-stream","magic":"PostScript Type 1 font program data (TTFirs-ExtraBold 001.001)","md5":"1e884d284686efd20aec8b08c8a9b783","sha1":"3eeeaa3f78c9957e176038f19463585dacfb519c","sha256":"441409c92a03006547d1d77946f066667490f82d1bcf7ff55a68160ff682df64","sha512":"98d94a353e94186c0b44da8a190fa6fd1891ec0f18768b3524777a895bebad4e9a6a6133d29d66bfba0e153064f363831d5a25a55dd1c8a340f61fd253a61268","ssdeep":"1536:KrZCGQX6lczyl4LF4xjyMh1xmGsYrIZDdcCKGqcYoF:gUGmmwkyMh1xudJd1KS","tlshash":"6843f1acd9cf57a1c52330e394c2b6b6231b39982ef75e42e6904f763548e2092fc578","first_seen":"2023-06-15T05:50:15Z","last_seen":"2026-07-16T04:25:14.174581Z","times_seen":178,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":111,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-800.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/gold_tiger_ascent.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.843Z","timestamp":1784030128843,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/gold_tiger_ascent.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 40461\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-9e0d\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40461,"size_decoded":41841,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"65a7ae49da0d1f1d1a39af1412117807","sha1":"d44a0994a5f0182b65d22807c36f6d2b9b6aa7e3","sha256":"f99b31a046fbc25484dcb3f1d5ae45695c262a53ff262b4d35aeb7d0bd7294f1","sha512":"7fe843d4cefa1d1cb92eb6958b73ff6708836fd3097b22101c2af241c8a744b5410a244b72d7a8f8c408489ec54f42ba88c610cb567b43fe3fd8ca99445dcf1c","ssdeep":"768:qKMiaIn5Fttxnl4AKmTIqp49SDivNtkTDrm4ns4gc+VnB5rgpe1Iw4leQm:KiaIn3rRf4oHHxshjVE0Qm","tlshash":"8803f1a0fde90a20d0ad07fa78db6232108eb619071fba562ef4e5d6cc71b05f4661dc","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.063769Z","times_seen":28,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/blackjack.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.857Z","timestamp":1784030128857,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/blackjack.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23615\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-5c3f\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23615,"size_decoded":24995,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"e794581788f81e46ca3ee1590d481acb","sha1":"e00d54d94bcc2548fd6e0656c96abc215910c7ca","sha256":"99da9e87cc0acac53dbe64d29a6cab0a5ff9edff3638291c090088c5294ebe3d","sha512":"8fec440d1524d0bfe47634eb2d8dfceb71122066beaf9963f5be26700c468669b203c9ac20f7368dd4723651809b2662da31645371846b87584e83086cad5602","ssdeep":"384:Pdos3BXRytO9EQF9ns0uzckgGshSsThkRo5UfiBRwbr2N4Jy5KTxXy3+M9jQ93Xd:Pdoums9VjsLzcjlhdSRcvBObTJQKTxXv","tlshash":"cbb2e063ca1a4f5fecb82222401076d745937814381f746feaa1aa863931e5f98d39dc","first_seen":"2024-05-26T17:26:05Z","last_seen":"2026-07-14T11:55:59.064614Z","times_seen":29,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-700.woff","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.905Z","timestamp":1784030128905,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-700.woff HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 26728\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-6868\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26728,"size_decoded":28119,"mime_type":"application/font-woff","magic":"Web Open Font Format, CFF, length 26728, version 1.0","md5":"5bcf22f1b312235de18db4b1014c37b0","sha1":"0e04de3f77170a91cbdc4c6346ed1b78d196472d","sha256":"530d11debf6f76bc609d982d06284f9fdb757b2d6b739869f33ac7111a5926ee","sha512":"2a5e33d7a90e55f79a0aa8711b0536c1f1d6fca396db87301fde72e1c6a64ab1f319bb4ea70ac52dd5bc9743e778fdfc172cb2729cb97bc6f5441cc86ddb8996","ssdeep":"384:JUoB5EficdjZ/p6evZHtq/E+hwumfFtpdFI9/jG/grx44heaCz5Oos/4Mw8e:JPatxp3hU/EKmBdFIYkx4r4o8Q","tlshash":"60c2e09b8b84cde5de7f8fb225e219718c45cb3140bda0b827c4306eec6f6c696565c4","first_seen":"2023-06-15T05:50:15Z","last_seen":"2026-07-16T04:25:14.081643Z","times_seen":193,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/js/app.js","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.088Z","timestamp":1784030128088,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/js/app.js HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 0\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-0\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":1385,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-16T10:58:12.210586Z","times_seen":17286714,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/slide1.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.092Z","timestamp":1784030128092,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/slide1.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 96457\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-178c9\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96457,"size_decoded":97838,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x400, components 3","md5":"31aab3bbce2308d7465641295f802b97","sha1":"1e5967b467206f65d2190b7ef375f63b0b88bdde","sha256":"df6884bb00b5979f8582464e7b3d5e475ee43473339a654ef6538c30c366ef2b","sha512":"47c69b2f718a1793b67ebc680ef2318e77d1704ca9160984f56d314d98e3ded6d9dc0c2cbc318ceb3dc60036d3066358b3b8ee3d679dfa7f63a868e70aa69cc8","ssdeep":"1536:LVTceD52/Y7Z0iJlacCz0pdmAEDamPN2pCxdyrgoF5yC//JMw9MlsHMcyPIS8PI+:JcYI+PS0pdEDamFTMBKM/iw9+sH48PR","tlshash":"9893124f53d61197f84a9fbe78152be303b76456a97fb24cf8224d710318cf2628a0d6","first_seen":"2024-05-26T17:26:05Z","last_seen":"2026-07-14T11:55:59.068527Z","times_seen":27,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/endorphina.svg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.530Z","timestamp":1784030128530,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/endorphina.svg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 8661\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-21d5\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8661,"size_decoded":10043,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b0235b09044efbb87b85a234e742b270","sha1":"c598618b30fced7d9baa6993a5cec49508ee9e8d","sha256":"63e809d0df7ebc332540d1b219b15a2e68fa05d7d173640ee5e26cd1b8487287","sha512":"8dd8ec415b1ff99fb3415efaf3ab1545ae330ef4e4dd08ab5b3deb99881c805c37634c60b6267eef35930c7e6995456017414003e419c830027fa2fdb1955223","ssdeep":"96:Ptd56cUyOdMTnTlDmvq7JXrp3RYFNfBhbv16EI2FD917C1TNVaIj+S5JGhybFlTD:ldb375jF9BYFrhbtK9Rj+sghybLYA","tlshash":"c302c5e81bf967e4fec8e2f5ff27a05d7c0b40f9a68c4a34c3185d64e4424a82d859d8","first_seen":"2025-09-23T15:12:08.096183Z","last_seen":"2026-07-14T11:55:59.070083Z","times_seen":74,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/betsoft.svg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.844Z","timestamp":1784030128844,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/betsoft.svg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 4274\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-10b2\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4274,"size_decoded":5656,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9eaec6330ec0c758a60bee4ecf8cb3a2","sha1":"1c8e400e9997f87dcf7445062196264ec5b4b84a","sha256":"bd6b64ec26af62a8b8ebf1d2c8524bc70bf37cc103057eaa0e6d317743a57be0","sha512":"e7f31b408880902d350acb9df421d40b0cc4ebebdba380a1a12831abb831f285204976aa4931ac36671b834b8a370e38fedae2998c6f9c09315b87500f205735","ssdeep":"96:S+CUZ1VIZQBMpbBlpU1tDwofGzLobPF6O:tCUKKMpbBlpuhwofis/","tlshash":"ea9186d93b28c9b5edc497f76a0200723122e4e7e6d346e4d7502e0dbc4887acc4aed5","first_seen":"2024-08-19T16:19:45.132275Z","last_seen":"2026-07-14T11:55:59.071159Z","times_seen":93,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/take_the_kingdom.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.848Z","timestamp":1784030128848,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/take_the_kingdom.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 30601\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-7789\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30601,"size_decoded":31981,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"ecf0d68d7b0ec1f67a6ef4999390b0c3","sha1":"41322a033ecb9dffa88bff9b4df1752418222fbc","sha256":"97f9904fd00830dc1e9c6d092f81817123ca9ed5d610ec1a4f80faf604e3d7f0","sha512":"d7042e715beb66a79ca9aaf8f747818f49339102d437b6d7b2fc602d7e7ea961189fce5c2d143de45d1e322aea66cfcbc3327caae6f6bad0afd1a6c3c4a7a43e","ssdeep":"384:3Z7HSbZawGqktWGFrqV/J6Qcshwog4959yRLWuWMgmx+613nD9/doP:FH0ZtGfWGy6hsyG959yRWJMg4RRl+","tlshash":"93d2e1209f0ea41af70819b1716104a3a33b9b5e23783b852670bacd75f974c5d899ff","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.072308Z","times_seen":28,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/netent.svg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.854Z","timestamp":1784030128854,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/netent.svg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 922\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-39a\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":922,"size_decoded":2302,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6ae48682071edfbfba7ed446e6918bb6","sha1":"771972b31df37f380ad3523c6111ff463577c855","sha256":"18a38854550fd3902b2f87db7b7c6e4087923c91639c6413b49921a43d20e8d8","sha512":"e42cf1b5bcb05aa48e7a00ee0711c5f1d49f3d69c97648e3fc26c112555d5736d878e8b25178b74af2ce7f2780dc58ab459fa076951a473eaf89b06041db73b7","ssdeep":"","tlshash":"d4119ce4300ed0996d0702bbe32a717e86f600d782978596d7d1bfdbb6c1c572d188d8","first_seen":"2025-09-23T15:12:07.920018Z","last_seen":"2026-07-14T11:55:59.072994Z","times_seen":120,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-14T11:55:27.411Z","timestamp":1784030127411,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:27 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 33598\r\nvary: X-Forwarded-Proto,Accept-Encoding\r\nlast-modified: Sat, 11 Jul 2026 08:28:01 GMT\r\netag: \"833e-65651a2a34ff1\"\r\naccept-ranges: bytes\r\nreferrer-policy: no-referrer-when-downgrade\r\npragma: public\r\ncache-control: max-age=3600, public\r\ncontent-encoding: gzip\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"W3 Total Cache","description":"W3 Total Cache (W3TC) improves the SEO and increases website performance and reducing load times by leveraging features like content delivery network (CDN) integration and the latest best practices.","website":"https://www.w3-edge.com/wordpress-plugins/w3-total-cache","common_platform_enumeration":"","icon":"W3 Total Cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":116088,"size_decoded":35115,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (54263)","md5":"9b0ed659703b2ee638a5f5fb84f58b66","sha1":"60af2770dd4c5170f12f5549608bebeca173a4f6","sha256":"43072b6a68d12b03e4034072224551c4f41e86236d68a504b3f7fc8277ef529a","sha512":"00562ec170e97c303c8bf192f2e66e1a8342c95771cbf13336adc7c66bf66c033ebae174a33c48978d9bc065b69926623af6d03be1bcc03aa8aa1cef5f724992","ssdeep":"1536:JypXdK25PT7Zm3S7CjB0eY/H4N7YQJ+xDBp6DBDe7g9U7MSitc:Ehdd5PT7Z4tYQJ+xlp61De7r7l/","tlshash":"bab3e8b0324991b71122e3e5c6217e29b78654bfee4b6341c2fc9b9c9ed1ce8cce1645","first_seen":"2026-07-13T21:18:46.708143Z","last_seen":"2026-07-14T11:55:59.073671Z","times_seen":2,"resource_available":true,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":59,"connect":30,"send":0,"wait":234,"receive":36,"ssl":72},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/infectious_5_xways.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.840Z","timestamp":1784030128840,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/infectious_5_xways.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 29553\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-7371\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29553,"size_decoded":30933,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"189ca70f3b508d0886006d3091640e19","sha1":"b9d82a9e2d8b354ed651433b6e07c8e5181c133e","sha256":"9b7130311fd89a4deda67e53f278708d5846995c2eef4d1611e87f992a1bcf34","sha512":"6406c4f0b32befbac2518c461c27f606ec2f776a86459843882e5e6903a5ced6f40424df0508bef201692dfdebb475b7307a2b58a4c73ceca1a342c34493ce48","ssdeep":"768:JAroPAaZwQ+/kiUGKzFI0twffST84QCVEwUSvllZxoAWGnLcCED7Z:mkLwQ+zUHzFI0twfaT84jUKZmAWGnAZ","tlshash":"91d2f2b3012a0861f5be3c35da5ca7165f11a32534a3b7a758701bba27f34b25deb11c","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.074564Z","times_seen":28,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/booongo.svg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.842Z","timestamp":1784030128842,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/booongo.svg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 10034\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-2732\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10034,"size_decoded":11417,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9f0b856cea7c17b71d68c0c7147b3605","sha1":"a288452833c6b89758da19ff18a078bd4db56332","sha256":"ec1397960594428ece5e5d4b1d4230ed58399342c9ff7e59e6b7c032b7acbdac","sha512":"1aaa4f60cd71dcae56d0381e408069b9b2f503befb27442e3fdbded413c52a4654f47e58b272b79ecfb622d1966810bb7158f6449d81c9e0b2dcb7ea51e181a3","ssdeep":"192:T6GKp82DiaanC5t95L8Qzb2ypojrM4iw4LjsZAykfA6BlufES:2/duZQn2PYptLj0RyTB2","tlshash":"172272eeea744ce5dac6d3caff4140ad301fc1bb88928b61c259ef1e345149c6909dd1","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.075714Z","times_seen":28,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/thai_blossoms.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.849Z","timestamp":1784030128849,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/thai_blossoms.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 36040\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-8cc8\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36040,"size_decoded":37420,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"81659667645d3d6ba09bb5d109cbdc70","sha1":"46be835c993935bff7e84a53d8a4387927eff0e6","sha256":"66f3900930335c58a59e6606fab81fb92abbadc9945eca8bddc847ed05576f09","sha512":"5165d62dbd664dd543ab35a8b967be6ef7d0f4a57c63fb15509468726fd596874e5c9b15dc50330bcddef33ae7814b80a24c33601da4b8bce7ebf44113f8f71c","ssdeep":"768:hfQv6G5TNmjRp9Jbm4DbaIMNJYksLiGlECBS2DYcadMFtdc5dL:eTUjRT1XDbatjsLioEQ/ae85dL","tlshash":"adf2e133fa7d1402affe05e817589382d1a2cd5b7561a68e3ed9d6a013d7e18a19c3f0","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.077464Z","times_seen":28,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/stay_frosty.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.851Z","timestamp":1784030128851,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/stay_frosty.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 34422\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-8676\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34422,"size_decoded":35802,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"2310fae11b5feb5e20f9039ca904ac33","sha1":"afa863bca40f092a6c7e6d8997d98cf05b23192e","sha256":"f39a2da7f5aa46580337e4bd12a1287872702947c8931de0fdcfcb900ff88765","sha512":"333c1a9beac1a90416371ca79d24ab3d54cf642fcab230c8bc10ccfa57c4e85558795be83948e707a8398b752fcdd8c2e4f95e9f14b78040d698f16bce533744","ssdeep":"768:o7Mgm+0EEhy/mVu28pi21EXIwNXOhNG2ckd5U0ZXLTTnkF:VtE9/mh8prC4w9OXhckd5rZXjkF","tlshash":"fef2023fa273342fce863be085b738172b12e1c2e2514a6605135cbc99e717b6466fc5","first_seen":"2024-05-26T17:26:05Z","last_seen":"2026-07-14T11:55:59.079571Z","times_seen":28,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/uploads/2020/09/cropped-favicon-192x192.png","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:29.226Z","timestamp":1784030129226,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/uploads/2020/09/cropped-favicon-192x192.png HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 57000\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-dea8\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57000,"size_decoded":58379,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"5941b5c3e4506f2bf660bd0412a66df3","sha1":"6d7d891fd3781e69e60b8848ea1e7a2f8458b1bb","sha256":"10b34c66a8c343e22a53fc0c1a734743b946211125c3ab6c844d1b56a19d78c3","sha512":"4750d1c0bebd58c9ee5f2ec005fb0ce60ed94c423dc3858a5efc0f7c29d6a5cf521b7de0e31fecfad5b219d4da55604ae7f9a9dfed0ac4981bbc5e61e8bb1df1","ssdeep":"1536:V3KEj7eOK51fuH33+V5l4QgUtgAv0g9tghMmVMSem:V3Kk7eOK51fuH3kl4Qhg4pgmuem","tlshash":"7743028cf74a4977d284bf9424f6dc6c0c380a775c5da1841f5b3b28194fe5ed24caa6","first_seen":"2024-08-19T21:41:56.768468Z","last_seen":"2026-07-14T11:55:59.080611Z","times_seen":7,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/favicon-16x16.png","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:29.228Z","timestamp":1784030129228,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/favicon-16x16.png HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 478\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-1de\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":478,"size_decoded":1854,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"5fd78b200e63db4d93e4fa5cc5275257","sha1":"607fb8b58ef8fc7e88fff4ae772ca1e5e94628af","sha256":"fdc145ab42d46dbea8eb83ca5e440e9db167a05e950b131c4000a2879cd76f14","sha512":"fc4b067e233fccd564abb712b2d94e7ba7cece5f208fc17ef8b6a0e2a32114010faff28fbfc9c69942d5f22da3a11f7b155098691575cda170f4de3cbffeaa98","ssdeep":"","tlshash":"9df023d5761cc814c4d71937ce4cd4cc513d7c3a5cc010077784bb2b28306e05011f41","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.081667Z","times_seen":61,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/css/custom.css","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.080Z","timestamp":1784030128080,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/css/custom.css HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: text/css\r\ncontent-length: 473\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-1d9\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":473,"size_decoded":1848,"mime_type":"text/css","magic":"ASCII text","md5":"a91c79037829792cd5e1e84cf1ab2f5f","sha1":"ee3e5efc3bddcb550d0f045d2d70625ba12535d9","sha256":"91c8c3b155a14ae6da77e705959fbf8aba3749dcfc87d929a65f7a51bc5416be","sha512":"34bcaf66676bfbae2299656f955f3e03accbaec933d48a07ef4747224f8427bb4ca2b3d09b5ca98c0ef6e60ab223892e6abd5961c2e0d1b7ee88a114e6edb742","ssdeep":"","tlshash":"cdf097b37a92ec40622702aa791ab6710b3de1619ea724b0a6f82678c5c018023f830c","first_seen":"2024-10-06T09:15:57.102556Z","last_seen":"2026-07-14T11:55:59.082726Z","times_seen":18,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-regular.woff2","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.514Z","timestamp":1784030128514,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-regular.woff2 HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 53223\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-cfe7\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53223,"size_decoded":54617,"mime_type":"application/octet-stream","magic":"PostScript Type 1 font program data (TTFirs-Regular 1.000)","md5":"e83db6b09bb2e76bcd108800abcdd2db","sha1":"1ac38c404a2807ea0a4080f9d765573ee47de401","sha256":"364098a4664f623073c7e7456250768f7ffe6066ce43c5d4bf9f6f13515b178b","sha512":"4581484a32fd63a3fccb4721734a273597a4f89d0fe1c668a26a24fdcd174c2e4ee293726ca4ba82d7b7a8f73a453e3992d6fbdff026b25618f8f209a0b3f19b","ssdeep":"1536:KrV8VScBjzShAg2DwAe2M6bkD74IV968wW6ukaz2GA:ghcRShAgejkY4R6jcA","tlshash":"ae33f168c8cf4b24e45375e3a1c534b9d79fb8101ad2be50e6ac6e6572218f824fc17e","first_seen":"2023-06-15T05:50:15Z","last_seen":"2026-07-16T04:25:14.128557Z","times_seen":199,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-regular.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-500.woff2","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.517Z","timestamp":1784030128517,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-500.woff2 HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 53683\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-d1b3\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53683,"size_decoded":55077,"mime_type":"application/octet-stream","magic":"PostScript Type 1 font program data (TTFirs-Medium 1.000)","md5":"933452af07d5a2bf6200039d5f0f1a1e","sha1":"25c4622ed86f3f393c725b39eafc1e6ae6764b26","sha256":"ae4dade25ca2a91cf1238e015bbf928a7c2e0bc05aafc9d9a153f8abb4d33c26","sha512":"51aed07617d16659c3d8e17a51c1fc5fdffbaff3edc4cf5bd594df602a8d67242ff10ec9dbe1c2953b12180b649c0417d7e234b6091ba4c1bcdf10e74037f275","ssdeep":"1536:UrhwKp0w9PKjB1M3oVCEFyhfEd9eaVRrN7k:ehFGiKjbMojFyyPea/K","tlshash":"9433f1d9e0ef47e1ca07b4e704cebe37270fb10299e82f8bd5975e6411485b510f86a9","first_seen":"2023-06-15T05:50:15Z","last_seen":"2026-07-16T04:25:14.175928Z","times_seen":70,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-14","alert":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","trigger":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-500.woff2","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Eoin Wickens - Eoin@HiddenLayer.com","date":"2022-09-16","description":"Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent","rule":"PickleOrNot","yarahub_license":"CC0 1.0","yarahub_reference_md5":"81e132b5437b902040dd72fb0c62f7dc","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"dd704c93-e88d-4327-9e79-a20c7260bb3a"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/queen_of_the_sun.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.841Z","timestamp":1784030128841,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/queen_of_the_sun.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 31976\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-7ce8\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31976,"size_decoded":33356,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"29af1ecae594f65120ecda822341e8bb","sha1":"0f0f312f016da1b9fb810174fe133fc4ee4c7c0d","sha256":"36cd615dfa0e25ff03fde140c23a2559c2b89533f2f0bd5542920be2be04e40e","sha512":"9accd015a3d4e100d48fc2294e6ea5c114dc2301270dbbfa702f77b390e1059eb8d214d25a8e246e883b50791d4d2c724f1dc250c3f076e5711fc3b9512c265a","ssdeep":"768:fcXP6susp+ypFRnBznP+bioTH1qk8QftOXJFPTU7R0VBe3wpYMPN:fcXSsZppF2ioTHRdfEXJUeOwTN","tlshash":"06e2e0c53c17276b8722bbfa48278b1161af5741b06b0b60b9e0ade55c920660f5ff83","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.086336Z","times_seen":28,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/blackjack3.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.856Z","timestamp":1784030128856,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/blackjack3.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 24316\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-5efc\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24316,"size_decoded":25696,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"6f583d47d7d771790227ed7b789d11b6","sha1":"64a329bc847d4bcce823ddfc023106ce0389e44c","sha256":"9fbbe6c71639cd140e5fe8b5fd476aec9acec4877299cd8217bbc55e8cbfe4c3","sha512":"5ed8f9e18a4748aab2cae55ec6415bf1a1984b0893231b486c09bd0e771ff22169ed86189c34c74985dbe50b9c629a7fbad2e9e8a6e1a1f1b739fed9cc860880","ssdeep":"384:RjW/GLmM0kxtpkJJ+PbHKsBY8rXX40R8cNWUU87VUC3OaYjoS4cKJniXewg2:Ri/GqDWIJ+THKP4XX4gXSSDCU5iuwg2","tlshash":"07b2f1c617c70464ccbdb3e741d427dc8de0e8e624b1971e41e3c9d54da881668a7a6f","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.087366Z","times_seen":28,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/gameart.svg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.859Z","timestamp":1784030128859,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/gameart.svg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1764\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-6e4\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1764,"size_decoded":3145,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"25d2617d91169ac63bb75fbc7d2a0ccd","sha1":"7d74a5bebe7001e04ca2a66c2bebc63137607ce5","sha256":"1c47a372b2e3c905e3f6dc7f5aa28d7d5ca22d58d59662234e4345a335f31b3b","sha512":"94a21982402ca31e9336a53261064f4e037366c1d060421b87908872d5f4efb26b21579602787d58d0d2d27d9ce80d9a5626fcb84cc82511a39995ff6f506cd8","ssdeep":"","tlshash":"f4314381439475c56848e7dcab1e2b3b228328fbfa54d3844a016e1f385507ecc1dfca","first_seen":"2025-09-23T15:12:07.984242Z","last_seen":"2026-07-14T11:55:59.088231Z","times_seen":33,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/baccarat1.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.860Z","timestamp":1784030128860,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/baccarat1.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22501\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-57e5\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22501,"size_decoded":23881,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"e8b573244e6212e3280b4e314f49689e","sha1":"fcefa9cf800d0316ff5288c2198624123ca1612d","sha256":"e6bb3f9386c1b3d16d5909326fbc22ee529de8aae719743a1ff6fb400a87d219","sha512":"8e776b1ff7b37b86d034516e058d7820320772c49186b6278259d05ffb39e751f1ed9b5e4147b09bc04b4c8d1cf8f228527490694cacf53ad3f8f2c1df462c59","ssdeep":"384:7YFVFW6macHaAuReyMUZKVk/ZunNf14425rp2Q5wJjw3euqARf5XMkigzq6:7Y8ty4zUZ3uNS425rn5R34AV5XMk/zq6","tlshash":"32a2e1005743a47830eecbf3d1a997534a01b91aa61c6807cfca2da37f319c566d8df4","first_seen":"2024-05-26T17:26:06Z","last_seen":"2026-07-14T11:55:59.088767Z","times_seen":28,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/fonts/TTFirs-800.woff","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.901Z","timestamp":1784030128901,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/fonts/TTFirs-800.woff HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 27044\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-69a4\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27044,"size_decoded":28435,"mime_type":"application/font-woff","magic":"Web Open Font Format, CFF, length 27044, version 1.0","md5":"fe1bf387569405d416f45aa3e51bcc14","sha1":"ec76e0a4fa2684aff30346ecfee021cb9a9da7c9","sha256":"a8f9f160032f7730565349b1222827dc10f25c4b3b5ff1f17f8836c5d69355ae","sha512":"c651f5ed3f8914b01ef25a9dfeaa202c23eed91c1eb359031a9e9cd8ce9a01a0ab9c651a7c3ad7cb5da38679b6724d1b15787a0f66e9e88e8c31cf896553e48c","ssdeep":"768:6oJJJ3kyiM3TaPDFiY586cwXSx4r4o8Vl:fJJJ0yi6nm86Gx4rh8f","tlshash":"c3c2f1af7a4e3836a8b507bceebe03d2de05e4d5066b58fc72c4d96554cd082f089606","first_seen":"2023-06-15T05:50:15Z","last_seen":"2026-07-16T04:25:14.080421Z","times_seen":177,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/css/styles.css","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.077Z","timestamp":1784030128077,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/css/styles.css HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: text/css\r\ncontent-length: 104190\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-196fe\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":104190,"size_decoded":105570,"mime_type":"text/css","magic":"CSV ASCII text","md5":"6a7b208c6a4f5c97965b0757b3df61da","sha1":"e0dce70185bd202126fbd07f1a34760b0c80ea85","sha256":"07423df51598bbff1685410fdf7c3911985b91155c261b9b7eb1ef4415ffb425","sha512":"fe81a39e07f8ae19b9503752da91115bf5fe149fd1dace14e59bce9800f4c7be662a7e3e35d5ea6399d0e7fb95e374ed9e2c216ec5e4f34993e35e1333d32f34","ssdeep":"3072:loSR6m6fjU9i44WrKgQEfxxFBdpelliVVIDqdkH7N7AE27ah6yE8sj5tAtnFgrRD:loSR6m6fjU9i44dlliVVIDqdkH7K5tA2","tlshash":"09a3f910fe237712f217d05e2d44bc54577fbc12ae1e5c26d09b98acd6ea098d2f2b89","first_seen":"2024-10-06T09:15:57.087441Z","last_seen":"2026-07-14T11:55:59.090332Z","times_seen":25,"resource_available":false,"data":null}},"time_used":370,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":181,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/logo-alt.svg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.473Z","timestamp":1784030128473,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/logo-alt.svg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/wp-content/themes/cat/css/styles.css\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:28 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 6511\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-196f\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6511,"size_decoded":7893,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fb5d744053a35e637e3057735125fc88","sha1":"ab2bdc363c02ba4df33de326ab2802a1534dbe29","sha256":"7fa4b2dac0ffef5af4ff98c666551d4f4cff427a4f3ae8d7bbd2a45bd49e67df","sha512":"60daaedca4d92b843fc80e6f7de40d3975c551738b698cc3e6d15b9662acc2ec5ef20cd32240532c6024f86ece79284339ddad4e84dcb85e98fa975ad3306c17","ssdeep":"96:qqlLt4tDMzMuug0D5SF6fTNzLFlL9xIlmg1yWF4o7lq9:TL6DZF5S0rB9BWqClq","tlshash":"6bd151bc57994a9a8c1ac7f36e6424b02d0f94ae8455e39df8a4c730f6110f8dce0e97","first_seen":"2025-11-24T01:18:56.596959Z","last_seen":"2026-07-14T11:55:59.091239Z","times_seen":26,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"catcasinos31w.run/wp-content/themes/cat/img/hell_hot_100.jpg","fqdn":"catcasinos31w.run","domain":"catcasinos31w.run","tld":"run"},"ip":{"addr":"92.63.227.153","port":443,"asn":44942,"as":"Digitalreti srl","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://catcasinos31w.run/","date":"2026-07-14T11:55:28.839Z","timestamp":1784030128839,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"catcasinos31w.run","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Jul 2026 04:56:16 GMT","end":"Fri, 09 Oct 2026 04:56:15 GMT"},"fingerprint":{"sha1":"D7:68:29:38:AA:E3:F8:FE:28:73:54:9E:06:B8:FB:75:13:29:49:F4","sha256":"1D:E4:F1:72:34:D3:54:8F:BD:20:25:4A:E1:F1:62:6A:5B:71:6E:5A:B7:E1:A3:0B:F3:3F:2F:2A:93:40:F2:7F"}}},"request":{"raw":"GET /wp-content/themes/cat/img/hell_hot_100.jpg HTTP/1.1\r\nHost: catcasinos31w.run\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://catcasinos31w.run/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 11:55:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22839\r\nlast-modified: Wed, 12 Oct 2022 18:28:13 GMT\r\netag: \"6347073d-5937\"\r\naccept-ranges: bytes\r\nx-dns-prefetch-control: off\r\npermissions-policy: accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), aria-notify=(), captured-surface-control=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), on-device-speech-recognition=(), summarizer=(), wildcards=(), private-state-token-issuance=(), private-state-token-redemption=(), interest-cohort=()\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';\r\nreferrer-policy: no-referrer-when-downgrade\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22839,"size_decoded":24219,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x236, components 3","md5":"92e60c3e0129d2f492fa7e3ed3007527","sha1":"93cdbb37e15dc45649d29f7b41aa633586880ced","sha256":"2c0a6a3083088502872924b9ebea6f249a44588a83a66817651c817412dab9fe","sha512":"689340f1ec45b0e3e21f2433df6d602c9dee6def251bb8a103556b047c71bb745743684540618b6c9887a3c07de8fe44b3db8de47f3365c33280a77eb379639a","ssdeep":"384:B8VVhyII4/gEBHZg7Iwr/bvQ0bp45lXIbDs59Q6D9wlAWjMW3OEQJfKs4:B8VVhyIIURa7DrTp4ob4HOlAMMWNQZKR","tlshash":"3da2e1e7c781f420b719147340aa7c2ad741d4a713d18fbb5ac046f73428ad5262dfe6","first_seen":"2024-05-26T17:26:05Z","last_seen":"2026-07-14T11:55:59.092093Z","times_seen":30,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":322,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"catcasinos31w.run","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
