{"report_id":"a2d0f321-e112-4e44-84eb-37bedd0f8af2","version":6,"status":"done","tags":[],"date":"2026-06-03T10:09:19Z","url":{"schema":"http","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"20.24.101.167","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/home","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"title":"Bet365","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"20.24.101.167","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-08T10:09:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"s.q5qo.com","ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2026-04-06","domain_rank":0,"first_seen":"2026-04-08T12:00:24.977625Z","last_seen":"2026-05-28T15:44:03.779429Z","alert_count":0,"request_count":30,"received_data":341534,"sent_data":14369,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-03T02:49:56.909947Z","last_seen":"2026-06-03T02:49:56.909947Z","alert_count":567,"request_count":189,"received_data":7041660,"sent_data":93953,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tposs.qiddfc-dqiod52d.com","ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2022-11-24","domain_rank":0,"first_seen":"2022-11-25T06:07:22Z","last_seen":"2026-05-30T07:40:55.592513Z","alert_count":0,"request_count":41,"received_data":2137561,"sent_data":20060,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/video.Bv5D9_Td.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"718063586df6dc66587fbd457ec5f4fc","sha1":"388405a35f553a05a7e8682e767b288db16c0daa","sha256":"c69902672eb03df339be1ddacada47060eb42bca1ccf5f5efdb38fba69a9aaa2","sha512":"260bd3f8c16fdb74e8548a50abb047a9dc2e77e528173048b63b42687413e0a27a9d4f15be052755de672c2238ce48b6304a6c2207e3f8a12168775cc75975d8","ssdeep":"","tlshash":"689002295c01836024954069af9289699411851a32750694d0160941a319456566c565","size":57,"data":"","first_seen":"2026-05-30T07:41:04.641841Z","last_seen":"2026-06-03T10:10:15.188264Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/GameHeroSwiper.KEZSG98u.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"1a1a1f41c7c0e113a1b03ae32bf2ed3e","sha1":"6839a1308a4a8211093d737861579aa3955cd8bf","sha256":"6cec8c2f3694b8d73be580d8fd4269a3a9c2f85665e80ecc74e5a8131f62dc85","sha512":"8b3799c43fde9a0621b11e911e0a18a426665735f5d28dfd668450e68aa180fa49ff06d9b204134acc8e449b1511ee08d60b0dac49a1b0052ab7a9eab9ff656e","ssdeep":"384:qv+X+C3dGglWcEIKarIvYEy9LELpLLLKJmHbfV4GfRMQMon:qvUl3dGUWcEIKMIvYEy9LELpLLLKJQf3","tlshash":"d842fa5c6461487efb3a4d8f1684781d71286bc2ef69d881f2fd3a2617a1c79ca1932c","size":12305,"data":"","first_seen":"2026-06-03T10:08:00.393004Z","last_seen":"2026-06-03T10:10:15.171692Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.DIeT0CuM.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"4607c973da4158d462875f6b00452bd6","sha1":"6dbcf4f4ca62da6bdc171d018655c3b23557cb85","sha256":"36dac0e952090fefbe168a8bc6247e4da1f12943806c04153c140b0243bf9d0b","sha512":"4e1465020c4c6ba239e9bf76a85785778ccee1d611e772e3f1ebff24d016c8693a76a60ca37d9154c150a0aaf01525fdd92340161614c70bb525338bc8236e8a","ssdeep":"","tlshash":"bbf00e2a7f4cc0f4a2370dcc31b38028072f07e9b534e7a581d33f691b89520a99e179","size":525,"data":"","first_seen":"2026-06-03T10:08:00.341496Z","last_seen":"2026-06-03T10:10:15.273155Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/use-keyboard.C_iftZvY.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"7defa249fecbcc63945e3467e475a6bb","sha1":"2ff6d894e4b91a08d26fade257d3ed600c2a5196","sha256":"74e4ab03366a1c64c809c9040dc3738b56d72d02ae094cf5f8bffbfab413712b","sha512":"5f40d09f0d8088c51921ef2c149dac22b3608a1f3027baa60c7923fece2b4340314a2116e5571cce1f7c5e8eff988a632b5957de31ed4724073974e6afdecf59","ssdeep":"","tlshash":"1c2124a0506e34fd9aa6edd82a3fdc103452bab07009b861506ddf3bdffd942a5431a6","size":1198,"data":"","first_seen":"2026-06-03T10:08:00.174598Z","last_seen":"2026-06-03T10:10:15.217503Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_style_index_0_lang.B2z57bxU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"7341403835f89ef572116380b6f832fb","sha1":"df402fcefefb6ab8eb64feb501475e55129561d3","sha256":"4b063311fb653a2a9826e3dc6910783770933dbe1ac6dc06db21f185ac614619","sha512":"9956d14e0219c2dd90b7f40b6b166d7b0875e77681111d7b6f260071f533f299d01c5c66a360e4b9cde741ce3d0d0ce137f50783bf7b1ccd141e38d0cafda611","ssdeep":"768:V3757ETdCyzbP9dX5IcJV1WFCZsD0tJs/MLWnb439z9FZ4LTgaM+kSftvfp+ScMG:dtwU23nWgWYqM3R8uScYVA925tCSo","tlshash":"c2731c98f60ab07152f7c9e9e0af464973123782a704d1f0f4b698610692779f0abf7d","size":75512,"data":"","first_seen":"2026-06-03T10:08:00.347344Z","last_seen":"2026-06-03T10:10:15.216736Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/MatchTimer.BMVrwhX4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"85643f189364cb6aa074a791fe628c2c","sha1":"9840d5181ee80ae3fae51d9c6e57ac9d36045c30","sha256":"44ab6ad24b1c9a4fa377a5f4d6f1e1fc695e90beeca83b34cf2a10adb2263561","sha512":"f979ab2910c5b0075b50facbfc70f15be695b65dbf1a85f2efd2713a14a6f883c7a1d6b7f6c1107622ed618786d3189cdd024bdd93db8849c4e8e8f318606c21","ssdeep":"","tlshash":"4f41a745bb0f68e053b0098015444910ad2acb2d3133a9c5eb9c4fad936ae58afcd56d","size":2079,"data":"","first_seen":"2026-06-03T10:08:00.233074Z","last_seen":"2026-06-03T10:10:15.265945Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/OddChangeIcon.WkWd7uc3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"2319e3183b405b26459d6bc986bcb9bc","sha1":"6aa9ff3afdf0464fac38ffdc9f30ba1b8efafe45","sha256":"3307511a425289c031b2061d76dccf360f23c1e5f996362d2fea032d19eb42fc","sha512":"7c1cc27651c0d026b77c5702e731c7e84065912486b140c5d944d7a0bc128b7b600c72682b7c4a50635e36b8815b8d752994b328cfb4864f64cf194d4cc2a4e2","ssdeep":"","tlshash":"7921219e5c4a8929de2a852b27225d1bd03196a1cfc9288fd7c06631d3e006a3ac81bd","size":1248,"data":"","first_seen":"2026-06-03T10:08:00.27837Z","last_seen":"2026-06-03T10:10:15.234037Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Popover.CSKhjSOU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"e707e7f28d2428ea9fb734b1ac4f1e86","sha1":"cce360695568f4b7dfc47e9dcfc9514c4abe5413","sha256":"5811e9f126d2af3ad9949108029d87e55558f7d19335c27a6f2511270fa7d4ba","sha512":"e7044aea469894c8f824930d3219fdcde5adc111abd8b06fbe5df1b8ea41644be8b0db908b7bf22c8384be7a92899a7cc7886ebcdc070cbfc97c333b8998511d","ssdeep":"768:4k9gnwbDh45yeox9gCU00UgapJxihgSgNzinHDcpRj/RMbhlcS+pbHH+nUxzVbi3:zh4n4HWuNzinHofj/RMbfGDehiI","tlshash":"84f21b9134c6b47403bb86f6c08f4645a2290e26f90fd5d0f566ec6724e7268d2bef2d","size":36217,"data":"","first_seen":"2026-06-03T10:08:00.335705Z","last_seen":"2026-06-03T10:10:15.192105Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/BonusSign.Bs0dkeja.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1510723b6c3d041e49c7e940b6c2099","sha1":"9e8e40a4f87f00d85138f1787b6668b020d7a735","sha256":"2791a6bbc158a6cbd65c3ae5962ed56233bcbda5c3ebefe7eb51bf965a6a163b","sha512":"b5ddcca0c5825c5fed75af8c2f5169cb719bb85383ca7a426b188b3fe4455154f6fef939bff17a238b7facd00d0159edfb9736a80abfb8adb8e80cd2f225a72f","ssdeep":"96:lT1FfvQ4/WZ62KHkSzl8AQWKuf0siCQ9Hy+Pi9a/aEBoNaD+2IGnx:BrQ4Jz8A10zxhyt8C7I","tlshash":"b781c64bb0366af4bab75c84609180a3a209bfeec0b5841971ff08363787c65578a737","size":4165,"data":"","first_seen":"2026-06-03T10:08:00.395888Z","last_seen":"2026-06-03T10:10:15.229618Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/InputOtp.BY2YT0q8.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"4dd479246a09c5cde11d9b85c19c1e46","sha1":"b4c356b2c4188dc7cc924a416a39190a35c43e5a","sha256":"16b12e516dbef28476a5fddef97cd38d87d5480f05406b80e65808814047f2ef","sha512":"eb2120f4d2b9dae788a42128a4a903effc2e4d6ca85e6094b1b33b082a741aa9e2af0e734b8c051e5b2e052ddb680a4cb7907d113a953e3e07239160b7f80b46","ssdeep":"96:zkMFbCbPHSwCwIHXzspJkaVBF0TcpS+pzldfsL2q1G0HM1cB5HGcB8q:YMFbCbPHSwCwczspdzLpS+p5dq1hHKcT","tlshash":"03b1e7953193a1b671f24ee684aa4021d6123f08a86df0d0d573cc5516a0b85a3fff3f","size":5153,"data":"","first_seen":"2026-06-03T10:08:00.246916Z","last_seen":"2026-06-03T10:10:15.269687Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/ChevronRight.lAMfMYDE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"8b4e301ddf48058f7a6b86631a1992c6","sha1":"74ad1a0e7d3299acbffde0611f20c5e77e78c51a","sha256":"0ea602eee777b43ba55e09a5126fd9267a43b469c8abd2ceb1312e542fde9a2e","sha512":"54f2e2c1009809dc5de3fb6600acf73bd4c7af31ca26dc84f3d4486efffe5351336fe09009bbe2a519c6351c056819daece12d3c5200e8b6c776b6d4e31a3f74","ssdeep":"","tlshash":"8bf08bdf92d29971c9119a21d1b15041cf2914fce641cbccd22007249927cc13d0fdf1","size":544,"data":"","first_seen":"2026-06-03T10:08:00.197066Z","last_seen":"2026-06-03T10:10:15.230325Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/details-arrow.DtgI1CkQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"163a02ffd7cbf774ac47485f87d11631","sha1":"30467f6feacf6eb74e7a3628dcadccb3866dad2c","sha256":"2d502486f9a515ae20f2ae52153a0dc251b243eb4fb0bbbaf62f6bcb29395b00","sha512":"5faf7f5620bad75057bfdc339e7b40e5ef53b62b10cc0c0fc1cb22fd3e79a794e37b7704f3e8987c06e0a1a757eba76a861852382aa914afdfc2b14886828af1","ssdeep":"","tlshash":"f0514d7797644cedbe9044b554063719ac7a730dac2077f49d0d4318bad3b642a7991c","size":2977,"data":"","first_seen":"2026-05-30T07:41:04.633269Z","last_seen":"2026-06-03T10:10:15.173429Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/config.BpcUrZ_O.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"8ce1fadea8c88bd580d9afdd0bda37f5","sha1":"aefe3439b51d025b26f915d45eeec3433e2b3ae2","sha256":"3236f2722f428e539a1b95e01cb461b55df5800df94932c351fb42a9767e90f0","sha512":"ccd01d2eeca96368b05f541ee6b74defc95349c0d522790561c2d528b86e1514d87d6a81b9096c9a1f3276072c7da0252c909469b108c7ec5c9cf2ae4217fda8","ssdeep":"","tlshash":"dc31209e8b6338de09f20e5494db0f31d41c0309ed268825e3efe63ad502e816227e35","size":1808,"data":"","first_seen":"2026-05-30T07:41:04.696534Z","last_seen":"2026-06-03T10:10:15.207108Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Checkbox.BtziCGuV.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"2dbb50404aab7653d879bf9658627ced","sha1":"868903b47bb7a844dc2c3d7ccbb506cb615573d5","sha256":"11e36e20172e4a7e6bc2a8b1e2bb0d3baf5d90a09fca1b21fcc56a3325f89c37","sha512":"280f0b94b956ace1bc6e493ce18c7c699e43eef2ae985c8f4a423460c9d0c42053396b7e47fa19c85f308300a00e6ca93bfd11081eb186fa1c85b8f4133968ed","ssdeep":"192:eeFNHFb68jFLqTpdbMlbzUg8ujjkupMn0pva9Qw4QtXXhUzPC3cHn0J1ijd:eed68jF4pdbMlbzUg8XCshyPZ0J1ijd","tlshash":"8722853abd4a91b229b3c5a59197480e61226652df15cef0f0f28c0119edafce44fb3c","size":10448,"data":"","first_seen":"2026-06-03T10:08:00.281541Z","last_seen":"2026-06-03T10:10:15.262569Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.r_zEoEiX.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"5750cf751896b082d2200ca75ce60966","sha1":"22e32657381b4a58e2acea13608336baf7ac5719","sha256":"24657e44a1fdc5d8d2d368553097fde6ad7ff3d78924bad8d7e59ad161a7c0d7","sha512":"a37c4d0402b8fd86e19ebe07fab300366366c330bfba7ac5d93ef3f01e70c410be7d4401bb7092567b74cbb40ac19ccad39a6a92e527af1152927767f56e3f2b","ssdeep":"","tlshash":"b821102cec5ed9720ae38960a9541e000408df3ee6783ae06ddcb23c07df674618f32a","size":1270,"data":"","first_seen":"2026-06-03T10:08:00.191697Z","last_seen":"2026-06-03T10:10:15.251771Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"56b87537bbccb99cbb3f8e40c680b3a5","sha1":"9c29309c502860d20f37423d7c9e59267416b0e7","sha256":"bc7f271a30dc6d0a12cc4550b077b6126a9304f4f2d69ec9724dfa27be1d92aa","sha512":"2e542ad20e1a1039616ca07a456b322126605e660a065039d0d19c91440073278937795d618571152c455a513639da440885a6474135cd5da8d3b6677d416835","ssdeep":"768:MdU4/IJe3oXMryC3ISDpDyo4p9rea0sbb0079EFo:m3oXI3Dyteh1o","tlshash":"d5b22a47a13a1ebeb3530da0f0690597520c7febd400da90a5ff1e701bdac8056adb7a","size":24633,"data":"","first_seen":"2026-06-03T10:08:00.144623Z","last_seen":"2026-06-03T10:10:15.297651Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"a8e5ec13aaa33ef46f1a53768892dbed","sha1":"0b297368d42ffd8844060476c7af07b638132956","sha256":"3551b151dd8a9f9ae2078bb7706aa3fc1a23507f33d5c4ec2f572e04905ed055","sha512":"8318e8d257cec1b2995688ae9ee8e740758b5f40ed792654c96e7441fea1cd247de7fca92d90cbaeee596e713e89f846ce4fdb56af8462f1bb58034845f8afae","ssdeep":"","tlshash":"8d41c2889a9020523ee3775d47be215424e390db480dd4507a4da342afa1a2bc36eeed","size":2147,"data":"","first_seen":"2026-05-30T07:41:04.883161Z","last_seen":"2026-06-03T10:10:15.341914Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/BetCard.BzkliE3y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"f80d55d5f03700810e12b5bd1a1c2551","sha1":"2a9ec49968f74d7ebc696401f631cdc97b1a27a2","sha256":"04548ffb352a269ea564d04c5ceb6045e0cb88c1165bc3f60d7fc64a84897844","sha512":"5f1b54998556e8d0bddc5a2a3f49cc0f819cd024306394f56761d1ad313b99c1af16daec4251d527122257f7064208f401245dee957a4cb5ca5c8838da966ba4","ssdeep":"384:sDQUEDKKizqp3Qphf5exea4ZXbEsAw0Ev0szFSM76g:sthKjQphGeaoXbMwJzIM7l","tlshash":"f992e74e351745f6d43b8c3722193408e0353fdcdf25ac86f1eb96252aca9162a98fbc","size":20168,"data":"","first_seen":"2026-06-03T10:08:00.188063Z","last_seen":"2026-06-03T10:10:15.280616Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.YK7gRJyx.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"90f1ec627af14cf0358806742ab43378","sha1":"a507e75f9c0c994d79fddcf5a951f60f849c8757","sha256":"ff7d06dfd46713aa248c33ef11fc5cb315fd352f0dcc2da3112d8b80f237e1f0","sha512":"dc52271cf92ba7a25f7631a3f6a79a668f7c983b2d9547659342e9bb4445135ba4f63a75da969f9640ced973666be927f4d1489877ea793d328cfe8910bed78d","ssdeep":"","tlshash":"d531658ab41dc0f62fd398b9f121211a534d8fed9546d1e201ed6a5d0f4eced0a4ea36","size":1603,"data":"","first_seen":"2026-06-03T10:08:00.284118Z","last_seen":"2026-06-03T10:10:15.211317Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Input.CcS_fxKr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"0d5ba40dce3f91819d89041ca23d880c","sha1":"36fbc7a960e643d365f6f1c28c93c9bcc00713a7","sha256":"4a311fcfa642323bc76d7e087c72ecd568552c549e93cd660e72a96d0f9a4817","sha512":"cdb6abfc022e6777411f70dfcb7edfa7df4247b616d5c16246d5df2c1ec8d4e24141bdfe9a7061d7e3976fabcb19aca8a9cb745b917c05d5e14378021205c722","ssdeep":"768:XZacpv5VFP/7DYSWm5PVpK0QYUDc7et89xmCAKCIdfgmcw0S7RcL1Vmc92GH+2J:pDDP/km4tyFVc2GHf","tlshash":"efd2f9a4f90de0b465a3c9bcd18e861a33113663a601e1d4f0745ca51796bb9e36bf3c","size":29082,"data":"","first_seen":"2026-06-03T10:08:00.267467Z","last_seen":"2026-06-03T10:10:15.22747Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/homeLeagueOddsColumns.D_EQ-qYr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"1fc5dbb39a9c39f659d13d20ad8f6fb6","sha1":"24dd8691078c64e196dd7abea82ea8a04dea9b2a","sha256":"a5d7c1c53d1504f729ceb9340b0ce913ce6b9f89f7cc181f1fb88590b06884fd","sha512":"c5080973cec624b6d5760a7ee76828e599d21342cf78788230af5e10e2e0608a08ee32ec4d18cc18af8b3f98ab80f6277fa31fb47c3c36d07b472898b1d9e9ff","ssdeep":"768:ZZ9A72XizQzf+E0DNrWs4u9fATeOjUNPdVYOpd7e/L4:e99vfpqD4","tlshash":"8703f78c6027893cf6a7455460780096ea6d3f5be404e456f4fe4db53bcac629be8b3c","size":40186,"data":"","first_seen":"2026-06-03T10:08:00.287864Z","last_seen":"2026-06-03T10:10:15.210589Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f397c343be1172e7005bcb3eac87fd19","sha1":"5093f5df1a9198b931bb4e9dbc4d2e51309bf2fb","sha256":"0884c77940c1ce55d860e2876fb295fd7304498c137ae5b0b539fd83bdaba5d5","sha512":"f8a3b9b93922606134f82cb1e52dd12c4524568ff3c99871952bdf9f8ac5c1ece3c1289d7247af3cee3f81c9a25e38b4e1470e141ab4199c0292ac41a75a301c","ssdeep":"384:wXKOkPVp91oIE0Yt9iXmb20QjoghzONnuPyOjiAEJEhC:wXKLVp9aXZ720QjowqduPyOJzU","tlshash":"4a721a89b0320cbabbb724f5f0544054e6b05ba6f016d5c1b1fe8fb83bd6c605b51ba6","size":17199,"data":"","first_seen":"2026-06-03T10:08:00.334099Z","last_seen":"2026-06-03T10:10:15.205589Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.DOuwUyMp.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"145db57658d5418ad218fcc3b6391ac4","sha1":"731e40cf257d28d39a55a55405d3b7b01b4019f2","sha256":"58561498c7eb530950d063baa176bbba62391295afddf6072d6104599e08fd3c","sha512":"a1572e8d311f02522d8c1718142cbb0464fd06ad2e972ee9c305b613ff3573b906c2d00c1a49d0e6103abe3b17b84ec6664fd048399ec5a88ba621f53c89fd87","ssdeep":"96:NpnvAKzW3YrGdv1PISGEwRA6tm1xyY3A53Au3AV4GzK63ewVzbUkzEctpsJUcph6:nvAwSGEwRG13i3J3+Pl3nftIUGh4p3wy","tlshash":"b4c18699203fbb7ab6174834756859d2a3087faac115c44bf1bc1c232bce8b416cdb79","size":5818,"data":"","first_seen":"2026-06-03T10:08:00.177086Z","last_seen":"2026-06-03T10:10:15.187451Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/success.B7fR5wmE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"861edf6ccee12de018680dc5b5ff70c6","sha1":"7775194f46f290b518202bd71a4b63498069763d","sha256":"bd59e568ff6effdaa322fcb9a75fb145d6366fd9ed36403ea87fe64b1ca46d58","sha512":"c527618385c565d1be5f860c12ed44aad86d37e01dfb963c6746bdfe2f5540afefc1bb36b46b35d2447eb5bf61f4451cd5f11208821a00ebb67c78e51f165efd","ssdeep":"","tlshash":"1741947c851b6e78983c4d5b0b283d21d826a2bdcfcdbc475d865200ab345075ca5ced","size":2422,"data":"","first_seen":"2026-05-30T07:41:04.658352Z","last_seen":"2026-06-03T10:10:15.202614Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/usePagination._qMZmp7q.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"7d0be126f1ec3c907e67ad9bbafc6d67","sha1":"af1dc9462fa4e83d6fd88a10a7f36a80bf733e79","sha256":"1160312c720037d426567288ca32a15a613232a6037a9003295b3b54406dde73","sha512":"5d287de0201585a2baf1e749f2cf396f6ab4eb59dabd6ac53e2be18e57f62a03048d37669ba58247ef56437115e1cccc0c41901ed1abc6c33ba0248c24ca9c4b","ssdeep":"","tlshash":"b8110e8af2ab31a84379ccb49098100c4e046f92727698c87dc9079913b3c883340832","size":1025,"data":"","first_seen":"2026-06-03T10:08:00.161815Z","last_seen":"2026-06-03T10:10:15.306398Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Tooltip.ChjoOOCk.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"3edc356539ee6892afd6c9a3f6331c7e","sha1":"0ba73243e6b7e80ae2cf64aaaa89a32e45ed6e4b","sha256":"cb3029dd86b02812cff0ffc58a9bd669b14aa15675fc113cccc9696d50d532ce","sha512":"9a1f5079f59b6d4f80efb6fe515e38757b299c663c0f5c44e384762150f77143fa30d0bf330ba05912b48edf30cc49b5c97ece2bdc82516b46297886a919dfcd","ssdeep":"","tlshash":"9811215ae48184b401bb30cce43b4710bb232749bc57f1c1fe3b959a2194f46caa5a21","size":1000,"data":"","first_seen":"2026-06-03T10:08:00.342653Z","last_seen":"2026-06-03T10:10:15.281336Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/search-icon.DIGhTt3w.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"6562ae070b30df17151b7741e9b647aa","sha1":"fd2777a192db31cd89a8c797a7e89e9996988d26","sha256":"4662c08aed38a315db3a21e5f50f1ec96c0e005dbffd8075ec2f409deaf37f4e","sha512":"000603cb8e2dcdc027387ffdb3efe5437a3b7521671283a56e2a900da9518e784d3c6d3c88a917409630e3a40954c397c2da5ce83b0552b419881e75d17be189","ssdeep":"","tlshash":"0a01f5be420162cdd035cd2b2d267c41d0b624fb0d7542faead27254ee631d215f9e1c","size":809,"data":"","first_seen":"2026-05-30T07:41:04.713371Z","last_seen":"2026-06-03T10:10:15.289913Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/siteSportBet.M0NnB7ij.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"3f7ba0b277c1653b33c9fed5041d1cd3","sha1":"a739b5c2194078224695959ee12e54938f02ff06","sha256":"0ceb33572c7801b7c7e0cb29b898897f89d585618a471a4fb75135041b202292","sha512":"6979d217ccbbc62371f0514ebf9b47ed3482b760ea725f2532300f496f34e7348926c122e03bb0205215906b546a9d49811e7a6fc9bd9cab09619e02ae159835","ssdeep":"192:ELl1ostNIWItd/WE3F8znkIYPrctVD0fultl+uNUicAZnwlqKc82cxllYNghm2M:yl1osnIWIv/WE3F8zktDcTD0fultl+uV","tlshash":"c0f19472b29e520147c0203c90f907a27734647e24b38cacbfadeec95625a5573b9b3c","size":7684,"data":"","first_seen":"2026-06-03T10:08:00.367045Z","last_seen":"2026-06-03T10:10:15.250396Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useCommon.D_QntRoE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"5493c1a4860df64e243cadb705a7770c","sha1":"a0870e9e7a45254d0ccad953b2ebdf4b4c33c206","sha256":"e221ca6797be9e6c007f4ac0ced862ee762ec1a059cb5ddd9b26b14fc1d8d5ae","sha512":"d90cb962eb5064294ac6d13138faafed20b4703ca851bfaf57678e725cae0fdfec9df8111d9e1f8776dd04259d33c138018a1c18de8b4fd5ba4d6958a412e62d","ssdeep":"","tlshash":"9b1150ae2f583cbd802858ecba5b49124226d6993d28cac0b04e0d19b1ddf40ff75fc6","size":971,"data":"","first_seen":"2026-06-03T10:08:00.258115Z","last_seen":"2026-06-03T10:10:15.225417Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.Dlmy23Tf.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"dc30a2ef09dd5d2b8002ccc215e36679","sha1":"8588f4e11b628ff9fb4b7cb933e34fd1d9334bfc","sha256":"d9ffaf17ec31cf9ee7bbbd1caa0f7b0e1d233d139553eb2811ccde4a693783e7","sha512":"e15ee835f2ba69efa12e9e7b3a8ee14b08fbe8816ee88dd27442736de18681d6f4835202d31b3426ff8467cd3ecffa492c48f3e3e88b0cf35ba72826ae4b16c8","ssdeep":"","tlshash":"e851b366b87d8cb8f2730cdca0214504a2091f4ee1726cd5e83a17ba2c07fa1cbdf428","size":3139,"data":"","first_seen":"2026-06-03T10:08:00.262416Z","last_seen":"2026-06-03T10:10:15.196539Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.BsZB752o.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e8604d2f0813d274bd3446d93c83c89","sha1":"8cf46d6efe89717caa2973d1afc658ac9724ed29","sha256":"7be834f48cec16d4429521ce293dfb57734a315a9a5b9d06b1d041ef047daba9","sha512":"e6c83f1972c5476d5c7597b8c1c511681b0c00ba773a009066a7940e19d928aab3c085e5951d2b87f2b5b80efb4aa96226c80e7e9c7a7ce8d9651aa1eb24a021","ssdeep":"384:wdyk3rE7qrlNEqh7lJcT9O7moHiIIV2E8RSyR:wd53eqrlNEqh7luT9O7HCVKSyR","tlshash":"56421b3c784a95ffb977c4ac61a0940270697b3ecd84d8a6e0af1911999bf3015e87fc","size":12364,"data":"","first_seen":"2026-06-03T10:08:00.250307Z","last_seen":"2026-06-03T10:10:15.21974Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/PersonLoginAbnormalModal.CKMpEKiS.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bda40d0fd8de66a52710a03afeee290","sha1":"03fb60206c080ecb321cd9fa7fd69741b2835cfd","sha256":"1003347f017341aa72030152d643e39a734256e4f8c3d6c427b0eb53fc19375d","sha512":"b27f335af4f1c0aa79568c5fcf82e86a1eb147fa29b2d396f415af04496bb52270d8b46eaca4b7c767d2cb69ee24814c8bc5cc7f7ce3105b8a1ef4c6712be800","ssdeep":"192:+goFIPwhdsWzw4swSfqCDd1ui7FUfk23OvuAacNN+ppwFbeFIV:+tFIPwhmcwlf97FUfk23G1NNdeFU","tlshash":"2832091c313aeb7e3f0b5420b1a86058900c7f9ac518ccd7e9be4c272adaef45685785","size":11275,"data":"","first_seen":"2026-06-03T10:08:00.22659Z","last_seen":"2026-06-03T10:10:15.215988Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.AhYOak5C.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bb612e72d8e9a553d8bf46de37ee436","sha1":"db0e0ba48a744dfdfd2026449ef11c0791af662e","sha256":"6789c389fbe24a09ec748518ed5e9d7f4d4d725b02eb64fd1c755d211743dc77","sha512":"742baade5abcfd9ed1e3668ff9be043327e35eb9ffea08afa09166aec23a63b40ec3fa5768b852461fcedfb515e1dcbd85de7e133b9a253b3db712fb2408db5f","ssdeep":"","tlshash":"9921758a71c1f1710b3f84dce8918631f335b738d7a5cda0ca8e4e1542d1146e5afb59","size":1328,"data":"","first_seen":"2026-06-03T10:08:00.293426Z","last_seen":"2026-06-03T10:10:15.254112Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanelModel.C4YiEeXu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"482346c7e505bc9dfaea505944722467","sha1":"f388d897c5f2e584db653ab80587e67d24f4d004","sha256":"60ca6f22ef272e3ff005fc2b2a79aa89bf0342dc311b0df5af47ebb93de601bf","sha512":"94256dbbe8c8bccd640d883d4824955d158059f6c2bcdc01fb4078f944c492e26b90b05a71f14e610b172472bb8ff8ca7d42b1922ca3261ad792f32ac7609dc1","ssdeep":"","tlshash":"2141b6c9b45acaf566bb0e9ce51944d1f11c3a2d6331f48830dc80232fb5de4957e71a","size":2007,"data":"","first_seen":"2026-06-03T10:08:00.371994Z","last_seen":"2026-06-03T10:10:15.228914Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Suffix.CMk4Eg5a.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"175f5c1a6eeddff21956e4679e01e58a","sha1":"2069d68046243418233194614a92e88caf5da494","sha256":"1677379cf1e9ea50031a11426d9932d42919a71bd5f0295f2007ac696113a0bd","sha512":"1d32ab2084291e0b02d096b7d5f08bd13fb675d28efcfb6c8ee2eb0386281c77fb49fbb0a8409ba1b504bed6b56c9b2a3fc710c21dae75227cbc1ed9a898f8f2","ssdeep":"384:+ceFTiztWg8ERLcg7bgwM8AQDM/c3siKHQwoRf:3eFuhWg8ERLcZ8AQDM/c3/KSf","tlshash":"45423a8d2c1bc3b80527929cb2dd0e08b91a6677edc09c45d8d7ab61609bdc9913eff0","size":12318,"data":"","first_seen":"2026-06-03T10:08:00.204444Z","last_seen":"2026-06-03T10:10:15.215193Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Forward.ga7cWF6g.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"66025a59aa79714fb60ef4beef3cba75","sha1":"06feb26c010acd54106563175724b1962e87a0b8","sha256":"fb874aaa4505217ade42576757fe17c65f8c3a727c08297455302a1b4dd2fbce","sha512":"aebf568d2c6a6c2418b377e70b55006e6a17401199f886ec927f68ac009f69ffeb7f29f5dc108d83d95c137c601441de54e2f0d574831ce09af762d5dde205b0","ssdeep":"","tlshash":"a75184eeb3919bf9f209cfa8e17d6c9739bf38f27468001686464404675d498942f6b0","size":2772,"data":"","first_seen":"2026-06-03T10:08:00.30125Z","last_seen":"2026-06-03T10:10:15.264624Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d6366a9502c8bfef53f566a44050709","sha1":"6ff545c27b066f2966df98a8452d19e8c379d984","sha256":"067ba6cca628899ae0bc1b8690e8f01b0411399abba4dcd1b916e8cf473cd68a","sha512":"aa793552a7edff43dc953ba414f2d7a5a5c58dd987a7e563ebd6c15fed39f79fa62abd530bce639032d535269d66ea21f4cf0d28498aaea1671d976e0ccf67f6","ssdeep":"96:jRhml712d6JEw0daFkQr+aOqF9lvmy9Y3YWDflectiP:F4lYdUkQr+nqF9le24YW5eH","tlshash":"80d1ea025684fffb89f28e787f5e0a34c4f1c675027185eadbad0c3855e6096637e542","size":6221,"data":"","first_seen":"2026-06-03T10:08:00.218923Z","last_seen":"2026-06-03T10:10:15.16213Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/siteRewardModal.Dvn9HFxM.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"45f51df14995e0c2c545dba7e1787e5e","sha1":"3cff7cb9d0f4320c1d831598f498f29f800f10a2","sha256":"3e425fb90b828790aa7b282018db0137e5211e7bfbd5388380522ed76b7f4399","sha512":"f3db114d5670332871bb623d88a90558931300d2cbf34a96b0baf25b63dc51e07c727dbd58d8b451098f687d5addc72dfa4b0ebe5202f197137fbcee38106fef","ssdeep":"","tlshash":"97017647e84934b914b766b27455690203a8b93a949a022c39b538db16cc885f2f9f30","size":698,"data":"","first_seen":"2026-06-03T10:08:00.158864Z","last_seen":"2026-06-03T10:10:15.207896Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Eye.DAta3D2Y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"7a41733bb7e2a671bebaf477565a5ba0","sha1":"7c5cb53d55f1ce3e19afd74bfa0a1b80accba0c2","sha256":"e57ddecd0f8d6b8c6543abc18f9ed5a15970c3f59b9be7f39d059522a4cf7205","sha512":"019c7956ae0341ba5d4682c9beb35e35a7b1819e7c949991f9800f48b7c3228fd41f15642d448fd0af57a3428b5335bced9bc440720fe731da08820ed8a8744c","ssdeep":"","tlshash":"66f0ac0da3a5193c402d099c5b987515ae7b02b877194344cac99430f2264c1b1bbbda","size":612,"data":"","first_seen":"2026-06-03T10:08:00.350655Z","last_seen":"2026-06-03T10:10:15.192897Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useDict.9D1mHm0R.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"8a84adff40cfe7385ad18b59a3dadb82","sha1":"42f33bf69f33e90913ef497929d22aef2315207f","sha256":"a87e9d5e1156c19593cd10f1f7f9e76a4ab781a2ff0d41699fa617bb6dbb355c","sha512":"53c4ab0d4d5e7fcc4a25357bf8a5633723f4f38140f2e7aa9ed4ef6bb8ffc20d22db12ec0a9d66d8fa965341751290ce942f60f3656b7e35ab3304bbdbe72ff8","ssdeep":"","tlshash":"f7e07dcc385d34e8430f0cbd5a201152876567b2f12dc4d0d0fdad47619e542e83fb12","size":325,"data":"","first_seen":"2026-06-03T10:08:00.318519Z","last_seen":"2026-06-03T10:10:15.19438Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CoeJr0-4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e35c0e3b97bbfe2ee696e330a044ab19","sha1":"3e42d190a4b6e4a67664242f935ac34cb0de7957","sha256":"f5dabf5b486fff3350266ee6442e4097fb2b143371db08623c2a8b5bfa9eedd8","sha512":"91a6328422b108744a5d8eb5bb36b327a3b3ef6799efbf5ff0d7cc07ae991c9e9d91e310ecab4becfbee8a6a07b0f40249d5e51bc68594740c036e8a88d578ca","ssdeep":"","tlshash":"8831b4ae302ad6f8f71b08a0e0d54407861c7bac823afa8de7b905282f81554514e73a","size":1713,"data":"","first_seen":"2026-06-03T10:08:00.23843Z","last_seen":"2026-06-03T10:10:15.209787Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/phoneStatus.DsDFSgt-.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"2997acb0f5b00fa084de4c86f5f1a50a","sha1":"e26cd0bc1c157bfdc967a139a61be2d9d5a3bfd3","sha256":"222abccb18585aba8f7364366337fb1715481cb11d99ae7f599f798a482c8c60","sha512":"371f7197e6179185248aa14ee3179df77f06c86ec4294717f0af612919f9515173fe6c48fd82c2aa5f328e43a3becdaad2e4a0e07cb5edc470255e9eb4d89eeb","ssdeep":"","tlshash":"c6d022eedddab0f0c20050926020813db0060ab5b83cc2cab0fc0c319e1b084f3baf15","size":210,"data":"","first_seen":"2026-05-30T07:41:04.65147Z","last_seen":"2026-06-03T10:10:15.185327Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Carousel.BJUclzFq.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"9002f23645674efc865330cb10a48066","sha1":"faa8ebecf633dc3c89723af987664eb8fdcc8b09","sha256":"7b7a0d9f2f4c3701f8b9231dc2551f29f9591f889aaab5586d31c0d2c4b3b085","sha512":"b67b0d9205e3538383def23903a8397ba32490e2a6c611bbf16026002701af0f162cb622343d71ee36734adf99c594691fa9a316425473de0cec5349263a9e63","ssdeep":"384:m/RNjBDzqq9IRceNE0jNVX5ukNVXzJEzKqJKXGI2R7krmMeGL8w3duaf8/RsWMtq:mHUxxnzGIs7kCMrLF3d2/RsWMtDFc4+","tlshash":"c89219a07585b028a7a349c4c1e7440b33395fa3f406e4f4f07b61962965a6c92bfbfd","size":20975,"data":"","first_seen":"2026-06-03T10:08:00.153787Z","last_seen":"2026-06-03T10:10:15.270582Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Dropdown.DcSQHj7m.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"b5cf50596de60d21378bcc1af63ed593","sha1":"a9b5726140d45d07b5f9d845309a7f2fe4b60a21","sha256":"a2280ad5cb3eeb58f2dbd8e9057ab83bc4488f7d6423c71cb409743c097125eb","sha512":"54f20ffba86b5f0b089cbb29670ac0e75371a34728670afeb79598fe34591aaaadcd337484c788e8b7bd98b05c27de9b3d7b45d86738ba4192ddecd98feb32ed","ssdeep":"384:eWFv8NYZShHwGlXmcxDsw547ipXVEizjSBp8ux27w:/B8NuShH5XxnV1zjSBp8ux27w","tlshash":"7682e794f44ce5609ae389d8d29a8109b2172b82ee15c2f2f07a1de513d5374e29ff2d","size":19072,"data":"","first_seen":"2026-06-03T10:08:00.194149Z","last_seen":"2026-06-03T10:10:15.203372Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.kRkdNn81.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d9f05f1d2a2202bf7cac3911fed3ea08","sha1":"c62c27d7ba8a6842751248cfca7af39306c060d8","sha256":"a2234d551e2596ff468c75d062f7b4602bcc52a667d92987072dfa07560b5328","sha512":"687dc2337f0d3b269909bafe8ebdafdd05993d415a0f0f23117dcd0bc8cb0f4902dcde4eb2046db749440bc2cc304fa7bc55f62c3ae0c30f3e510a5a594fb7ab","ssdeep":"768:ehkIBTn/6PXbJkhABfvE7GQyk33NMQdSyZefMAPrmps3PX5W5qRqX6YLQzy:UkkWJY7NtdZqMAbfX0M2","tlshash":"c7e2495db0116a7ee37bd4d160391088a1282fade82088d7f97f4d3127c9ea427ed769","size":33835,"data":"","first_seen":"2026-06-03T10:08:00.14834Z","last_seen":"2026-06-03T10:10:15.195783Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Select.Dr8_3GoA.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"50d0d2c918219970a98ad9fb13b760a1","sha1":"c19316259cd9bf786774afbebfbbc0bb8f406188","sha256":"568fdf51af50bc198f1724d5d39e2ca7f641e276121e61f4dfbd75ec9f942fc0","sha512":"3207bcea11a877f5a3e9dec480f7cba87d083803e4cacc698a67a352f96305cf20dd9f0b3d9d7e6fca90447f62fc602f02cb643b94652f18da1c2bc3fef16c8d","ssdeep":"1536:wUotoJ1eQYe9XP76Hh1fAkq3JXaJDgK9fxBd6/y21ZUsQAGBi+g8eGYZ:wUotobJz9PeB3q3JXaJDgK9fxBd6/RUm","tlshash":"c2734aa4b90cb0b255f7c9fcc09f0149b3213b51b900d1e4f97699a12aa5778f267f3a","size":78173,"data":"","first_seen":"2026-06-03T10:08:00.211463Z","last_seen":"2026-06-03T10:10:15.183148Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Skeleton.Bm44yorC.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"dc5837a66b83d5911fb1e1e7b6c2ab4d","sha1":"4c306d9eb85c7daaef919a896fc2fe90857868dc","sha256":"fc0085ce71076b8ba9ca99d83d34492e7fb05ea815b578930cbfe66511638a66","sha512":"c836c1929344219d12b1fe695d79c3bdca14ad57dc4bb952e42adee9228b9d959c1a63d2832c6cb345ae14949ff2708c5b00dbd6084796aa63d2d50efc8443ec","ssdeep":"","tlshash":"af51656cf2dda8f729d3c8ff62aa075410293595ae70d291f1b738a276013339761f22","size":2468,"data":"","first_seen":"2026-06-03T10:08:00.380247Z","last_seen":"2026-06-03T10:10:15.258069Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B3sdte1J.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88cb6baf9215a8bdbec690f1b49d1ba5","sha1":"9d031f825d87327b8cfea933cac3427d0425b732","sha256":"3c6524ba93fac96d24da0fb6c1ec4030a94879b78c33b68241dd2b13dbd70c2b","sha512":"db75ca089c2d474ceaf7996583aa509c1a80084a3f3bcd7df6cab2537e110d723601e9e878e6414f3f5391b62e92cb508d6beb37fadb9f5a6a3fd520c52a9488","ssdeep":"","tlshash":"e231762fb4be9bfc725b082891950886362d3f9ee271d094c0f90d160ad6de0db6b138","size":1764,"data":"","first_seen":"2026-06-03T10:08:00.163767Z","last_seen":"2026-06-03T10:10:15.285224Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useRewardModal.xxp8-ci0.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"022a307c1723df6e434f0b67002d0bc0","sha1":"687413f8ae416fa802229e063ab2b68e22038406","sha256":"f7eab77dab1b0172cdb65650a223df93722e032dd211ac4dd48c97adea4bdeed","sha512":"49f9dbd5881c084a918757aef45295dc6990132601c11e2ff4ae434dc314e428aa4d8d63a63db7415597391f6e81a6d646434dd5752885a54b88be2a102ef52d","ssdeep":"","tlshash":"5fe0c0a7e0ca5af9242f198ba135007941d8149971cb8e84535c09d60b2d3d2f02bb03","size":364,"data":"","first_seen":"2026-06-03T10:08:00.221396Z","last_seen":"2026-06-03T10:10:15.16859Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/GoldCoinSign.BYa_nPjb.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"cb08cf8a40d19275c18edfa6b0f0acd8","sha1":"6f9d27d62b7d1e90cb2123354045354a081f7348","sha256":"bfbf09f8182f9ce343120ad3c01a49f92463a52c822506daf1d3632a65a69e57","sha512":"e17d73c7516405be009dd4b5b16fd4f762523e9804ae1ebe889728f3308e170b75e0d2d83f05a236ec799eab4fb77b8a2bbcff3facc38eaceb54c7ecef38b7c4","ssdeep":"","tlshash":"578196977076a5f879a75c44605480a7a20cbfeac0a4c01964fe082a3b86ca5978d73b","size":4060,"data":"","first_seen":"2026-06-03T10:08:00.235665Z","last_seen":"2026-06-03T10:10:15.238171Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RadioGroup.oTFPCem3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"559191607e43e4fce28f1158599b41fa","sha1":"bd16204dfc4cd74064a040d6b5326613c1a2ebe3","sha256":"847dc8faf5ed69051093390f09b755b46da41431104f942cd79b254ea141d623","sha512":"0118258fd68a93492eee280d77abd38a95f62347fa11d892586df6ab3c1ba38f161de599a7833df3a87d58624dd55e66b8a54aec902a4d5727cf2fe11ba40de6","ssdeep":"192:nMyN7jgkf0ip1p9EZ8ND6DQnbAlpGBoefsJME1e:JCiNDFnbA+oefsJ3e","tlshash":"ce32d7f9be09a1783eb3c694938f414a33057952eb11d4e0f4a3b05012eafb9959bf15","size":11808,"data":"","first_seen":"2026-06-03T10:08:00.269139Z","last_seen":"2026-06-03T10:10:15.303591Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.KwvdZ0jF.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"be24128644c921313b613655b0e5234b","sha1":"6757f63622e6a3e9fe5c69e3bbae30b62df8e4ac","sha256":"c75a28b76f399692275471216adbabf36c5b7bfafa8d56608fa7f7f079af856e","sha512":"f5a1a912cc8ab92e585aa6c15ee9bafe5e64a989ff58a03213f487699862c212dc3d06219e758d592410141b47c732beda5cd22ad730628e1c18e83926e67dce","ssdeep":"384:s4/30e4n4WQlTJV6qQThZzGmd5U4bAczwgI:sfn4lV6BTmq3zwd","tlshash":"ad626d0f310b567e677189af82724c00a1218fda84518ee7e4ff4b181613ddeab8d71e","size":15911,"data":"","first_seen":"2026-06-03T10:08:00.337989Z","last_seen":"2026-06-03T10:10:15.184289Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CwYXShdD.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"367f9a58f16b1a1481024f0f9e7c19da","sha1":"674e8755d605777a1a8692a45951a287799b1a3d","sha256":"135fbbf4bae97ce26766ce007b914d22207e0c8aebfb471a5ab7227eb60cb04f","sha512":"2aab6fde453e065c553252ad4668106cb2f6ac505e6ead1f4df00c71eb9610dc69a77cde019c78671432f1764b12400f6c98a5c4be4f194c3c5652477631a4ba","ssdeep":"24576:xgXNz4+zELIvji/OSsJDy2UbGyiwGyi0BC:xgXl4+zELIvji/OSsJDy2UbGyiwGyi0A","tlshash":"42457dfc715634ea47b7d4e9002b1806fd353a53b80ec0d4f16999aa3db0a19d6f6b38","size":1215183,"data":"","first_seen":"2026-06-03T10:08:00.431002Z","last_seen":"2026-06-03T10:10:15.340209Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.R8q4lxdc.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b76e1dcff03d28b936e859cd60def99","sha1":"052820cff23a682b16912d2393f1f8a23394734d","sha256":"20bc75e70c30fdd43e5dbf82c21b7a62f4350d150d38b8918ed97cc4c1d31878","sha512":"cc0a06d52b8a2018b9eaea609ad48c4dbba4c30f4a0f1960fc04bc3a45ddc02d1211682c1dc38bbfbb4239812c749bd3f0892c7fb75a284edd7e6be1e0246cdb","ssdeep":"","tlshash":"6f41a7e7ec5d897959738814b0d10c51691e3f47d03c5d5794b9fcb963e6c307a0e4a0","size":2424,"data":"","first_seen":"2026-06-03T10:08:00.240008Z","last_seen":"2026-06-03T10:10:15.276874Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.MPAVG_kC.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f32bbf2a69d433ad9cd2ae4339c619b","sha1":"616f4266c99a85ada8b610a0f48939c759ce78ca","sha256":"cae1dbaaadd07bfbe3f773044497dd8b8eb84d580551fc57b9ab0bfc5543deab","sha512":"a43c7f68218242ceea3141fd6f3f82e167cbce2e8e2aa7a7a6998c04e6c88382b21f02b38bd1d83e2c2e873bcea8cce11513b9aa49ce109bdd80e6335fb4909d","ssdeep":"","tlshash":"386109b3b84fec710d630c38a41548425c08afdf81786a0de9b9b5391fac9a0d96c3b8","size":3377,"data":"","first_seen":"2026-06-03T10:08:00.213647Z","last_seen":"2026-06-03T10:10:15.291991Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanel.BYNKc3TQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"5460be6a3c756ab9cbf46f5969331adf","sha1":"858be4019e9ec9f6de6aaf7759f457779950c4ef","sha256":"7d2a3c67a89fd70e1d0cbe32a7bc516029f1cb5f121c5f2672bb1d9189f94d5c","sha512":"631d06c2e35d987dcee189cb42bde265a2832cee063c88c179690a250e0e853aae8fe4e8a37a8ff504440d5740f9fa2190d1559a9ffea604810aa8b74f697792","ssdeep":"192:Ta7FrVAkPRTVQFUR4NXsby7yB3bex4QTaC2w/6AR9M4Bs:O7FrukPvQK4yTpe2QWCT/6ARWCs","tlshash":"7de19ec9f9468437089726cb25e5504cdd0df66f827e5ed4f1158ab02bb2c39fb5220e","size":6853,"data":"","first_seen":"2026-06-03T10:08:00.254914Z","last_seen":"2026-06-03T10:10:15.193654Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_script_setup_true_lang.COuUBNGy.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"1171a8990d5ae877e7e3a826d4a47830","sha1":"a137dbe5f774e58073b8fe1d46b9750074518be2","sha256":"c2b43469a403228c431bfc3bdfc424d84c86a92d43278fe7cce7313e2b6494ac","sha512":"8f109bf85917de8033e6fe7099fdce59723000e5f99e1ce30a929c2bcd3a78560652a49810882ee50e4512e41ae99c92e03d20b3e66cc4874f5b50852d237164","ssdeep":"","tlshash":"9721338b3ca810bcc3730d08a1a259d92525475ca275d8e5343a542a13e7c807bca167","size":1185,"data":"","first_seen":"2026-06-03T10:08:00.331924Z","last_seen":"2026-06-03T10:10:15.2436Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/time.DPzcqdzh.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"ed885594f6867e172d10f254643d21c5","sha1":"ac4b7d4543e9058a1e9889cd8dda741d7e285641","sha256":"adb2b1ade6971ca9cf4054a99469856caebd9fab6bbcb47b98bb5430618ca3e2","sha512":"8289ec1a0a9598d2dcc7c203e8a0e5ace05b174a6ede3f7d98e47c88a1185700037beb0de0a945f1100b917a17e37a078a53c9e00c5c2c9e49c30b14f3f4f5cb","ssdeep":"","tlshash":"5b1121c12469a026f52702ecd0f883a22525da30bd266a54ff3f4a26327b4c7881ff94","size":1005,"data":"","first_seen":"2026-06-03T10:08:00.259513Z","last_seen":"2026-06-03T10:10:15.261806Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/_createCompounder.CzkBocFs.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"1341129e5f863be771961b74e6931d81","sha1":"2eb72b7c8f4e616bfab303fc60b779efa06e85ae","sha256":"fbf9f355f629ae10949aa34a029b73f74030e6aa444449f38f939a32c066d449","sha512":"75ad66f52a6826487cd89e6ad4bac4cf648969ff561382932c5b723dd730d815fed94c674f0c3e44df212aefdd976bfd1107d410fd41458832f76f57f1e04eae","ssdeep":"","tlshash":"e461524968a7b548630870400aba0c89c3b91f7771e5e2dde3b6ec853e75f2852d5b26","size":3369,"data":"","first_seen":"2026-06-03T10:08:00.349378Z","last_seen":"2026-06-03T10:10:15.239906Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.D2vAGpDU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"71864188a858f6cbef6a86f1d87adddb","sha1":"e6118e55f8d8d490af9b1b9f5c8be0509d3a20f5","sha256":"8cc8fd55c57ae78d83efd81c76817bdb6b58273d51d106565b332e1cb17abad2","sha512":"dc780eeb11f8f269ee769fce969c6d382c615169b2c30fe087d08998fccae59664b0e61396936606bd7f79f6345a82ccccb4c562247b1904628368210f75e941","ssdeep":"","tlshash":"d621b946f25eb6b24c3d80fc9058ee67a3326414f26598b5d96d1d1fc149043f46fb72","size":1138,"data":"","first_seen":"2026-06-03T10:08:00.245389Z","last_seen":"2026-06-03T10:10:15.234742Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.q3BCKoP_.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b9c70ae2a779f47e1e17b3b722bcb27","sha1":"953289865385b1cdaf82f6b6ac34869b7686cf39","sha256":"59df9ace3ca143529343d10ba3f16cd7d9715758a5bbc061708ceb1aea983883","sha512":"ee54aea4fe6d597abcf2c686f9e251e073e634a829b880c5100a63bae083a8cdf6566c0c2eb751e8016529abd0033f97da8c6a02e7ac04cd19799adb17548de0","ssdeep":"","tlshash":"d161d69c5007867de43b9814210898e5e144bbe9db20d888a4ed40252bf7df9af7c3fc","size":3242,"data":"","first_seen":"2026-06-03T10:08:00.292784Z","last_seen":"2026-06-03T10:10:15.311979Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Pagination.CIqUoics.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"3f3a40f8f43b96bdd6c618477bc82abf","sha1":"7424aca996162a683cf0ec679ac8ae09dab69dd2","sha256":"e34c7f97b44213d2a44a56fba1f284456197efb9d35811dfaff76ee852ec6b62","sha512":"6d0100488d42d3d558521831efbdb6ea6c857749d73bb38ebfb5542c785c22f7f41d76226f85a4ed783bf1938455c2a61a156cffce8098f678c912d0f3e2f473","ssdeep":"384:8jhLpRBaR2IjWDfXQVJkTwmdNbe97RhKw4bBEBpCw4fRJSZw/XOns1GSqMf3BljQ:8jhLsSDfXQVJMwmnbIVhQbBErCw4fRJI","tlshash":"20a20984f40d607127f3dd38c86f0a26b2497e43e504d1e475b24aa417ceb7ca6aab36","size":21879,"data":"","first_seen":"2026-06-03T10:08:00.324289Z","last_seen":"2026-06-03T10:10:15.256615Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.0EyuehjK.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"8a459e7b44ba7033e5ba32ea08da0957","sha1":"1b639250f90dfb735b1bfbe1a6a3b86be8e3abe8","sha256":"fc0368a8ba0a0b7be8e928b56b1480ee7c28fc7ef957b5d6ee76a8ad63893f7e","sha512":"25114c0926e19075663c14f466a09d07fb39e1346e4aa91d6ebc8bf2a64776a5533a27680d8ba37a0680ebd40b0f02c8fc2fc708b0c30b337c578496edde241c","ssdeep":"","tlshash":"d031760a2929ab7f77178814f4813182604cbf66d023ccb6d2b115326bdb9f0975e727","size":1803,"data":"","first_seen":"2026-06-03T10:08:00.28642Z","last_seen":"2026-06-03T10:10:15.247051Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/happens-in.CM8LO42l.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"ae5e36995975e9ae7fe7a49f90f3d3ad","sha1":"d82f171350e16337a124596299c9d353a0b49065","sha256":"5a0159f90797b41d0637eadcf60531832dcc28b88a27a240c148b9d15f90ae84","sha512":"27eeada3244476126e3805c47fea7b3fe8f44017acf936a4446a2a2cf0de8f98a105ed0b7a47f3849458cb428bcf1ec3b8181a9f8cbdec60dbdf210b1d91f50a","ssdeep":"","tlshash":"2bb02bd533cb40b2c8ce432c882e404471003f0c01084110612920346f258927c51c3f","size":129,"data":"","first_seen":"2024-03-17T14:00:22Z","last_seen":"2026-06-03T10:10:15.204851Z","times_seen":86,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/league6-active.DwN5Un0P.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"9149d402b8230b07b8612021a9e5d4e9","sha1":"2201e57b5c86a5de72f1ed8e103b4f073a20ab45","sha256":"c880de829fd6084dd559f2bacb0eed10bc176ce13effe5c769fbea32ec35bba6","sha512":"22ccc9dae00331b28291c5326bbfd367ce289011f8ad36aaf8d6fc18bd3e9d1de5c68df22675e1258ce3bb7267d938655171c19c85ca89cad88b26327534f6c4","ssdeep":"6144:Huwe8RN5x+OyJJUK3oa8TFddcOit/EZbN3UOvuF4JPE:Ozo5YVSK3oXm1EZbN3UOvuSPE","tlshash":"b2642a9839d2cb3acc40b8d973d011a22d8e0fbeb7a800749971797f5b717c39da55a8","size":327289,"data":"","first_seen":"2026-06-03T10:08:00.322616Z","last_seen":"2026-06-03T10:10:15.341095Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.DPxJ3BEe.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"06477a4841ca8296876293d3a28e4436","sha1":"1ba8abe244f59f8ec2cb947989d0a61772968827","sha256":"e1a82623bc6ce543a6263652b235920bd911a6a9ba267516ee618dadb65243d4","sha512":"12abcc690fb80efbd266bd58be0b8b402b09b37cee0094de1338ffaebc1756269365b87d33c7998e515e7d53ee85eb4a8fc8e4190514a87663411ffc2c728dac","ssdeep":"","tlshash":"4b51c7052813d6fa7efb4510512e5346c1083f28e42ec455a2fe48067bcb4b6f39e764","size":2788,"data":"","first_seen":"2026-06-03T10:08:00.133509Z","last_seen":"2026-06-03T10:10:15.208882Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/use-notification.DYrhVCjW.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"eabe1025f70117ddc48bf99984d1524c","sha1":"1ff9ebe88648e95a4cf197ee99563d4d968aff6e","sha256":"8bec9a27838de0a2f553266883fd92ab09cf8931822343f8f31efb7bef1b07b4","sha512":"df2eb7999d4dd6de283289d0afec9fe084369212d61288e776fdab890de120b12647e0019a340867b2befda3d82a2b110caf9cc2bdfc7a3985a44e89ec9abc6e","ssdeep":"","tlshash":"a6c0228f308132b01b8305bb712a08ce42374a283a6416f0014f0534a351270e30fc4b","size":189,"data":"","first_seen":"2026-06-03T10:08:00.302957Z","last_seen":"2026-06-03T10:10:15.289102Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/chatShare.CI7ZQNfd.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"8c484fa33aae9aa4caa73758c9fc5d4b","sha1":"b107f8624668440b31cc867a1630184d40145f63","sha256":"3a0da513cfde0cf206dafaa07d44b468fb74ee08c82dbab0da48872611e031c3","sha512":"db3dafe9a977c62df92588e4ebba1d81943d9282d582cbfe45586c29187a8e53ec45e707b5830bccde22758e65b180185491a9ecb45f7f109e2ead7dc77ea742","ssdeep":"","tlshash":"a711ddd6b1c639a28761145e90704666f2245d1539ad83f0f23e95733d2b81382fbe5d","size":1093,"data":"","first_seen":"2026-05-30T07:41:04.668588Z","last_seen":"2026-06-03T10:10:15.325044Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/FormItem.DIgziqJr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"d5c98d723484efdf2520dca314dd8f2b","sha1":"1cdc1f81488e1de0a52e95c825c1cb6bc0237dc0","sha256":"477f407a2cd942554c90b6b49b6afa50e9d5e0825c10bc7dcff1ba2f0755c9bf","sha512":"97338a9a56d1018dad7426f94a0f0e87fabb772ec53c082a7027f37b5bdf63e67352f9be9f307cbc7178d267691d19501588b12f3c3351207e135b97d956280c","ssdeep":"768:ET7Tn8smVruvwmjjlRhZQSnYev6eCme8edeCWeC8eCqeCLe52eCmeC4evDesmoeU:NsPWQNoYJF3tK9W/rK0Tg","tlshash":"ebe2f9c876d8b45887e350e1a06b9017f22bb940982ee4c1f76f98f217f4a5c5762b3d","size":33773,"data":"","first_seen":"2026-06-03T10:08:00.409712Z","last_seen":"2026-06-03T10:10:15.244271Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Drawer.DmytjcuK.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"30bc869957aff340d6c9d28c2d5b6a86","sha1":"7abdd99b44ca510bf171ccbfcd0d130a576b7915","sha256":"533298f8c0a50e765713adbae71e3057daa81010d789d09d48ced7a2c0e7c88e","sha512":"c1f41b0534307507cc5a60cba328f66d50fc2ed29857214bf7e7ece7358ef594c8e9097530247740eb37b10b1d62d0d5d255623122b9c184d16e88e7ec6674d2","ssdeep":"192:BES4bF4ctw0bXOqeGSV7mci+arsRvXLoRxN+mNLaVatpvmEDbwlbTol4GRJCCkDh:X8Fm0rBv29i+3ZXRQUlbG4GQsbjc","tlshash":"1162e764fe19b07425b7c2e9c0de5b68117c97d2e72ac8e8f172346b11c22b85217fe6","size":15093,"data":"","first_seen":"2026-06-03T10:08:00.304289Z","last_seen":"2026-06-03T10:10:15.177966Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/master/f/dict/getDict","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/master/f/dict/getDict HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/json\r\ncontent-length: 8058\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38109,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (33447), with no line terminators","md5":"abf633d87a1e65f79ba86c79d67954d7","sha1":"1b3ee8e899fcbca05f4a178171ddb22cd241dab5","sha256":"634f2f3611baa3319b463c6bf9682b7559cfedaee9a7c017174f9938a01f5e0f","sha512":"2a1cdb8a72f9f4b5dcb6525565fb4464985bf8c7dc5106dc440feadb561cac54fb49b63c09d1ca253c479c4394a7ee4862b275b5255ecab477122642371b92e1","ssdeep":"384:ThDG0flhIv6THpfxqvJwGMJ9eNkrdMxrcwkaLVSHc+A:nIsf8hwG+dM9cwlEc+A","tlshash":"a303979eb1cabcfe2493ad81a98314ca704520cef8fc9fc562d7dddd6d888460427da1","first_seen":"2026-05-30T07:41:04.719392Z","last_seen":"2026-06-03T10:10:15.268794Z","times_seen":8,"resource_available":false,"data":null}},"time_used":794,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":793,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B3sdte1J.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.B3sdte1J.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-6e4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1764,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1699)","md5":"88cb6baf9215a8bdbec690f1b49d1ba5","sha1":"9d031f825d87327b8cfea933cac3427d0425b732","sha256":"3c6524ba93fac96d24da0fb6c1ec4030a94879b78c33b68241dd2b13dbd70c2b","sha512":"db75ca089c2d474ceaf7996583aa509c1a80084a3f3bcd7df6cab2537e110d723601e9e878e6414f3f5391b62e92cb508d6beb37fadb9f5a6a3fd520c52a9488","ssdeep":"","tlshash":"e231762fb4be9bfc725b082891950886362d3f9ee271d094c0f90d160ad6de0db6b138","first_seen":"2026-06-03T10:08:00.163767Z","last_seen":"2026-06-03T10:10:15.285224Z","times_seen":4,"resource_available":true,"data":null}},"time_used":644,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":644,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.D2vAGpDU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.D2vAGpDU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-472\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1138,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1125)","md5":"71864188a858f6cbef6a86f1d87adddb","sha1":"e6118e55f8d8d490af9b1b9f5c8be0509d3a20f5","sha256":"8cc8fd55c57ae78d83efd81c76817bdb6b58273d51d106565b332e1cb17abad2","sha512":"dc780eeb11f8f269ee769fce969c6d382c615169b2c30fe087d08998fccae59664b0e61396936606bd7f79f6345a82ccccb4c562247b1904628368210f75e941","ssdeep":"","tlshash":"d621b946f25eb6b24c3d80fc9058ee67a3326414f26598b5d96d1d1fc149043f46fb72","first_seen":"2026-06-03T10:08:00.245389Z","last_seen":"2026-06-03T10:10:15.234742Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1027,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1027,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CoeJr0-4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.CoeJr0-4.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-6b1\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1713,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1688)","md5":"e35c0e3b97bbfe2ee696e330a044ab19","sha1":"3e42d190a4b6e4a67664242f935ac34cb0de7957","sha256":"f5dabf5b486fff3350266ee6442e4097fb2b143371db08623c2a8b5bfa9eedd8","sha512":"91a6328422b108744a5d8eb5bb36b327a3b3ef6799efbf5ff0d7cc07ae991c9e9d91e310ecab4becfbee8a6a07b0f40249d5e51bc68594740c036e8a88d578ca","ssdeep":"","tlshash":"8831b4ae302ad6f8f71b08a0e0d54407861c7bac823afa8de7b905282f81554514e73a","first_seen":"2026-06-03T10:08:00.23843Z","last_seen":"2026-06-03T10:10:15.209787Z","times_seen":4,"resource_available":true,"data":null}},"time_used":851,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":851,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/eSports.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/eSports.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 7705\r\nlast-modified: Fri, 31 Oct 2025 06:57:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 8f5Ga6_b9PewpHauIY_6Vcg88hbvFDhd\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 08:57:30 GMT\r\netag: \"13ef194d3222cc9862df8d675f00016f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: H4fAAL9lB3e04DX2DfZc8kHVcXX8lAay4el47K7aZU4XiFMLuiO9Yg==\r\nage: 4287\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":7705,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"13ef194d3222cc9862df8d675f00016f","sha1":"acd26ea2aabd4efbffec6092c0fc0637398030cd","sha256":"a3e732892d0d64f36f2207e453deceeef54eca7d3d7cf557874256ec8c57ba2f","sha512":"1aeca20acaf899c94ff04f015dd5d05cc236cd9137f827406d73f5f84f2c71752c83d762f8921af1716f721e4c0981eecc83cb45a8f3cf86996c976176e83350","ssdeep":"192:WSiIde6Q1WbkrgAo6RQsH1KVvTkFLm47Cm4dDAwNiQKHCTY7nLwJ:5tde6gW+gAwsHArkFLP7wRAwNYHCTSLI","tlshash":"6af1afe45d69b73a3aa874a67640419a0f6cbc5c247c720fdf3c7ad1d9640a630ed9a0","first_seen":"2026-05-30T07:41:04.730309Z","last_seen":"2026-06-03T10:10:15.218244Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/download-icon.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/download-icon.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 160824\r\nlast-modified: Thu, 27 Nov 2025 07:50:02 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: UkjYisdUFOjtYCmRmzU6E7Zr1fXYm_Jf\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:07:17 GMT\r\netag: \"4ff046dfc19389a1ba22fc7e62ef1d2d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: FwkwZW3wxlV1YJGFBxUVmsWod3pVmEdWentLuy_MN8pEHKXl-iZ6rQ==\r\nage: 4543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":160824,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 540 x 432, 8-bit/color RGBA, non-interlaced","md5":"4ff046dfc19389a1ba22fc7e62ef1d2d","sha1":"b162234dddef66536083082d08bf85b57c75104f","sha256":"fa1e0aaf146270fb5a90bc2ee852fb900620df69bbd0178ad891e00bca13d01b","sha512":"db05faa994f21e2f970f8c8a812c350e0a9991a08043fbec3528e118508585962c25fd608264163fac98ab361eb9ca45b50530cc94bbb1f572c9f1008d36876c","ssdeep":"3072:qrS1mNb6SKUmpEfC/GHRGekGwLPErCRGysTbXkJxO4ojukORdlpLtTeR+k4dDy:d1mNbPK9pvGH4HiTbUJguNRpLst","tlshash":"16f32346ec37b5f8a9fc2b6a3b64c0441f4d4d1a138f42e750bd4e3b1e8260239f9a65","first_seen":"2026-06-03T02:50:08.031588Z","last_seen":"2026-06-03T10:10:15.315202Z","times_seen":6,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":103,"dns":1,"connect":1,"send":0,"wait":4,"receive":20,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.q3BCKoP_.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.q3BCKoP_.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-caa\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3242,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3237)","md5":"4b9c70ae2a779f47e1e17b3b722bcb27","sha1":"953289865385b1cdaf82f6b6ac34869b7686cf39","sha256":"59df9ace3ca143529343d10ba3f16cd7d9715758a5bbc061708ceb1aea983883","sha512":"ee54aea4fe6d597abcf2c686f9e251e073e634a829b880c5100a63bae083a8cdf6566c0c2eb751e8016529abd0033f97da8c6a02e7ac04cd19799adb17548de0","ssdeep":"","tlshash":"d161d69c5007867de43b9814210898e5e144bbe9db20d888a4ed40252bf7df9af7c3fc","first_seen":"2026-06-03T10:08:00.292784Z","last_seen":"2026-06-03T10:10:15.311979Z","times_seen":4,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/FormItem.DIgziqJr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/FormItem.DIgziqJr.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-83ed\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33773,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12048)","md5":"d5c98d723484efdf2520dca314dd8f2b","sha1":"1cdc1f81488e1de0a52e95c825c1cb6bc0237dc0","sha256":"477f407a2cd942554c90b6b49b6afa50e9d5e0825c10bc7dcff1ba2f0755c9bf","sha512":"97338a9a56d1018dad7426f94a0f0e87fabb772ec53c082a7027f37b5bdf63e67352f9be9f307cbc7178d267691d19501588b12f3c3351207e135b97d956280c","ssdeep":"768:ET7Tn8smVruvwmjjlRhZQSnYev6eCme8edeCWeC8eCqeCLe52eCmeC4evDesmoeU:NsPWQNoYJF3tK9W/rK0Tg","tlshash":"ebe2f9c876d8b45887e350e1a06b9017f22bb940982ee4c1f76f98f217f4a5c5762b3d","first_seen":"2026-06-03T10:08:00.409712Z","last_seen":"2026-06-03T10:10:15.244271Z","times_seen":4,"resource_available":true,"data":null}},"time_used":785,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":785,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RadioGroup.oTFPCem3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RadioGroup.oTFPCem3.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-2e20\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11808,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (3633)","md5":"559191607e43e4fce28f1158599b41fa","sha1":"bd16204dfc4cd74064a040d6b5326613c1a2ebe3","sha256":"847dc8faf5ed69051093390f09b755b46da41431104f942cd79b254ea141d623","sha512":"0118258fd68a93492eee280d77abd38a95f62347fa11d892586df6ab3c1ba38f161de599a7833df3a87d58624dd55e66b8a54aec902a4d5727cf2fe11ba40de6","ssdeep":"192:nMyN7jgkf0ip1p9EZ8ND6DQnbAlpGBoefsJME1e:JCiNDFnbA+oefsJ3e","tlshash":"ce32d7f9be09a1783eb3c694938f414a33057952eb11d4e0f4a3b05012eafb9959bf15","first_seen":"2026-06-03T10:08:00.269139Z","last_seen":"2026-06-03T10:10:15.303591Z","times_seen":4,"resource_available":true,"data":null}},"time_used":867,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":867,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/use-keyboard.C_iftZvY.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/use-keyboard.C_iftZvY.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4ae\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1198,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1197)","md5":"7defa249fecbcc63945e3467e475a6bb","sha1":"2ff6d894e4b91a08d26fade257d3ed600c2a5196","sha256":"74e4ab03366a1c64c809c9040dc3738b56d72d02ae094cf5f8bffbfab413712b","sha512":"5f40d09f0d8088c51921ef2c149dac22b3608a1f3027baa60c7923fece2b4340314a2116e5571cce1f7c5e8eff988a632b5957de31ed4724073974e6afdecf59","ssdeep":"","tlshash":"1c2124a0506e34fd9aa6edd82a3fdc103452bab07009b861506ddf3bdffd942a5431a6","first_seen":"2026-06-03T10:08:00.174598Z","last_seen":"2026-06-03T10:10:15.217503Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1033,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1033,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/success.B7fR5wmE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/success.B7fR5wmE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.AhYOak5C.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-976\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2422,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2421)","md5":"861edf6ccee12de018680dc5b5ff70c6","sha1":"7775194f46f290b518202bd71a4b63498069763d","sha256":"bd59e568ff6effdaa322fcb9a75fb145d6366fd9ed36403ea87fe64b1ca46d58","sha512":"c527618385c565d1be5f860c12ed44aad86d37e01dfb963c6746bdfe2f5540afefc1bb36b46b35d2447eb5bf61f4451cd5f11208821a00ebb67c78e51f165efd","ssdeep":"","tlshash":"1741947c851b6e78983c4d5b0b283d21d826a2bdcfcdbc475d865200ab345075ca5ced","first_seen":"2026-05-30T07:41:04.658352Z","last_seen":"2026-06-03T10:10:15.202614Z","times_seen":8,"resource_available":true,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Drawer.DmytjcuK.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Drawer.DmytjcuK.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.kRkdNn81.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-3af5\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15093,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (6796)","md5":"30bc869957aff340d6c9d28c2d5b6a86","sha1":"7abdd99b44ca510bf171ccbfcd0d130a576b7915","sha256":"533298f8c0a50e765713adbae71e3057daa81010d789d09d48ced7a2c0e7c88e","sha512":"c1f41b0534307507cc5a60cba328f66d50fc2ed29857214bf7e7ece7358ef594c8e9097530247740eb37b10b1d62d0d5d255623122b9c184d16e88e7ec6674d2","ssdeep":"192:BES4bF4ctw0bXOqeGSV7mci+arsRvXLoRxN+mNLaVatpvmEDbwlbTol4GRJCCkDh:X8Fm0rBv29i+3ZXRQUlbG4GQsbjc","tlshash":"1162e764fe19b07425b7c2e9c0de5b68117c97d2e72ac8e8f172346b11c22b85217fe6","first_seen":"2026-06-03T10:08:00.304289Z","last_seen":"2026-06-03T10:10:15.177966Z","times_seen":4,"resource_available":true,"data":null}},"time_used":323,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":323,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/d0fc6cb72be725744777cc1e7bd7e247.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/d0fc6cb72be725744777cc1e7bd7e247.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2823\r\nConnection: keep-alive\r\nx-amz-id-2: QkXS9Hw5WrCWMBTXBhT5b7AOW1+ol3Kn0htboyq+Ft6KEkE7fcNJZ5MmuT6321+APCOF6JRQ/LGuiz9g17mmQQR+ddKcKzPA\r\nx-amz-request-id: GJBYH8GA49HYMYEJ\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Wed, 01 Apr 2026 11:12:14 GMT\r\nETag: \"d0fc6cb72be725744777cc1e7bd7e247\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: .VE6lkoAv5abP2TQPCNHE0nCsBLX0qsA\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1816527\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_14518-13102\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:7 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2823,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"d0fc6cb72be725744777cc1e7bd7e247","sha1":"d6be98275c4bb169b41d6cad6dfb0c38bbe23f89","sha256":"a8d90bfe01638023acd31c486f35dbb764bad7fb0a0996d71aec6c1a58d318f7","sha512":"8d91af1b526e2d894dbbb8535f1e8c3fd7b1fb86825045f4b26951eb886049d91c53958c6faa71cae34c3618ff0fc0b2df305951d1645b7cc1f4e09bba41b545","ssdeep":"","tlshash":"04513deb6f4fc0909f3886498abbb4a3514b3f4935c934ac6096785eb1593177ccd239","first_seen":"2023-07-03T09:36:04Z","last_seen":"2026-06-03T10:10:15.212869Z","times_seen":14,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":58,"dns":0,"connect":26,"send":0,"wait":28,"receive":1,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/OddChangeIcon.WkWd7uc3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/OddChangeIcon.WkWd7uc3.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4e0\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1248,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1247)","md5":"2319e3183b405b26459d6bc986bcb9bc","sha1":"6aa9ff3afdf0464fac38ffdc9f30ba1b8efafe45","sha256":"3307511a425289c031b2061d76dccf360f23c1e5f996362d2fea032d19eb42fc","sha512":"7c1cc27651c0d026b77c5702e731c7e84065912486b140c5d944d7a0bc128b7b600c72682b7c4a50635e36b8815b8d752994b328cfb4864f64cf194d4cc2a4e2","ssdeep":"","tlshash":"7921219e5c4a8929de2a852b27225d1bd03196a1cfc9288fd7c06631d3e006a3ac81bd","first_seen":"2026-06-03T10:08:00.27837Z","last_seen":"2026-06-03T10:10:15.234037Z","times_seen":4,"resource_available":true,"data":null}},"time_used":497,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":497,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.DPxJ3BEe.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.DPxJ3BEe.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-ae4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2788,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2779)","md5":"06477a4841ca8296876293d3a28e4436","sha1":"1ba8abe244f59f8ec2cb947989d0a61772968827","sha256":"e1a82623bc6ce543a6263652b235920bd911a6a9ba267516ee618dadb65243d4","sha512":"12abcc690fb80efbd266bd58be0b8b402b09b37cee0094de1338ffaebc1756269365b87d33c7998e515e7d53ee85eb4a8fc8e4190514a87663411ffc2c728dac","ssdeep":"","tlshash":"4b51c7052813d6fa7efb4510512e5346c1083f28e42ec455a2fe48067bcb4b6f39e764","first_seen":"2026-06-03T10:08:00.133509Z","last_seen":"2026-06-03T10:10:15.208882Z","times_seen":4,"resource_available":true,"data":null}},"time_used":644,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":644,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/use-keyboard.C_iftZvY.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/use-keyboard.C_iftZvY.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4ae\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1198,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1197)","md5":"7defa249fecbcc63945e3467e475a6bb","sha1":"2ff6d894e4b91a08d26fade257d3ed600c2a5196","sha256":"74e4ab03366a1c64c809c9040dc3738b56d72d02ae094cf5f8bffbfab413712b","sha512":"5f40d09f0d8088c51921ef2c149dac22b3608a1f3027baa60c7923fece2b4340314a2116e5571cce1f7c5e8eff988a632b5957de31ed4724073974e6afdecf59","ssdeep":"","tlshash":"1c2124a0506e34fd9aa6edd82a3fdc103452bab07009b861506ddf3bdffd942a5431a6","first_seen":"2026-06-03T10:08:00.174598Z","last_seen":"2026-06-03T10:10:15.217503Z","times_seen":4,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/1460f72a70a8aff96c1787676d366905.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/1460f72a70a8aff96c1787676d366905.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 14379\r\nConnection: keep-alive\r\nx-amz-id-2: OpT/3HsEI19VEClSKwiLg1rFak0HVJTQjU5dcw2lZxcF2fqm24txzNXcGVWvX8rIUmJ8b++9hic=\r\nx-amz-request-id: PVPZ14PY7NYKP6ZJ\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Wed, 03 Jun 2026 08:14:01 GMT\r\nETag: \"1460f72a70a8aff96c1787676d366905\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: GybxXWAsFrlpYpgsf._RYwZfA5sf5Zki\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 5966\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_17463-17831\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:21 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":14379,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 101 x 101, 8-bit/color RGB, non-interlaced","md5":"1460f72a70a8aff96c1787676d366905","sha1":"973afa875c7113888e494ca467ccd601b5fcb08f","sha256":"4c0c0898b63668adafabe53b2d53b8ac4ec4281918ff969420d1c3a460413150","sha512":"4e015316c792482e7f8845a9669342b706810fdd2c405487bdae9153cdcde246868e4a5d910e0a16daf9ee802d39d0280e39b3a08f38393253e90f070e1de3af","ssdeep":"384:0g9KRLZRiQbwy3aPYrNnBjRMtolPAHzrOnwsur6yq4aR:0FRLjXSYrPjRMtol4HzSnwLw4aR","tlshash":"1d52d04a045cb865f662e1edf03fb7ca4619412fcf2a61f5823456e3c68ad61801bf7e","first_seen":"2026-06-03T10:08:00.384745Z","last_seen":"2026-06-03T10:10:15.33922Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/helpIcon.DXtWc6_o.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/helpIcon.DXtWc6_o.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 7012\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-1b64\"\r\nexpires: Wed, 03 Jun 2026 10:18:58 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7012,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 167 x 112, 8-bit colormap, non-interlaced","md5":"c784639df64797cf4c3c1757c34846dd","sha1":"89cb423197db444b0892e1072c4852221d971934","sha256":"265557bcbbde1555f6d1253bbfab5df958ea8d9920c071f74f1f4e49a38d1f25","sha512":"fe33c6c1931263ceb6602ceceb63a87c7b45067ef44b3573959424487bde84e3a6953b8199c19fc4ffd54be1c2c6c929cd7cdba468c087418f3884a0546eb9b2","ssdeep":"96:Ri9I663eoO2tk4BHWENfpf2A/7pN3W8Eu1Nrybrp+UvLuPCTJgSSJwQk1Ie/Gvo1:CI66uoJu4hXp1Nubd+UTu6TJRSJw0G","tlshash":"77e1af2d5386d41030261626cd2dd60d8a94e83bf2cbade280d2b33957c72ff5365d3a","first_seen":"2026-05-30T07:41:04.733772Z","last_seen":"2026-06-03T10:10:15.255614Z","times_seen":8,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top3.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top3.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 20978\r\nlast-modified: Thu, 14 May 2026 08:14:17 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Wp3EnskFKX9AG_zoCoqHyR4rV4mhpaQf\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:49 GMT\r\netag: \"8e1de03a2dbbb630efb01043ee6fc2b1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: bTtccC_zrVNSmARgRmuGNl4pEbjgWt-Jpw9zAus94MShzHCOFCer8g==\r\nage: 1806\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":20978,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e1de03a2dbbb630efb01043ee6fc2b1","sha1":"7bb09b5bfa88cf843101a9b61972f863309cdcc3","sha256":"2271b2c45b6d60878d05ef3515f25315d3ff8852f257d2735c65b52c7842816a","sha512":"259c7f9ab14719c7242fe4109c25c743ccec308e3bf946b11f40b5a25a08af3488091c233b86e6a9262d9c0358f5d8784c75db5fc4fa378eace8b92b97bc69aa","ssdeep":"384:CCorrDChVYFRAjwJx2qtxCeXyyxaPVKXIoxkPr7TQKweEMI2/vKJb/oY1pcza4Pt:loPDEFCnMeX5xaPVKXIoxkfcTeEMIiSw","tlshash":"8792d0b7b362180fce4ec2230d7ea5427066a2d1615c99cc0f1287a6af6b1945cef362","first_seen":"2026-05-30T07:41:04.807809Z","last_seen":"2026-06-03T10:10:15.3161Z","times_seen":8,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/use-notification.DYrhVCjW.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/use-notification.DYrhVCjW.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 189\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-bd\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":189,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text","md5":"eabe1025f70117ddc48bf99984d1524c","sha1":"1ff9ebe88648e95a4cf197ee99563d4d968aff6e","sha256":"8bec9a27838de0a2f553266883fd92ab09cf8931822343f8f31efb7bef1b07b4","sha512":"df2eb7999d4dd6de283289d0afec9fe084369212d61288e776fdab890de120b12647e0019a340867b2befda3d82a2b110caf9cc2bdfc7a3985a44e89ec9abc6e","ssdeep":"","tlshash":"a6c0228f308132b01b8305bb712a08ce42374a283a6416f0014f0534a351270e30fc4b","first_seen":"2026-06-03T10:08:00.302957Z","last_seen":"2026-06-03T10:10:15.289102Z","times_seen":4,"resource_available":true,"data":null}},"time_used":419,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Tennis.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Tennis.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 8248\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: D7dIDmuBH2aO1IrjhiKV7osIcB5OkP7K\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"ec78707614e03a287bded42efd886ff1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: GawGYk4Rm8FkmrGZaUo55OlajzbEeL2i3RgruGYHFC_RUUcyO-qqbA==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":8248,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"ec78707614e03a287bded42efd886ff1","sha1":"216bd2c8ea160f41c82922a0f804f43fbe7cdb44","sha256":"fae775b3cb1d5c285e59a6151664c66c8600c08ea2b97ad11b4d62eff09227a5","sha512":"5cfb8dfeaef0ffa73988ffe8f3e02ff0c6f5b0a1b8df35018466f5a5b696bff1adf37b94a8eef2a919aab4b7677d6115fbef8c9ae3abd9fb8bb9c7397fecd403","ssdeep":"192:FSZzIeHoSlQgOAD4EothrHrnXDsDqZnUwK/ie8U1tmWKNYy7:kTHb2LTEihzrTs4K/ieztmtqi","tlshash":"ab02bf2091e265dc9c7a977c550fb42858acfcac081225b4bbe17a7d271288ac1bf1e6","first_seen":"2026-05-30T07:41:04.760904Z","last_seen":"2026-06-03T10:10:15.331759Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/activity/f/activity/queryList","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/activity/f/activity/queryList HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2641,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e0a4da3132ae655163d111121a77c402","sha1":"11418ca23be7d8e99672728746e6f1ef9ee89692","sha256":"f8cde474bf1439d4b1929a7d78d7ce1286f7c3d413968813e42f24f8f8a88ce4","sha512":"534d5311cc59f1973951f5e9c990fb606043ebd8e111d93a0e02b1eeb59895114703ea3d889cf321441eb4c25e32a6eb60d685cc291daae86ca4ea3543836407","ssdeep":"","tlshash":"ca51ac671a4825a6fb401d77f56792094cd4539ffa80e59ec3cd09ef99dc0b2232521f","first_seen":"2026-06-03T02:50:07.954307Z","last_seen":"2026-06-03T10:10:15.336751Z","times_seen":6,"resource_available":false,"data":null}},"time_used":665,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":665,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202604/bf18af100c64411b8439b53e8b8374d9.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202604/bf18af100c64411b8439b53e8b8374d9.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 352440\r\nlast-modified: Sat, 11 Apr 2026 19:12:44 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: XQo08KcHnsJxpJA7goRofPgT9i8lVDyF\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:07:21 GMT\r\netag: \"59e23911090ce77d2fc47906012d50c9\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: V6Nq1DuiJIrr-YMjZYsWnsZM5mUZQx3dP0OdupsQwPBmbrO9Hqr0oA==\r\nage: 1810\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":352440,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 561 x 520, 8-bit/color RGBA, non-interlaced","md5":"59e23911090ce77d2fc47906012d50c9","sha1":"c1633983ae81d459e90561a9f3f4f86e5c18a02a","sha256":"a0665d882e514887f63249f892d27aff4afc13340571c554f93d8aeedf660345","sha512":"44eed9710ecadccabe80ec0300c60294167c1ab03c753644e986504c3f54a25a3b18b51476253471ea69d0be35b947040bafcda3912436015f42834ceca86a9f","ssdeep":"6144:9pZg32P+FXQdqWGsaab5NH548L4+7oYWxrPApp9/j4pe28Ur/R:22kXUGsp5NHDpWxrop3j4peeJ","tlshash":"4f7423f213a65763f9036fe39135bb7c92e1d58fad0d748e2ba8b25050544e4eba210b","first_seen":"2026-06-03T02:50:07.919609Z","last_seen":"2026-06-03T10:10:15.3084Z","times_seen":6,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Checkbox.BtziCGuV.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Checkbox.BtziCGuV.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-28d0\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10448,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (4729)","md5":"2dbb50404aab7653d879bf9658627ced","sha1":"868903b47bb7a844dc2c3d7ccbb506cb615573d5","sha256":"11e36e20172e4a7e6bc2a8b1e2bb0d3baf5d90a09fca1b21fcc56a3325f89c37","sha512":"280f0b94b956ace1bc6e493ce18c7c699e43eef2ae985c8f4a423460c9d0c42053396b7e47fa19c85f308300a00e6ca93bfd11081eb186fa1c85b8f4133968ed","ssdeep":"192:eeFNHFb68jFLqTpdbMlbzUg8ujjkupMn0pva9Qw4QtXXhUzPC3cHn0J1ijd:eed68jF4pdbMlbzUg8XCshyPZ0J1ijd","tlshash":"8722853abd4a91b229b3c5a59197480e61226652df15cef0f0f28c0119edafce44fb3c","first_seen":"2026-06-03T10:08:00.281541Z","last_seen":"2026-06-03T10:10:15.262569Z","times_seen":4,"resource_available":true,"data":null}},"time_used":528,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":528,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.DF2VgsCa.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.DF2VgsCa.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-44d\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1101,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1100)","md5":"b023d6baae5411da291f7b53bfd8d47c","sha1":"01bc9682377750a46f8ff9bda171396745ac8fd3","sha256":"d4f2b2c96e9e402249eb99847bc45c5c3dbee6d6782e5f7257f02698fc587ff1","sha512":"b032b517f4cd94d613aad3d2ac3b17b5e51b17c0121088741ba83be7b544ec5106e75b349aab910c83d428c83cf0c3e6257d9d6b440fd572633413a5dfcb2d3e","ssdeep":"","tlshash":"bd11817176f7e019d57b800364e52f7d092ec144630a0d94cf1dfaf8068d4cf39a4555","first_seen":"2026-05-30T07:41:04.666528Z","last_seen":"2026-06-03T10:10:15.22818Z","times_seen":8,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Tooltip.ChjoOOCk.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Tooltip.ChjoOOCk.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 1000\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-3e8\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1000,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (999)","md5":"3edc356539ee6892afd6c9a3f6331c7e","sha1":"0ba73243e6b7e80ae2cf64aaaa89a32e45ed6e4b","sha256":"cb3029dd86b02812cff0ffc58a9bd669b14aa15675fc113cccc9696d50d532ce","sha512":"9a1f5079f59b6d4f80efb6fe515e38757b299c663c0f5c44e384762150f77143fa30d0bf330ba05912b48edf30cc49b5c97ece2bdc82516b46297886a919dfcd","ssdeep":"","tlshash":"9811215ae48184b401bb30cce43b4710bb232749bc57f1c1fe3b959a2194f46caa5a21","first_seen":"2026-06-03T10:08:00.342653Z","last_seen":"2026-06-03T10:10:15.281336Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1039,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1039,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.DOuwUyMp.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.DOuwUyMp.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-16ba\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5818,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (5696)","md5":"145db57658d5418ad218fcc3b6391ac4","sha1":"731e40cf257d28d39a55a55405d3b7b01b4019f2","sha256":"58561498c7eb530950d063baa176bbba62391295afddf6072d6104599e08fd3c","sha512":"a1572e8d311f02522d8c1718142cbb0464fd06ad2e972ee9c305b613ff3573b906c2d00c1a49d0e6103abe3b17b84ec6664fd048399ec5a88ba621f53c89fd87","ssdeep":"96:NpnvAKzW3YrGdv1PISGEwRA6tm1xyY3A53Au3AV4GzK63ewVzbUkzEctpsJUcph6:nvAwSGEwRG13i3J3+Pl3nftIUGh4p3wy","tlshash":"b4c18699203fbb7ab6174834756859d2a3087faac115c44bf1bc1c232bce8b416cdb79","first_seen":"2026-06-03T10:08:00.177086Z","last_seen":"2026-06-03T10:10:15.187451Z","times_seen":4,"resource_available":true,"data":null}},"time_used":996,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":996,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 532\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":532,"data":"{\"params\":\"=XhKEaKQf08lKTCzcHHUVVmEEmqyDBCjK8W4BgmCRyUhjc0UiCOHysl1WXIsWbR/DdYEklVIJ1gaXRtpas11CmHLTvTxgeGSxs77Xw8FJzF2L5q6NfCCrQReM+gD2U3DWruK2QllqqvlqFHh/LF5xcVYVwmS8tWzB0eYZCJjkmcY=,z1Mj9s4K6r1i3hyd30ittcgOygSnXprVFd9rH41bfHs0GpfCJvG7pze8k9yCMzl1kkd43O3TbfzWjwTWu20L1eVjmPJsOaCDD/lh+Ahk0bKDxWat8SeLXotyZT3t/9uekK/mX1uObkJJ2j4DWV7gRNZ19VTJ7EXV9rPNqRezrsI=,JdUtnCyV9bru0szNMPTqCJuHHBCO+9/7ajUhWfw40ZaG18aG7/eZ4SS1oynvez8c2psLchwTKiIGwgJ2BZpVu3Rq6MTthXvsJenx9pjke6jRvypV0swjeV65xPY8yawk/HJFpQzQwEVA8AmES98huVIYYaW9Vtdwe1Ph2GXXAZY=\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/json\r\ncontent-length: 15322\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138450,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c6c60512cb526a20c6bf0ed93b649075","sha1":"9e544ff91010d17d34066ebfa34c62e7e71e70f6","sha256":"bde6196907394e10c2ff37554a25cedf05d25a2044511ce42604e49ce5e531bf","sha512":"280bef8ba55958d65a1bea44465d0d3cdfc4bf6af2e995f6af9e48f94bc06f293e3141199149b095bce48824754f0186a41748ec546d41c584ad733d2ce7ca17","ssdeep":"1536:k1sVwVIEuLlkfH5xlrDvlylflL6nlmlZl8FkOlRlNlElKX5WTjLE6aBoCi:k1sVwVIEuCfH53DgTjLd","tlshash":"44e3a94aaa2ec6fd96c17d02e4df2091e4f03e0bd84d2d4046c26eac9b6fb53b057567","first_seen":"2026-06-03T10:09:30.167313Z","last_seen":"2026-06-03T10:09:30.167313Z","times_seen":1,"resource_available":false,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":770,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useRewardModal.xxp8-ci0.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useRewardModal.xxp8-ci0.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/GoldCoinSign.BYa_nPjb.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 364\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-16c\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":364,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (363)","md5":"022a307c1723df6e434f0b67002d0bc0","sha1":"687413f8ae416fa802229e063ab2b68e22038406","sha256":"f7eab77dab1b0172cdb65650a223df93722e032dd211ac4dd48c97adea4bdeed","sha512":"49f9dbd5881c084a918757aef45295dc6990132601c11e2ff4ae434dc314e428aa4d8d63a63db7415597391f6e81a6d646434dd5752885a54b88be2a102ef52d","ssdeep":"","tlshash":"5fe0c0a7e0ca5af9242f198ba135007941d8149971cb8e84535c09d60b2d3d2f02bb03","first_seen":"2026-06-03T10:08:00.221396Z","last_seen":"2026-06-03T10:10:15.16859Z","times_seen":4,"resource_available":true,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/19df404fc5c23f27884654a89c13a6a4.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/19df404fc5c23f27884654a89c13a6a4.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 10154\r\nConnection: keep-alive\r\nx-amz-id-2: QSu/Hhw7705qIUGx6rPPqNcinJCje3WSkDIysEHwj+q4c5YHSth2uAgU+JDexRsXyE8TljgOgzFFkLbZOoYXXzbGQz6eLfFt\r\nx-amz-request-id: F6XCH60RFYCRYN59\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Mon, 18 Aug 2025 23:34:40 GMT\r\nETag: \"19df404fc5c23f27884654a89c13a6a4\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: bXhFs0A7EEOJGxoZ.94EdSeNJM0ieMDT\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 394134\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_14518-13107\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:7 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":10154,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"19df404fc5c23f27884654a89c13a6a4","sha1":"3a4d3ef1d16db05070b7c47755308caacdaa4597","sha256":"0784a1cd3b5cf14b79f35de0143e50d95700f27b3941b41dab324fd888ce231f","sha512":"0975f96016f83554b08245a68d52eda78d1e33379e0a668ea595a5c71316eef6e1952a6f5ae5e695533968f7c1ecaf449bf2a6a9d9e5246872ca0a92af1d67cd","ssdeep":"192:OnjEilzHYDeGWIqA18lmfXBUG3qv6G2Z7QggyT5jj0vlGU9tkVkuzE9:OnbzzIJ15B331GiLjjEHM1z2","tlshash":"a022bf726e83b5c3c330782b48a87ba3d4d295d47329c5648148d97da798ce603b26d3","first_seen":"2026-06-03T10:08:00.405291Z","last_seen":"2026-06-03T10:10:15.22473Z","times_seen":4,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":44,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Input.CcS_fxKr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Input.CcS_fxKr.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-719a\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29082,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (10575)","md5":"0d5ba40dce3f91819d89041ca23d880c","sha1":"36fbc7a960e643d365f6f1c28c93c9bcc00713a7","sha256":"4a311fcfa642323bc76d7e087c72ecd568552c549e93cd660e72a96d0f9a4817","sha512":"cdb6abfc022e6777411f70dfcb7edfa7df4247b616d5c16246d5df2c1ec8d4e24141bdfe9a7061d7e3976fabcb19aca8a9cb745b917c05d5e14378021205c722","ssdeep":"768:XZacpv5VFP/7DYSWm5PVpK0QYUDc7et89xmCAKCIdfgmcw0S7RcL1Vmc92GH+2J:pDDP/km4tyFVc2GHf","tlshash":"efd2f9a4f90de0b465a3c9bcd18e861a33113663a601e1d4f0745ca51796bb9e36bf3c","first_seen":"2026-06-03T10:08:00.267467Z","last_seen":"2026-06-03T10:10:15.22747Z","times_seen":4,"resource_available":true,"data":null}},"time_used":698,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":698,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Eye.DAta3D2Y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Eye.DAta3D2Y.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 612\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-264\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":612,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (611)","md5":"7a41733bb7e2a671bebaf477565a5ba0","sha1":"7c5cb53d55f1ce3e19afd74bfa0a1b80accba0c2","sha256":"e57ddecd0f8d6b8c6543abc18f9ed5a15970c3f59b9be7f39d059522a4cf7205","sha512":"019c7956ae0341ba5d4682c9beb35e35a7b1819e7c949991f9800f48b7c3228fd41f15642d448fd0af57a3428b5335bced9bc440720fe731da08820ed8a8744c","ssdeep":"","tlshash":"66f0ac0da3a5193c402d099c5b987515ae7b02b877194344cac99430f2264c1b1bbbda","first_seen":"2026-06-03T10:08:00.350655Z","last_seen":"2026-06-03T10:10:15.192897Z","times_seen":4,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.B_EyOe7G.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-6039\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24633,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (24361)","md5":"56b87537bbccb99cbb3f8e40c680b3a5","sha1":"9c29309c502860d20f37423d7c9e59267416b0e7","sha256":"bc7f271a30dc6d0a12cc4550b077b6126a9304f4f2d69ec9724dfa27be1d92aa","sha512":"2e542ad20e1a1039616ca07a456b322126605e660a065039d0d19c91440073278937795d618571152c455a513639da440885a6474135cd5da8d3b6677d416835","ssdeep":"768:MdU4/IJe3oXMryC3ISDpDyo4p9rea0sbb0079EFo:m3oXI3Dyteh1o","tlshash":"d5b22a47a13a1ebeb3530da0f0690597520c7febd400da90a5ff1e701bdac8056adb7a","first_seen":"2026-06-03T10:08:00.144623Z","last_seen":"2026-06-03T10:10:15.297651Z","times_seen":4,"resource_available":true,"data":null}},"time_used":721,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":721,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:09:07.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 532\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":532,"data":"{\"params\":\"=YoDiXx1zs4PBrA93McXCsaIpWghvLgstcLIGg3pp/FlwuDU7GzOVgKrEZiuOXj5+Ick9wlZodnxfQaLFxHByAeyVkJnGUDJt7VYvdcWL70em5xeQ2AwsOH/BHYQk/5EiEUef+CijCHn+te0zl+Hs9n5LDhkGWzOPf3ElTeGNfMc=,ktUJaHcs2N99FtB4PZ/7rzoAoFegowpgswN+YTbNrwJ15xyKnmJEb4goMgKz3VASsX61qWFdmiV4Pl0HkBg6tXEeFc0jm8rUAGgQpzETUHcrlZQi7cYAMhWmUYQtFOU4LcHBKgRG9QisiJZ+vpKvwVpxayRUeqbPFJ+JO+pomzA=,s942uEoErjS8V0op2uhQhaHzmwwHgdCF2fG5c9o09DATtmJbLP8eslPyentKbpM1M1/s7AkFtp7Np6PbK0CaHtZ8qbbWCZC4E9p2p/UJzpoU2UXbx0D+0BFHe+c73q3WKrW3X0eS8KavaX8iIF24O9nzg9BKKA74Cgu31Qm5ub4=\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:09:07 GMT\r\ncontent-type: application/json\r\ncontent-length: 15379\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138504,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ddd0231ca85bd87be16dd7f2eb0ef0a8","sha1":"80296e4bd3b81473527b1ac3054fea3182367ede","sha256":"4e7d92c800ce5a02938b5374ebc9d9787366d47fa8349081463e1becb5ed5f00","sha512":"29d857e00f34c597593f2abdc0ccd298b79d1b1188c5b73308823036c46bda09ea2935334609a1a3f93381ca6699a9e8d09b3fa41b98ac16450a4999bdf76d69","ssdeep":"768:Q4Xkbb7mqIanh+Qb9/1VwFeRI1DAvYF2z2lToC8j29ErVVzUjinczKg5TlAtzeId:01vVwVIEuwNpD6FkGX5WojLWnX1GCi","tlshash":"ffd3774a6a2d88fea6c26d02e8cf3091e4e03e0be80d2d4045c67e6cdb6f753b557567","first_seen":"2026-06-03T10:09:30.175291Z","last_seen":"2026-06-03T10:09:30.175291Z","times_seen":1,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":389,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.CcQ02tWX.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CwYXShdD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-432f\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17199,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (17072)","md5":"f397c343be1172e7005bcb3eac87fd19","sha1":"5093f5df1a9198b931bb4e9dbc4d2e51309bf2fb","sha256":"0884c77940c1ce55d860e2876fb295fd7304498c137ae5b0b539fd83bdaba5d5","sha512":"f8a3b9b93922606134f82cb1e52dd12c4524568ff3c99871952bdf9f8ac5c1ece3c1289d7247af3cee3f81c9a25e38b4e1470e141ab4199c0292ac41a75a301c","ssdeep":"384:wXKOkPVp91oIE0Yt9iXmb20QjoghzONnuPyOjiAEJEhC:wXKLVp9aXZ720QjowqduPyOJzU","tlshash":"4a721a89b0320cbabbb724f5f0544054e6b05ba6f016d5c1b1fe8fb83bd6c605b51ba6","first_seen":"2026-06-03T10:08:00.334099Z","last_seen":"2026-06-03T10:10:15.205589Z","times_seen":4,"resource_available":true,"data":null}},"time_used":382,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":382,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/LOL.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/LOL.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5858\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: VZtnY2IYomcPtWlnq9VZPo2e4xbtbzTq\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"6e8237396bc77075edcd1c1e02e13dbf\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Kzzbf5hIrMTIme66ZYKQGgD_wHD4lqorkX9NjQ88_dj5Z4eGWa_2YA==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5858,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"6e8237396bc77075edcd1c1e02e13dbf","sha1":"1849454d1a8ed73bb7d0ea1b40271e569eaf4d33","sha256":"6d39ae8acfd74a09d21fd4323fcb554520e49f47b7fdfb9a29fa14ba719797c0","sha512":"726bf685fc8247df2cd2cd4c7c54a14698d50fcd0ca2315c0f1ea5f207e40624f8e9689bf28fd56ac24aa782f3ed8c3cb036652006b52f73ccb6a66853281aa3","ssdeep":"96:87SlvVJjuSBLdO+xtYZZ0EgOgkpt2Da08PJ6GLTai5SxYJGIKU0rHVO+4E3QX48W:WS5VJjDkZ0T1OTPkgTaisYJbKxH748QG","tlshash":"3dc19fbf0306072daad7847120d8ff9761538768842056631fcec662326cde35687af7","first_seen":"2026-05-30T07:41:04.73559Z","last_seen":"2026-06-03T10:10:15.335166Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/game-center/f/sport/queryMatchPage","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:09:02.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/queryMatchPage HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 532\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":532,"data":"{\"params\":\"=gTFnxj5wvCXIn052AWBd6K0l1JQJYVjpdu2JAf7SNQRJhSuASK8OQGyu1uI4m4EXyqt2d9RUdTrVkLG93I/mcM6m8w2sWbWd6w9ftOT+PwsTTDZWLiZdgCHvagffXyWnWH+sLE6XBXCPwBUVJyCVOC87loelhFvXEqYsLTHr4e8=,G1ygv6lK6LRbkBy9b1qzNx3mRp8VKKFL044SUoqZcA7ZYxnc8Gh2K0jV+JqFECMb5pMSVcBEGBfONh4LU5nL1KAlvPAVmWL9bAjE1w2cKBnTfdJU++ay4fmXusttBqt4q2lLov73TXlHHwY8togOgrBySeiz0EEBg6QyNtXkTC4=,mDPhvzbQhEvN3w4loyuul+sgS9SEfHjAqYblGLKZau3XP3yilKhSXk9uUFOEgh5kad9UbgMZnJE89jkM8zwpIDdd2zG6LkfyV8YtqtM8jS7UkKnUYU1pnaka10AimKvCHV47jawqlas6usHAPolzrpvaNzjV6hGGaD7sZrBRi2g=\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:09:02 GMT\r\ncontent-type: application/json\r\ncontent-length: 15379\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138504,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ddd0231ca85bd87be16dd7f2eb0ef0a8","sha1":"80296e4bd3b81473527b1ac3054fea3182367ede","sha256":"4e7d92c800ce5a02938b5374ebc9d9787366d47fa8349081463e1becb5ed5f00","sha512":"29d857e00f34c597593f2abdc0ccd298b79d1b1188c5b73308823036c46bda09ea2935334609a1a3f93381ca6699a9e8d09b3fa41b98ac16450a4999bdf76d69","ssdeep":"768:Q4Xkbb7mqIanh+Qb9/1VwFeRI1DAvYF2z2lToC8j29ErVVzUjinczKg5TlAtzeId:01vVwVIEuwNpD6FkGX5WojLWnX1GCi","tlshash":"ffd3774a6a2d88fea6c26d02e8cf3091e4e03e0be80d2d4045c67e6cdb6f753b557567","first_seen":"2026-06-03T10:09:30.175291Z","last_seen":"2026-06-03T10:09:30.175291Z","times_seen":1,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":395,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Pagination.CIqUoics.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Pagination.CIqUoics.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-5577\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21879,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (13027)","md5":"3f3a40f8f43b96bdd6c618477bc82abf","sha1":"7424aca996162a683cf0ec679ac8ae09dab69dd2","sha256":"e34c7f97b44213d2a44a56fba1f284456197efb9d35811dfaff76ee852ec6b62","sha512":"6d0100488d42d3d558521831efbdb6ea6c857749d73bb38ebfb5542c785c22f7f41d76226f85a4ed783bf1938455c2a61a156cffce8098f678c912d0f3e2f473","ssdeep":"384:8jhLpRBaR2IjWDfXQVJkTwmdNbe97RhKw4bBEBpCw4fRJSZw/XOns1GSqMf3BljQ:8jhLsSDfXQVJMwmnbIVhQbBErCw4fRJI","tlshash":"20a20984f40d607127f3dd38c86f0a26b2497e43e504d1e475b24aa417ceb7ca6aab36","first_seen":"2026-06-03T10:08:00.324289Z","last_seen":"2026-06-03T10:10:15.256615Z","times_seen":4,"resource_available":true,"data":null}},"time_used":495,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":495,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.YK7gRJyx.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.YK7gRJyx.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-643\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1603,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1596)","md5":"90f1ec627af14cf0358806742ab43378","sha1":"a507e75f9c0c994d79fddcf5a951f60f849c8757","sha256":"ff7d06dfd46713aa248c33ef11fc5cb315fd352f0dcc2da3112d8b80f237e1f0","sha512":"dc52271cf92ba7a25f7631a3f6a79a668f7c983b2d9547659342e9bb4445135ba4f63a75da969f9640ced973666be927f4d1489877ea793d328cfe8910bed78d","ssdeep":"","tlshash":"d531658ab41dc0f62fd398b9f121211a534d8fed9546d1e201ed6a5d0f4eced0a4ea36","first_seen":"2026-06-03T10:08:00.284118Z","last_seen":"2026-06-03T10:10:15.211317Z","times_seen":4,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":700,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/PersonLoginAbnormalModal.CKMpEKiS.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/PersonLoginAbnormalModal.CKMpEKiS.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-2c0b\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11275,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (10202)","md5":"6bda40d0fd8de66a52710a03afeee290","sha1":"03fb60206c080ecb321cd9fa7fd69741b2835cfd","sha256":"1003347f017341aa72030152d643e39a734256e4f8c3d6c427b0eb53fc19375d","sha512":"b27f335af4f1c0aa79568c5fcf82e86a1eb147fa29b2d396f415af04496bb52270d8b46eaca4b7c767d2cb69ee24814c8bc5cc7f7ce3105b8a1ef4c6712be800","ssdeep":"192:+goFIPwhdsWzw4swSfqCDd1ui7FUfk23OvuAacNN+ppwFbeFIV:+tFIPwhmcwlf97FUfk23G1NNdeFU","tlshash":"2832091c313aeb7e3f0b5420b1a86058900c7f9ac518ccd7e9be4c272adaef45685785","first_seen":"2026-06-03T10:08:00.22659Z","last_seen":"2026-06-03T10:10:15.215988Z","times_seen":4,"resource_available":true,"data":null}},"time_used":793,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":793,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.kRkdNn81.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.kRkdNn81.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-842b\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33835,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (29990)","md5":"d9f05f1d2a2202bf7cac3911fed3ea08","sha1":"c62c27d7ba8a6842751248cfca7af39306c060d8","sha256":"a2234d551e2596ff468c75d062f7b4602bcc52a667d92987072dfa07560b5328","sha512":"687dc2337f0d3b269909bafe8ebdafdd05993d415a0f0f23117dcd0bc8cb0f4902dcde4eb2046db749440bc2cc304fa7bc55f62c3ae0c30f3e510a5a594fb7ab","ssdeep":"768:ehkIBTn/6PXbJkhABfvE7GQyk33NMQdSyZefMAPrmps3PX5W5qRqX6YLQzy:UkkWJY7NtdZqMAbfX0M2","tlshash":"c7e2495db0116a7ee37bd4d160391088a1282fade82088d7f97f4d3127c9ea427ed769","first_seen":"2026-06-03T10:08:00.14834Z","last_seen":"2026-06-03T10:10:15.195783Z","times_seen":4,"resource_available":true,"data":null}},"time_used":782,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":782,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Popover.CSKhjSOU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Popover.CSKhjSOU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-8d79\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36217,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (20289)","md5":"e707e7f28d2428ea9fb734b1ac4f1e86","sha1":"cce360695568f4b7dfc47e9dcfc9514c4abe5413","sha256":"5811e9f126d2af3ad9949108029d87e55558f7d19335c27a6f2511270fa7d4ba","sha512":"e7044aea469894c8f824930d3219fdcde5adc111abd8b06fbe5df1b8ea41644be8b0db908b7bf22c8384be7a92899a7cc7886ebcdc070cbfc97c333b8998511d","ssdeep":"768:4k9gnwbDh45yeox9gCU00UgapJxihgSgNzinHDcpRj/RMbhlcS+pbHH+nUxzVbi3:zh4n4HWuNzinHofj/RMbfGDehiI","tlshash":"84f21b9134c6b47403bb86f6c08f4645a2290e26f90fd5d0f566ec6724e7268d2bef2d","first_seen":"2026-06-03T10:08:00.335705Z","last_seen":"2026-06-03T10:10:15.192105Z","times_seen":4,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/previous-level1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/previous-level1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 1404\r\nlast-modified: Fri, 31 Oct 2025 07:06:29 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: BLph8z.l9maxQ8vizNOqMvtgHWmMdQYU\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:32:55 GMT\r\netag: \"06596b7b56a44efb9f21add73215ddd1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 0RgpL_0fitXZKatJMGZg7HWyR6XjeRAAEKg1HAGCrxqGqcS5Y6FcOg==\r\nage: 2162\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":1404,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"06596b7b56a44efb9f21add73215ddd1","sha1":"f22a2eaa0dbdd42ee5b2c643e226f9ab7ceb5037","sha256":"852972dd053b8e4605e6993076970696eadeca15db304d304fbfe50add9adc7c","sha512":"5681f34a4a7eab4a3d722c87644c75ff34d03708fd5b3114187ebdd13116d198a3f817f3b4a259d6f41e084273908d9a3ee4afd74f2feaf0a6b74e87fd156e08","ssdeep":"","tlshash":"9a210bc0cfcd74d7c6e2455391604060edb50d5e925b53084847a9cf5c4fa0a27c13eb","first_seen":"2026-05-30T07:41:04.843615Z","last_seen":"2026-06-03T10:10:15.295161Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Dota2.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Dota2.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6515\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: J.ipVZeTFh.1LMmD2VxOiodofkScvpfI\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"076e0bb3616d661a3c83756ee40af384\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: C-p3KBn307keFbS3KqqCJx646t-TtjzSrA6YisKmQrhG66vjl6IUUA==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6515,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"076e0bb3616d661a3c83756ee40af384","sha1":"251684a21faaf483efb756a60dd3f54890866b76","sha256":"5be0cb4b7855ff16a20af702c633610340a0c034e486027c0704d7ff8033d7fe","sha512":"0d1c8b2426d22c48db21465192275ddd8446e1544398176ddeadddacbffe43654267927eeaf8b7db71872a297099e6d418dc047f2ea8e70b5cb9b04f49ba6345","ssdeep":"96:87SMhS5F1a2LFF93fdWIsJOPRguQgZ4BT8+DdROrVrzvxMNhz30IyQXXyooRCVIq:WSySj1nBl9sJOPHQMUNaVgFtfXCDmuUz","tlshash":"9cd1ad247bd14e540c758ca6971338a22bb70e95477924ad6b0e8d2fec3c46b24dd58a","first_seen":"2026-05-30T07:41:04.847043Z","last_seen":"2026-06-03T10:10:15.295962Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/success.B7fR5wmE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/success.B7fR5wmE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-976\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2422,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2421)","md5":"861edf6ccee12de018680dc5b5ff70c6","sha1":"7775194f46f290b518202bd71a4b63498069763d","sha256":"bd59e568ff6effdaa322fcb9a75fb145d6366fd9ed36403ea87fe64b1ca46d58","sha512":"c527618385c565d1be5f860c12ed44aad86d37e01dfb963c6746bdfe2f5540afefc1bb36b46b35d2447eb5bf61f4451cd5f11208821a00ebb67c78e51f165efd","ssdeep":"","tlshash":"1741947c851b6e78983c4d5b0b283d21d826a2bdcfcdbc475d865200ab345075ca5ced","first_seen":"2026-05-30T07:41:04.658352Z","last_seen":"2026-06-03T10:10:15.202614Z","times_seen":8,"resource_available":true,"data":null}},"time_used":433,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":433,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/2f887a197a0cf67255705d9e8264db8c.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/2f887a197a0cf67255705d9e8264db8c.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 4939\r\nConnection: keep-alive\r\nx-amz-id-2: guFmDmH/uw97fhHwn3aQEGjs71xZgVWr6Gotinwd9Js94kc2hZAJW1fsNbUWdrQy91Ve2CmjyzE=\r\nx-amz-request-id: HS40092GATGNYADP\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Sat, 09 Mar 2024 07:22:56 GMT\r\nETag: \"2f887a197a0cf67255705d9e8264db8c\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 2NWLVyJMS1uwU3n7B.ZkulJi4xq7aga0\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1805896\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_16352-24875\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:17 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4939,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"2f887a197a0cf67255705d9e8264db8c","sha1":"39e73583fefd9b1e9c213092d57180671902067e","sha256":"30ab16a9cc5e01d6c337865cb7f261441811f25aff55d2d74bc96775aed3428a","sha512":"e205df91cc1820fce8b92cbe3f423dc4ce918fa22dbb0dfb2236526f7dc9905a19061fef309b3cf520aa81d3f0db125f3c26e102d78ab01b737c3c1b27f61bb9","ssdeep":"96:T9HlSJPSNu/qEOnI8CEUubXGtC2m8zb54/QOrvT2eErdrpq:TZlSJPS8z8fXGtE83872eErzq","tlshash":"51a17dc1723b4c35d761a3759341473afe3ebd8bfac16298304475769bf45aa8906046","first_seen":"2024-08-19T17:45:17.514205Z","last_seen":"2026-06-03T10:10:15.298621Z","times_seen":8,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/46ecf8c9d0735b92c33cb84a7c0622f1.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/46ecf8c9d0735b92c33cb84a7c0622f1.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 15111\r\nConnection: keep-alive\r\nx-amz-id-2: 0qyPr4BA/A01ZrqWKE7Ws/RI0f05nxk7UXTxJHJGRetKEesIfZkkT/4+dTyf/4JPZfy25osYh7M=\r\nx-amz-request-id: RS11APFF50MJN3G8\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Sat, 30 May 2026 00:08:59 GMT\r\nETag: \"46ecf8c9d0735b92c33cb84a7c0622f1\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 59eUGF9CGNg5g4ksf8z806ypL.Kd_LA_\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 183233\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15478\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15111,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"46ecf8c9d0735b92c33cb84a7c0622f1","sha1":"c7367140263c02702d61bdcb0eeb5f0d829ebb54","sha256":"4c5195c28b6871e9e6de28c4044e773b69d1ae5233e382153b69c03eeb48d969","sha512":"5f859694c901e901bfdbd3a7be6651fe8d6898f556dd673fef8516ffd969ae6d7145c8b92b550b256e2f59d0d11e752aa57bd43b94d06e0255af31d3462e60d1","ssdeep":"384:wrvzM7ByvN7AIv6KCYr8nuj4zYFKxaTCfiFS92W:KQypNSI8ntCjTqiI8W","tlshash":"4b62c163bfdfeab7e2944e5403094421da6ab7b5520c8f4d6d2fe71b46633c1b471106","first_seen":"2026-06-03T10:08:00.419038Z","last_seen":"2026-06-03T10:10:15.317051Z","times_seen":4,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/site/f/sitePageConfig/queryList","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/site/f/sitePageConfig/queryList HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/json\r\ncontent-length: 93920\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":575629,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (26349), with NEL line terminators","md5":"7e7c5869051cc2779c98fb2ffae77ba0","sha1":"520db568ce4a1a50824629ce69ff8bf36bfb0055","sha256":"9ea2ec666c5c14a034f982f2a5a7028fb0a3cf2bb1c2c50008d6bde93aef61b2","sha512":"c6e39b921c4f0429c98b9a14598e47a39004766c8eeb9109ccff09cb416d193098b8021131ca7d19c0119ad88270ea10dd7d85f80c65dd6358e6ebd3c0934808","ssdeep":"3072:M4ThdoLra0tY5s8ODnJOqpa15Yt6eIwr3YfCKD9fHeK63VOwlhRZEjEC0tfKzf98:7N0tY5Nqpa1lBz84jj2","tlshash":"20d40122c7a6d344c534d4fd567b236810e0434fef471d7edba8eafca98d419392628a","first_seen":"2026-06-03T10:09:30.191415Z","last_seen":"2026-06-03T10:09:30.191415Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1337,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1164,"receive":173,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Forward.ga7cWF6g.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Forward.ga7cWF6g.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-ad4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2772,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (2771)","md5":"66025a59aa79714fb60ef4beef3cba75","sha1":"06feb26c010acd54106563175724b1962e87a0b8","sha256":"fb874aaa4505217ade42576757fe17c65f8c3a727c08297455302a1b4dd2fbce","sha512":"aebf568d2c6a6c2418b377e70b55006e6a17401199f886ec927f68ac009f69ffeb7f29f5dc108d83d95c137c601441de54e2f0d574831ce09af762d5dde205b0","ssdeep":"","tlshash":"a75184eeb3919bf9f209cfa8e17d6c9739bf38f27468001686464404675d498942f6b0","first_seen":"2026-06-03T10:08:00.30125Z","last_seen":"2026-06-03T10:10:15.264624Z","times_seen":4,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":478,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.D4fNHM_5.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.D4fNHM_5.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\ncontent-length: 759\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-2f7\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":759,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (758)","md5":"aaa5eca5d46f37840effa67bbef696ea","sha1":"7baf91513b0723056512685ab04a61163ac6535f","sha256":"3c2716adbf811567dd5b9876e5a95c826cb22dd64e5b1aadd104026c99a1688c","sha512":"167a3143db3b92e81a2e0c52e2ed297b065ccbd3eb40b90cc03294e2aa77669f1b14e5849be90d88415d919f7da7652919698062498119ba3553592501edf185","ssdeep":"","tlshash":"5001bd162d1ac13e406fe187a9619dd402317683ca400ef9d6af70b05dc74d2622aae1","first_seen":"2026-05-30T07:41:04.765745Z","last_seen":"2026-06-03T10:10:15.290719Z","times_seen":8,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.q3BCKoP_.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.q3BCKoP_.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-caa\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3242,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3237)","md5":"4b9c70ae2a779f47e1e17b3b722bcb27","sha1":"953289865385b1cdaf82f6b6ac34869b7686cf39","sha256":"59df9ace3ca143529343d10ba3f16cd7d9715758a5bbc061708ceb1aea983883","sha512":"ee54aea4fe6d597abcf2c686f9e251e073e634a829b880c5100a63bae083a8cdf6566c0c2eb751e8016529abd0033f97da8c6a02e7ac04cd19799adb17548de0","ssdeep":"","tlshash":"d161d69c5007867de43b9814210898e5e144bbe9db20d888a4ed40252bf7df9af7c3fc","first_seen":"2026-06-03T10:08:00.292784Z","last_seen":"2026-06-03T10:10:15.311979Z","times_seen":4,"resource_available":true,"data":null}},"time_used":924,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":924,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/titleBg.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/titleBg.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 21571\r\nlast-modified: Wed, 05 Nov 2025 07:58:54 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: JLiXUFV5wWQilmAk0HRRtW16Cf0gtEmy\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:07:21 GMT\r\netag: \"357453aa5c08cb433db73affb833b03a\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 91SY7oIHtYDsLId2FSLZ9nUCpzgfhqnzrguD3XGBIOjd5aOtYcqeBQ==\r\nage: 2976\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":21571,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 660 x 254, 8-bit colormap, non-interlaced","md5":"357453aa5c08cb433db73affb833b03a","sha1":"39e6f9f4b8ced64ea918c1793f76f35ebe9bc2fc","sha256":"1bc6b8de25e7e7fe8efc6e93f58e9297e02e70924f7bddb009d395a0dd108b3d","sha512":"f09d01da7fdf651eec06cb9ec39a147b4c833cd1827d8fdf3b04e96e4417df18e9616f52ed46ce06ae9398f3911e055e26d3907434c4283f4ce96319d8c11ba3","ssdeep":"384:zf4G9lqiJRNuPJj9gNhJLMo33+Dfd+HbOuJ8ZLgC2O/sZ9Ub1buyBzDs8xi69:zfT9ljCwNPLMDrU7kBglOeCbxu8tt","tlshash":"81a2e136a1561cb07fd7435b09c8207d51fe288b54d1b7d53c846bf286baf283864939","first_seen":"2026-06-03T02:50:07.93177Z","last_seen":"2026-06-03T10:10:15.222624Z","times_seen":6,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/right-icon4.D8AknhkA.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon4.D8AknhkA.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 14868\r\nlast-modified: Wed, 03 Jun 2026 07:46:11 GMT\r\netag: \"6a1fdbc3-3a14\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14868,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f0e4c2d8f99654c8ce0f63ef03ab3a3d","sha1":"7ae9a97e8db79b12c98e377c71282d9bd0d1010e","sha256":"e2560b7e58bbf4dbfa46229f838607559a7120404472f751100ef49d8640b5ad","sha512":"797d160d2a1c95255668e796eb136dd4e2f5215c41828872b2cc7586175b5ded1548ffa82186d86e7a5c4291653d297344e33c8197ec1595c221ebb660d92d86","ssdeep":"192:StGDPgWt+Eut7AWPhKdjK9Zr44s4Jg+YdmTOH9EOF5Ey9qdnb+spJod5+zdsA:xPAEut7B944vlXTOf5ESUod5+zd7","tlshash":"446287f2a2d4f2f0a805e3fcd43694f2797238f93f55a69483d1aa99b80616588ddcc1","first_seen":"2026-05-30T07:41:04.870485Z","last_seen":"2026-06-03T10:10:15.201855Z","times_seen":8,"resource_available":false,"data":null}},"time_used":428,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":390,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/master/f/fundsTypeConfig/queryAll","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /api/master/f/fundsTypeConfig/queryAll HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/json\r\ncontent-length: 2830\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27535,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8bdc8bd0091a82503a1eb878e0e914c3","sha1":"c7002cca53730b7e4ff65eb0ca9f80e7ddfa2de4","sha256":"feeea08a857fce87c742399346f37ad15a522a29bc9c14ff2d647d9229f93ff8","sha512":"0b34765f3d3865c47ac6c151e169fc810d8d1edfd2373d86a5830e49b1e4ec4b1e5f02e5599514b5eaeb108e3e46a91c9ec78f0af2e395d83cfa021422f83808","ssdeep":"768:m+q3oZgy1OYj8jSjtj8jRjXjej8jUjOj8j/jFj8jjj+:m+q3eOA","tlshash":"35d2d618768ecfec878573b50ca5208962f5b6ddc588a75cc3d9acf4e91e1d9302d3a2","first_seen":"2026-05-30T07:41:04.627524Z","last_seen":"2026-06-03T10:10:15.293584Z","times_seen":8,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":288,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/ca87aac57d9a2c32ef181b0986ee0b06.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/ca87aac57d9a2c32ef181b0986ee0b06.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 14554\r\nConnection: keep-alive\r\nx-amz-id-2: CQmoe91WQ99C4V3qi/nlQtzZTpMe35mg+upmMG/QF6mGD7WchyoGlZdGat7FzkQSfe9QpziGr1bcO3h+BYcIXyP22K94nKjO\r\nx-amz-request-id: FAHX08ZDBZZCG7AP\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Sat, 11 May 2024 00:01:40 GMT\r\nETag: \"ca87aac57d9a2c32ef181b0986ee0b06\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: YVgiib3qQlv9VWmpbimbzYbdCnOoS9Ce\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1756480\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_14518-13104\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:7 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":14554,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"ca87aac57d9a2c32ef181b0986ee0b06","sha1":"16427944cc24a5b64db3bd04e76e4663627dab18","sha256":"7c4a6f72a6bc46d6605750902e3acf4fdc3e3e8179d0b00bef19f0d991d955e2","sha512":"10c6dc23984f0cfe89dc8734c9b64b867c9fce22922950299c0a27bc8bd9b707ea3db9a00713f74bdefdea710beeb640e548b24c1106481fe8dc942c7226b898","ssdeep":"384:QfPTy51WLyEXiwlhRtcBy6XhpgstEBFb3g/NFd:4Ty51WLyEXiByyhi/33g/NL","tlshash":"0462c0ecf7f5b0bfdb5ecc37ae69a120d8af0ae10c94d2c282462d5518e57c9594508b","first_seen":"2026-05-30T07:41:04.648935Z","last_seen":"2026-06-03T10:10:15.204119Z","times_seen":6,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/game-center/f/sport/querySportType","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/sport/querySportType HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":186,"data":"{\"params\":\"=kBF4epc0VDqY2DXM9ztHnW4krgnqdZlULEuFspbU9kBmBsORSIsU2gWrZwk9KBCv713AJTV+hPjweRHx+kdNO4OEV0wgbZDjnRWdZED6yVQkJ2QOMgqnWxqn2F05lGwWMGQ0fkBjR2zMWSyBxb/Hail6sdLGhuc5LpljIO/OxE4=\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/json\r\ncontent-length: 1500\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14362,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (13774), with no line terminators","md5":"6bcadccd801e882e24b0207de710ec11","sha1":"d79d4c3ea8b825998a26e76ec083c631859d6c75","sha256":"c02e8bb0469bb0583a188f7bd25352e9667f5faa8565cac0080e66a55c66971f","sha512":"fc024e9df442d54d03032c3357d060f92f6c7d683064c672b7fe21f1513d0d5f8a09362387dce4068cfb993b02440e566e0a91499bd86db7a0186fda2621c519","ssdeep":"192:HfESeEFEIE7BOzDXs64g2pG5yE0EoJAv/SS0LoAHj9Sdmtkk8tes1DpHJV:RV","tlshash":"9a526eeb139a5c8c670e1a7085831685fbdc415eecd27e497ecddb6e804d6b3130b29a","first_seen":"2026-06-03T10:09:30.200979Z","last_seen":"2026-06-03T10:09:30.200979Z","times_seen":1,"resource_available":false,"data":null}},"time_used":370,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":369,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/phoneStatus.DsDFSgt-.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/phoneStatus.DsDFSgt-.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 210\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-d2\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"2997acb0f5b00fa084de4c86f5f1a50a","sha1":"e26cd0bc1c157bfdc967a139a61be2d9d5a3bfd3","sha256":"222abccb18585aba8f7364366337fb1715481cb11d99ae7f599f798a482c8c60","sha512":"371f7197e6179185248aa14ee3179df77f06c86ec4294717f0af612919f9515173fe6c48fd82c2aa5f328e43a3becdaad2e4a0e07cb5edc470255e9eb4d89eeb","ssdeep":"","tlshash":"c6d022eedddab0f0c20050926020813db0060ab5b83cc2cab0fc0c319e1b084f3baf15","first_seen":"2026-05-30T07:41:04.65147Z","last_seen":"2026-06-03T10:10:15.185327Z","times_seen":8,"resource_available":true,"data":null}},"time_used":784,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":781,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Tooltip.ChjoOOCk.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Tooltip.ChjoOOCk.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 1000\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-3e8\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1000,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (999)","md5":"3edc356539ee6892afd6c9a3f6331c7e","sha1":"0ba73243e6b7e80ae2cf64aaaa89a32e45ed6e4b","sha256":"cb3029dd86b02812cff0ffc58a9bd669b14aa15675fc113cccc9696d50d532ce","sha512":"9a1f5079f59b6d4f80efb6fe515e38757b299c663c0f5c44e384762150f77143fa30d0bf330ba05912b48edf30cc49b5c97ece2bdc82516b46297886a919dfcd","ssdeep":"","tlshash":"9811215ae48184b401bb30cce43b4710bb232749bc57f1c1fe3b959a2194f46caa5a21","first_seen":"2026-06-03T10:08:00.342653Z","last_seen":"2026-06-03T10:10:15.281336Z","times_seen":4,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/e4289b1517a8de7a867a821ca086d9cc.jpg","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/e4289b1517a8de7a867a821ca086d9cc.jpg HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 3205\r\nConnection: keep-alive\r\nx-amz-id-2: 94DyRxCmpDJC2Xkp7VzQokFu0UtViZpu0C1/K7x3NOu2jNih7VOn2KwbB9qwkyWQOqyhxySDYIBsWiL/sURO4uQ1ne6B49nX\r\nx-amz-request-id: T64HJC6BNPBB1VHG\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Sat, 04 Feb 2023 03:36:42 GMT\r\nETag: \"e4289b1517a8de7a867a821ca086d9cc\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 5LLcQXYq04iWqmxXVl21YFusv1IGWca9\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1621068\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_17463-17825\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:21 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3205,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 80x80, components 3","md5":"e4289b1517a8de7a867a821ca086d9cc","sha1":"e158ad311f1450eff6593669903e70ca865f59ee","sha256":"544c764a9cf8fae9fd162ec0e29ae00104f16e65d2693a0e6f2eec5a39786905","sha512":"072e5117d46b04726cc5b1366b71299dd5bf6103e50bd365cc832bcbffd7317a053e6cd78563c745a10e694301a38bf27bb422d9d40377d8d88e195f88325d12","ssdeep":"","tlshash":"cd613a3e67f13f0efc12247441e93fd2bba9af05d52d67129409c3785665cc7071816a","first_seen":"2026-06-03T10:08:00.417822Z","last_seen":"2026-06-03T10:10:15.220567Z","times_seen":4,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":61,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/25b2b462a461fc26d979d84287487191.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/25b2b462a461fc26d979d84287487191.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2624\r\nConnection: keep-alive\r\nx-amz-id-2: VknRyAltBiPS/tM7qp/pRDZ3pe0BirF6UunJipe1KUZtkBqtYkpqhXKkItc9WtNkegNh7v+PCrMM6PItUyCgGFTwT6vLV8cy\r\nx-amz-request-id: V9FYB9Q7P5A1Y46B\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Wed, 18 Mar 2026 04:49:10 GMT\r\nETag: \"25b2b462a461fc26d979d84287487191\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ZCd4ZzJ56fT2cTEYNyqtWjlq.SMUc9sE\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 6127\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_14518-13112\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:7 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2624,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"25b2b462a461fc26d979d84287487191","sha1":"566fc751449be7d00ca6db18a566d8d9192a140f","sha256":"46dae8ecc4045388cd3bcbde7593e5eaa34baeb8b4d9a0b0c91cf5f81d791284","sha512":"258e25aa259fd2548f71e24ccc339222c9e58ee0bb904e4273bf123a4fb908fe5ddb4d0bb562eeb9e6513033e45e86099ce096a4c6c3a4fef7684f79b92cad9e","ssdeep":"","tlshash":"99513ec4c147542e9dc90ebd807b8c2337fffabcc59dd1d4a3974702a5a589741341a2","first_seen":"2026-06-03T10:08:00.344565Z","last_seen":"2026-06-03T10:10:15.321529Z","times_seen":4,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/a7779f70d35dbea4cb7d7e5af3424383.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/a7779f70d35dbea4cb7d7e5af3424383.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2953\r\nConnection: keep-alive\r\nx-amz-id-2: c/5i6aj0LH3ite0xjNxte77bRXaP+y6MsTxTGegsQaGOeMEPRjx6F8nQEoK1cmTf6IEdoXlM+oh+DfvdgjblKqZQvfeGnqu3\r\nx-amz-request-id: 5KR0QN2B5V9614FM\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 10 Apr 2026 08:34:46 GMT\r\nETag: \"a7779f70d35dbea4cb7d7e5af3424383\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: cEzvyRqFkvjMjSwBGueXmNuvFyUJRLg7\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1811135\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15474\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2953,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"a7779f70d35dbea4cb7d7e5af3424383","sha1":"c084d8fff0a725b041e1d8b6a7f757cb7e4bac18","sha256":"d1875dac377c18539ee8fd70d2a71eda85edb7d292ba8c7b351a9221a5ce68fe","sha512":"88f144892a3e20cec3937af932cd1e406da0ddb23ea1c5242eb43e67c6715386b1d5b4f3ec4f456fdf5f47d5b96624e3d5205557285efb1829ffac0cebd2335d","ssdeep":"","tlshash":"a0512acae0131d7cf51e5aa72e4f2601c3e3ea7a324351551d28d6a2cf790c9212bf15","first_seen":"2023-11-16T10:45:52Z","last_seen":"2026-06-03T10:10:15.337577Z","times_seen":12,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":65,"dns":0,"connect":31,"send":0,"wait":31,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/game-center/f/menu/getHomeMenu","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/menu/getHomeMenu HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 186\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":186,"data":"{\"params\":\"=u9c0zJKDdWzM1oeYh1eM36McjaIrpLG9malve77mOZ+cV+D/+C3SoRozfE4/ZawoE1VAgF8XK//oI60G9xWKtCrHUncPL5rf+u4R8eZ2zhrYWS58y5it4bra2BmDnoXB6rdu9Zw3ZCnsJB2cTqrhg0oRn2ydgDg5BRlG6/igo7o=\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/json\r\ncontent-length: 18801\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":291145,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (63584), with no line terminators","md5":"5a0b132c5fa9724ee8a22ab24da414d4","sha1":"6950ae3c08ea983537381f4669fde6bca61fa06b","sha256":"23f7302bdaa1a6c322c493f5b2e9fa5becd0df9df903361fa7712bcf976bee78","sha512":"85ecb2e765848c240e2e5cc3e7402f6ccc5e5cd3bbe09da1738782159fbc79a761cbd6a730404313df2cc00f01bdb429d1fac78c029d46bd0e1a1dc1fae84b44","ssdeep":"1536:ZcXjo+tfQ5YFOuzLhFlmVzNR+ltZUgvjVA1XyaufQMmtPR8s67Oovhu8:ko+9Q5YFOuzLhFlEMXs67OKj","tlshash":"8a548ed99714ec48872b11f229db76c4f6ed620bcdc0bc65e18e9f6ac6e8737830154a","first_seen":"2026-06-03T10:08:00.346062Z","last_seen":"2026-06-03T10:10:15.189939Z","times_seen":4,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":428,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useCommon.D_QntRoE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useCommon.D_QntRoE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 971\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-3cb\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":971,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (942)","md5":"5493c1a4860df64e243cadb705a7770c","sha1":"a0870e9e7a45254d0ccad953b2ebdf4b4c33c206","sha256":"e221ca6797be9e6c007f4ac0ced862ee762ec1a059cb5ddd9b26b14fc1d8d5ae","sha512":"d90cb962eb5064294ac6d13138faafed20b4703ca851bfaf57678e725cae0fdfec9df8111d9e1f8776dd04259d33c138018a1c18de8b4fd5ba4d6958a412e62d","ssdeep":"","tlshash":"9b1150ae2f583cbd802858ecba5b49124226d6993d28cac0b04e0d19b1ddf40ff75fc6","first_seen":"2026-06-03T10:08:00.258115Z","last_seen":"2026-06-03T10:10:15.225417Z","times_seen":4,"resource_available":true,"data":null}},"time_used":785,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":784,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Baseball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Baseball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6346\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: JLGTbm6v3vRIJYX73Cam8lOs99.vfhFE\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"e689c24578b5fe13eb187324f803d274\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: QNmwpk_L2zm_YegCq6qSpTMcAWwZG9z3kIvIQ26_Hl-FGKH7N2JSww==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6346,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"e689c24578b5fe13eb187324f803d274","sha1":"e5e9465c086c197d95dd3997c95ac1f24c6b58ce","sha256":"a6e34ec2119c34a05c2f89f1480332f49ec2c83ff638c47c97f2233135de0d96","sha512":"7a65f8fb35796bb54984677563c9d79539963a634d2c1fdc2a9878219cd4900a2dc59fb34cc9773bd55596bbe7948522e5c4b4f2a4b430f2665385a4e152b5b7","ssdeep":"96:FS165qNYhjvmudKEW8XGVijlEOzOOjY0V0WBzUvWDcWuvorvu8S1KCeepEwBHUk:FSmq+hrt4CGVijyOpHFUuw1vorG84xz","tlshash":"34d18e6f3245be977c17f3b237592e247c53e6fb05c0616de5e0a82c8252d60e05a689","first_seen":"2026-05-30T07:41:04.71002Z","last_seen":"2026-06-03T10:10:15.189139Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/f2b19510337644b7e8b5674862542d34.jpg","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/f2b19510337644b7e8b5674862542d34.jpg HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 8969\r\nConnection: keep-alive\r\nx-amz-id-2: pmcQ0dPcI1gNfzXwfexM5A6x53IEOIJFN/t7XbuCRT3mBUwkLi6IV18KUt45PeSOw5oktHNilCR+KUsaJgdox1wC5U2ZHquO\r\nx-amz-request-id: D0KM66RPHHJG83M6\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 21 Oct 2022 10:53:25 GMT\r\nETag: \"51afb490e5e3a4da170596d609fc974e\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: LIzt7gIcHITsfq8PfqqkKUoEAo6UxSOI\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 953681\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_16352-24876\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:17 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":8969,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 67x80, components 3","md5":"51afb490e5e3a4da170596d609fc974e","sha1":"b5fe8347d0b554d7ba30fb1d6b7780ea4a083c6a","sha256":"dd4c2dc853522b274cf78f53827059a26dddb244203529870ea838f9d9baf015","sha512":"beb546eea4611463ba87e4425a8028861e6a971ad4da7301f0326ab92b2b20b9f2795239602630177115560d9e02a26b83ec0976f48dfa4f4626dbae10b2e6ca","ssdeep":"192:gbVVbtlnjJ1nHjivI3yPztpbRgzprNtsb1vXQR:g7tlnjbnDiPJH0rNca","tlshash":"8b02b0e3436411344eaa09937aeb4a700fed896830533f14fd1bd5c4e3de998a2766bc","first_seen":"2026-06-03T10:08:00.416456Z","last_seen":"2026-06-03T10:10:15.247693Z","times_seen":4,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":54,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/league6-active.CAVaxu2M.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/league6-active.CAVaxu2M.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:10 GMT\r\netag: W/\"6a1fdbc2-db9\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3513,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3512)","md5":"c5ca278ae81d856ecd99dcc10682110c","sha1":"af597d22431bd3eafbc1f534a5ed5e4ef556d7a8","sha256":"1c2bc5839ed0da9275d0a7c804544f4b7fc771807f9d454e5393edea581bf173","sha512":"78910a74b626018f8e8c22489893d8dbe1f6b75e05b577de933d819ad6db94ef596b87eb994bdcbdbe60bc385ab8bcb852e76f7978d3f17eacc62d4d288f0672","ssdeep":"","tlshash":"ba71be1234dc2a1eed23bc116890033530b9ee474572654acaea2b2688d734f5eff6dd","first_seen":"2026-06-03T02:50:07.936787Z","last_seen":"2026-06-03T10:10:15.334348Z","times_seen":6,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/chatShare.CI7ZQNfd.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/chatShare.CI7ZQNfd.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-445\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1093,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1092)","md5":"8c484fa33aae9aa4caa73758c9fc5d4b","sha1":"b107f8624668440b31cc867a1630184d40145f63","sha256":"3a0da513cfde0cf206dafaa07d44b468fb74ee08c82dbab0da48872611e031c3","sha512":"db3dafe9a977c62df92588e4ebba1d81943d9282d582cbfe45586c29187a8e53ec45e707b5830bccde22758e65b180185491a9ecb45f7f109e2ead7dc77ea742","ssdeep":"","tlshash":"a711ddd6b1c639a28761145e90704666f2245d1539ad83f0f23e95733d2b81382fbe5d","first_seen":"2026-05-30T07:41:04.668588Z","last_seen":"2026-06-03T10:10:15.325044Z","times_seen":8,"resource_available":true,"data":null}},"time_used":871,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":871,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.B_EyOe7G.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-6039\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24633,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (24361)","md5":"56b87537bbccb99cbb3f8e40c680b3a5","sha1":"9c29309c502860d20f37423d7c9e59267416b0e7","sha256":"bc7f271a30dc6d0a12cc4550b077b6126a9304f4f2d69ec9724dfa27be1d92aa","sha512":"2e542ad20e1a1039616ca07a456b322126605e660a065039d0d19c91440073278937795d618571152c455a513639da440885a6474135cd5da8d3b6677d416835","ssdeep":"768:MdU4/IJe3oXMryC3ISDpDyo4p9rea0sbb0079EFo:m3oXI3Dyteh1o","tlshash":"d5b22a47a13a1ebeb3530da0f0690597520c7febd400da90a5ff1e701bdac8056adb7a","first_seen":"2026-06-03T10:08:00.144623Z","last_seen":"2026-06-03T10:10:15.297651Z","times_seen":4,"resource_available":true,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":873,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanelModel.C4YiEeXu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RoulettePanelModel.C4YiEeXu.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-7d7\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2007,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1994)","md5":"482346c7e505bc9dfaea505944722467","sha1":"f388d897c5f2e584db653ab80587e67d24f4d004","sha256":"60ca6f22ef272e3ff005fc2b2a79aa89bf0342dc311b0df5af47ebb93de601bf","sha512":"94256dbbe8c8bccd640d883d4824955d158059f6c2bcdc01fb4078f944c492e26b90b05a71f14e610b172472bb8ff8ca7d42b1922ca3261ad792f32ac7609dc1","ssdeep":"","tlshash":"2141b6c9b45acaf566bb0e9ce51944d1f11c3a2d6331f48830dc80232fb5de4957e71a","first_seen":"2026-06-03T10:08:00.371994Z","last_seen":"2026-06-03T10:10:15.228914Z","times_seen":4,"resource_available":true,"data":null}},"time_used":853,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":853,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_script_setup_true_lang.COuUBNGy.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_lang.COuUBNGy.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/BonusSign.Bs0dkeja.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4a1\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1185,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1184)","md5":"1171a8990d5ae877e7e3a826d4a47830","sha1":"a137dbe5f774e58073b8fe1d46b9750074518be2","sha256":"c2b43469a403228c431bfc3bdfc424d84c86a92d43278fe7cce7313e2b6494ac","sha512":"8f109bf85917de8033e6fe7099fdce59723000e5f99e1ce30a929c2bcd3a78560652a49810882ee50e4512e41ae99c92e03d20b3e66cc4874f5b50852d237164","ssdeep":"","tlshash":"9721338b3ca810bcc3730d08a1a259d92525475ca275d8e5343a542a13e7c807bca167","first_seen":"2026-06-03T10:08:00.331924Z","last_seen":"2026-06-03T10:10:15.2436Z","times_seen":4,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/video.muiVzykr.gif","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/video.muiVzykr.gif HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 6607\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-19cf\"\r\nexpires: Wed, 03 Jun 2026 10:18:57 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6607,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 36 x 40","md5":"fc83bd555e4815ab30fed475df8512e8","sha1":"b999d784a3230f9f025bf95e13704ab7db68a851","sha256":"1921fbc70430b110a54821f0266a057c747bf59280e73f1a3cd8713aba5949ba","sha512":"4b6f0d0a7c1e0e5ce8db2ad37025949e8a94d047274f4eecb8970113c79d7feb64c179e3a744a5d1fb702b273932478957d53874687cdbd78b39a0f726b96e30","ssdeep":"192:X6t6IS7ooq3gHvkg8xf6YcZ4OhwDelZPwsGzlG:X/DEoZPkPfMjmi+lG","tlshash":"01d18342da81a8a1f43825712d1ce755cf6be0fda6ad13be015796203ecf5ba61c23d1","first_seen":"2026-05-30T07:41:04.755032Z","last_seen":"2026-06-03T10:10:15.271954Z","times_seen":6,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/ab2c34908241229ebc4083286067fc1c.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/ab2c34908241229ebc4083286067fc1c.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 13541\r\nConnection: keep-alive\r\nx-amz-id-2: ez4XvCsCi8+sOQozsloBY/KB6XhR//dVT3KFs3UdhP34SBsehV/H/JbfS+ObBLRw0gfYaA6OfMNMpYexG27YqZMlezf5MeCJ\r\nx-amz-request-id: 5QK7X44V7R64SAZX\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 18 Jul 2025 10:30:32 GMT\r\nETag: \"ab2c34908241229ebc4083286067fc1c\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: J.W6AmoyK3o5vnylrrRvI464CPoVpQ26\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1805896\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15482\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":13541,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"ab2c34908241229ebc4083286067fc1c","sha1":"25ecd833f7384fcaa1711e4675003abb83bff903","sha256":"d1f08fb961a86555ace68f9e71557728b1c6767d77785d4a8b979af0835f5657","sha512":"679b8627f5c89c23b760018757bf0f83eba0cb36e6a944dfc352828608e299b3428eb441f0930f8950c621a3a26c9ec12e5e08c7443b7e866bc42304838f0410","ssdeep":"384:0vV8Uk+5dw4xRbWG1lEGUPNoZkzcYJZrWk4R9gl:oVHdRTb1+GUFoZkzc6r1Ci","tlshash":"4e52bfa452d6f9651485b86e6b80dacc03eb3b10af7cb80438db08634f9f6996552663","first_seen":"2026-05-30T07:41:04.771373Z","last_seen":"2026-06-03T10:10:15.248388Z","times_seen":6,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":37,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/gift-icon.6MG1Eo4n.webp","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/gift-icon.6MG1Eo4n.webp HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/webp\r\ncontent-length: 591918\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-9082e\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":591918,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"93fc8cc63072bb9915ad09147a9ce0b2","sha1":"b78bec0a02a2079525080354b277ca22203c7f70","sha256":"54aed5dbcef9a64bf62dbbc70dd0567dcd9e3d0cae46c5c115614414828337e4","sha512":"c1fed45bef63538aa58b544528f63f40942dfebe1587472852385bd1a7f7b4af2bec73d5f09b67ce5199a71c87212ccc63ddc96ec2de96ea30ed89ce262d2a2b","ssdeep":"12288:ursRSGJZ8SG35MUcEmCIZyBDscT2bQEmrltsDtjTY80:u+SGJOSG35Mhffg3T2bLSaD1t0","tlshash":"04c42340b8b39005f9ce1c7f42453866944f886ab3705bf3ae42e9af847b5e0727db16","first_seen":"2026-05-30T07:41:04.605201Z","last_seen":"2026-06-03T10:10:15.305462Z","times_seen":8,"resource_available":false,"data":null}},"time_used":828,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":345,"receive":481,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/_createCompounder.CzkBocFs.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/_createCompounder.CzkBocFs.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-d29\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3369,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3174)","md5":"1341129e5f863be771961b74e6931d81","sha1":"2eb72b7c8f4e616bfab303fc60b779efa06e85ae","sha256":"fbf9f355f629ae10949aa34a029b73f74030e6aa444449f38f939a32c066d449","sha512":"75ad66f52a6826487cd89e6ad4bac4cf648969ff561382932c5b723dd730d815fed94c674f0c3e44df212aefdd976bfd1107d410fd41458832f76f57f1e04eae","ssdeep":"","tlshash":"e461524968a7b548630870400aba0c89c3b91f7771e5e2dde3b6ec853e75f2852d5b26","first_seen":"2026-06-03T10:08:00.349378Z","last_seen":"2026-06-03T10:10:15.239906Z","times_seen":4,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/league6-active.DwN5Un0P.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/league6-active.DwN5Un0P.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-4fe79\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":327289,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (14398), with NEL line terminators","md5":"464dd4b1f58421c3f21ed3ab5ba453df","sha1":"e6d01c318f5dc4313c74945091971fe81b6acef3","sha256":"8e9aad527be3c8a5824bb048fe65cbfba1eff40a583649b1cb5c40e7d6ce6c42","sha512":"7c0d3da5b4b7dbad29c7c38af829ddcbb49da8cd7367b2f1c19d43ed515618b5aaa467b02fe4744a5ca04ebb441c97c6ec19a79d23fda6cf5215071287cb8672","ssdeep":"12288:Ofvxqtb6DPkaqyiP7wfmxGHID7+PrWNLULEJSK3ugWfZln/vQuj71/hVq5Z9ZoVB:Ofvxqtb6DPkaqyiP7wfmxGHID7+PiNLK","tlshash":"5684718e5c86e371cd4565e637b021b1af3dc7faa24de8224bf230da3a2fd455972460","first_seen":"2026-06-03T10:09:30.214471Z","last_seen":"2026-06-03T10:09:30.214471Z","times_seen":1,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.BKfsIFjo.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.BKfsIFjo.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-108d\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4237,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4236)","md5":"9066edfb2ef03eaaf608a5cf3eac29f4","sha1":"1ca0a2f92f415a0facd9ccb6e7a003786ec63fca","sha256":"0b90efb387fc389ea270a0ede4fa5f6b7265c5380aaefc174a9833721cbb9b1c","sha512":"2d6878a68f3fd0e80d708a9624e1ad0086076c22e26d8bae95fe10161a71c2933d1d7c519fa344c14906baee9edd67f9f2f6171fff8e41c90b2e43a1789d5111","ssdeep":"48:gv7BzEsg4s+7sfTomH8eFOjw4jPnjRHTk1OQWjAAkgi6kACmP:m7BzE4VheFGYgQWjPr","tlshash":"2e915b51b9d4a03a265e672d97a17a38963cf134c3418ebac534f3600a423eb72b785f","first_seen":"2026-05-30T07:41:04.741135Z","last_seen":"2026-06-03T10:10:15.324166Z","times_seen":8,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/RoulettePanel.Dpimhcgp.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/RoulettePanel.Dpimhcgp.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-db4\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3508,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3507)","md5":"f8d0155317be3dcc160751d23cbd2c4a","sha1":"733832df39e7e16b52d1332fa42781a63fdeb2fe","sha256":"6daa31ad51daff8cae583da2afd298b724c77013afc0122368e0cd438b49245e","sha512":"55789d98667becd58cc65d3c6e0e36f9d83d2f2e92aa6a016620f52751f498fc6e8752b2881ac892ddc8f091f73da465f7f68783236a1b532c29085e90de9891","ssdeep":"","tlshash":"3c71dd20952c2104c67ff511aea8ab8d013757435f3f18add2940c6d8fcbea52abad52","first_seen":"2026-05-30T07:41:04.784316Z","last_seen":"2026-06-03T10:10:15.302523Z","times_seen":8,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/81cbf1ad33fe042cc7a1c6f3670260ac.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/81cbf1ad33fe042cc7a1c6f3670260ac.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 15381\r\nConnection: keep-alive\r\nx-amz-id-2: GbENzTu7KOEmqn/oxeclUJd5VgEhyDxfCtusR3p1+w8FZYhFwrvT3wA2oCPH7TZUS5B6iZkqRr0=\r\nx-amz-request-id: K0SGJ1MT9ADCAQB6\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Fri, 23 Jul 2021 06:22:13 GMT\r\nETag: \"81cbf1ad33fe042cc7a1c6f3670260ac\"\r\nx-amz-version-id: N6Vcx5IJyyT6OzujZCBOY11MdDC.FoJn\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1756482\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_17463-17829\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:21 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15381,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"81cbf1ad33fe042cc7a1c6f3670260ac","sha1":"dbd5107eca8a53d4178431170e9361f1ed9f22d0","sha256":"1d8fd88d73a4593db54329519019e0607bc55978ce8214523e831c80abb50050","sha512":"62d938bce0c8fd2793a9acb4eab275ed74bf3e71612b787cfe7b3d9ecf94fbc780ec8cf38c21ac1400692d519ed127c823beea30e9fdca5e19d3ab78077adac7","ssdeep":"384:TxNyAeQwNoo4iAzsuNHsdR6c6iUHFJ/sL8YPne8lK:TxNyNLSo4iAYuNO6c6LHTUL8YHE","tlshash":"9f62c00e3a52523be5abb1541b425e0ff9cbc14448f26d382ecb6f4a9ced450dc51b3a","first_seen":"2024-08-19T21:11:21.032192Z","last_seen":"2026-06-03T10:10:15.322424Z","times_seen":6,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Valorant.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Valorant.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3202\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: mYIMypaYlxvdQywrI.i.sjeZeeAfI4jm\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"208f44b6f797772316ef998c2d12e02c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: BbpBgbhhkdpEyElwocrsdsqx5SXADQeKJdLai24p3UBilTC0DM9e3w==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3202,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"208f44b6f797772316ef998c2d12e02c","sha1":"4fea9387ca5443cf79b7434aee0014331aaac623","sha256":"a9ddde829f3db072ca0f1aca927607cf833b1a320722e7400085d0548990613b","sha512":"1d3ce84c7f3c570f8443faf53268adae276668e4f85915e6ac1e41fab57086e0888e51b7699acce614f4cf4fc4133d0afeb67f50f02d34a21e80f02d331eb64d","ssdeep":"","tlshash":"ff613c99da836338fe09495102d64df46cbfe603892a86660c5cd5996bf94714bc33cc","first_seen":"2026-05-30T07:41:04.879744Z","last_seen":"2026-06-03T10:10:15.314215Z","times_seen":8,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.B4VX7whu.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CwYXShdD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-184d\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6221,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (3320)","md5":"0d6366a9502c8bfef53f566a44050709","sha1":"6ff545c27b066f2966df98a8452d19e8c379d984","sha256":"067ba6cca628899ae0bc1b8690e8f01b0411399abba4dcd1b916e8cf473cd68a","sha512":"aa793552a7edff43dc953ba414f2d7a5a5c58dd987a7e563ebd6c15fed39f79fa62abd530bce639032d535269d66ea21f4cf0d28498aaea1671d976e0ccf67f6","ssdeep":"96:jRhml712d6JEw0daFkQr+aOqF9lvmy9Y3YWDflectiP:F4lYdUkQr+nqF9le24YW5eH","tlshash":"80d1ea025684fffb89f28e787f5e0a34c4f1c675027185eadbad0c3855e6096637e542","first_seen":"2026-06-03T10:08:00.218923Z","last_seen":"2026-06-03T10:10:15.16213Z","times_seen":4,"resource_available":true,"data":null}},"time_used":789,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":789,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/OddChangeIcon.ByB84Dw5.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/OddChangeIcon.ByB84Dw5.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: text/css\r\ncontent-length: 108\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-6c\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: EXPIRED\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f42f73cd294d79a4c0eae64cb4640b76","sha1":"5001d70ac57e4062fd990fda72d585d65696fa6a","sha256":"50e27b1325c93748c3f85f41968d6e227188f18f0fe44bb0bbf58ccf8c34a6d0","sha512":"cc1696594dbc8b3fe1f3a855b7a519e178627ebf78aee6025af2d4046db149f0c1fd3e628cd912e3280f5e24e3798b9f276eab6615d888e916005c5f87114a71","ssdeep":"","tlshash":"e3b012405e19945831e34c01f0c20e7a2d24d7434934369092c01c6d85238af365c17a","first_seen":"2026-06-03T10:08:00.414588Z","last_seen":"2026-06-03T10:10:15.190811Z","times_seen":4,"resource_available":false,"data":null}},"time_used":452,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":452,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.CcQ02tWX.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-432f\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17199,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (17072)","md5":"f397c343be1172e7005bcb3eac87fd19","sha1":"5093f5df1a9198b931bb4e9dbc4d2e51309bf2fb","sha256":"0884c77940c1ce55d860e2876fb295fd7304498c137ae5b0b539fd83bdaba5d5","sha512":"f8a3b9b93922606134f82cb1e52dd12c4524568ff3c99871952bdf9f8ac5c1ece3c1289d7247af3cee3f81c9a25e38b4e1470e141ab4199c0292ac41a75a301c","ssdeep":"384:wXKOkPVp91oIE0Yt9iXmb20QjoghzONnuPyOjiAEJEhC:wXKLVp9aXZ720QjowqduPyOJzU","tlshash":"4a721a89b0320cbabbb724f5f0544054e6b05ba6f016d5c1b1fe8fb83bd6c605b51ba6","first_seen":"2026-06-03T10:08:00.334099Z","last_seen":"2026-06-03T10:10:15.205589Z","times_seen":4,"resource_available":true,"data":null}},"time_used":492,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":492,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Select.Dr8_3GoA.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Select.Dr8_3GoA.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1315d\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78173,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (20197)","md5":"50d0d2c918219970a98ad9fb13b760a1","sha1":"c19316259cd9bf786774afbebfbbc0bb8f406188","sha256":"568fdf51af50bc198f1724d5d39e2ca7f641e276121e61f4dfbd75ec9f942fc0","sha512":"3207bcea11a877f5a3e9dec480f7cba87d083803e4cacc698a67a352f96305cf20dd9f0b3d9d7e6fca90447f62fc602f02cb643b94652f18da1c2bc3fef16c8d","ssdeep":"1536:wUotoJ1eQYe9XP76Hh1fAkq3JXaJDgK9fxBd6/y21ZUsQAGBi+g8eGYZ:wUotobJz9PeB3q3JXaJDgK9fxBd6/RUm","tlshash":"c2734aa4b90cb0b255f7c9fcc09f0149b3213b51b900d1e4f97699a12aa5778f267f3a","first_seen":"2026-06-03T10:08:00.211463Z","last_seen":"2026-06-03T10:10:15.183148Z","times_seen":4,"resource_available":true,"data":null}},"time_used":697,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":697,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Forward.ga7cWF6g.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Forward.ga7cWF6g.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-ad4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2772,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (2771)","md5":"66025a59aa79714fb60ef4beef3cba75","sha1":"06feb26c010acd54106563175724b1962e87a0b8","sha256":"fb874aaa4505217ade42576757fe17c65f8c3a727c08297455302a1b4dd2fbce","sha512":"aebf568d2c6a6c2418b377e70b55006e6a17401199f886ec927f68ac009f69ffeb7f29f5dc108d83d95c137c601441de54e2f0d574831ce09af762d5dde205b0","ssdeep":"","tlshash":"a75184eeb3919bf9f209cfa8e17d6c9739bf38f27468001686464404675d498942f6b0","first_seen":"2026-06-03T10:08:00.30125Z","last_seen":"2026-06-03T10:10:15.264624Z","times_seen":4,"resource_available":true,"data":null}},"time_used":917,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":917,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/config.BpcUrZ_O.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/config.BpcUrZ_O.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-710\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1808,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1807)","md5":"8ce1fadea8c88bd580d9afdd0bda37f5","sha1":"aefe3439b51d025b26f915d45eeec3433e2b3ae2","sha256":"3236f2722f428e539a1b95e01cb461b55df5800df94932c351fb42a9767e90f0","sha512":"ccd01d2eeca96368b05f541ee6b74defc95349c0d522790561c2d528b86e1514d87d6a81b9096c9a1f3276072c7da0252c909469b108c7ec5c9cf2ae4217fda8","ssdeep":"","tlshash":"dc31209e8b6338de09f20e5494db0f31d41c0309ed268825e3efe63ad502e816227e35","first_seen":"2026-05-30T07:41:04.696534Z","last_seen":"2026-06-03T10:10:15.207108Z","times_seen":8,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B3sdte1J.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.B3sdte1J.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-6e4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1764,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1699)","md5":"88cb6baf9215a8bdbec690f1b49d1ba5","sha1":"9d031f825d87327b8cfea933cac3427d0425b732","sha256":"3c6524ba93fac96d24da0fb6c1ec4030a94879b78c33b68241dd2b13dbd70c2b","sha512":"db75ca089c2d474ceaf7996583aa509c1a80084a3f3bcd7df6cab2537e110d723601e9e878e6414f3f5391b62e92cb508d6beb37fadb9f5a6a3fd520c52a9488","ssdeep":"","tlshash":"e231762fb4be9bfc725b082891950886362d3f9ee271d094c0f90d160ad6de0db6b138","first_seen":"2026-06-03T10:08:00.163767Z","last_seen":"2026-06-03T10:10:15.285224Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1023,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1023,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/video.Bv5D9_Td.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/video.Bv5D9_Td.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 57\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-39\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"718063586df6dc66587fbd457ec5f4fc","sha1":"388405a35f553a05a7e8682e767b288db16c0daa","sha256":"c69902672eb03df339be1ddacada47060eb42bca1ccf5f5efdb38fba69a9aaa2","sha512":"260bd3f8c16fdb74e8548a50abb047a9dc2e77e528173048b63b42687413e0a27a9d4f15be052755de672c2238ce48b6304a6c2207e3f8a12168775cc75975d8","ssdeep":"","tlshash":"689002295c01836024954069af9289699411851a32750694d0160941a319456566c565","first_seen":"2026-05-30T07:41:04.641841Z","last_seen":"2026-06-03T10:10:15.188264Z","times_seen":8,"resource_available":true,"data":null}},"time_used":705,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":705,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/siteRewardModal.Dvn9HFxM.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/siteRewardModal.Dvn9HFxM.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 698\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-2ba\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":698,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (679)","md5":"45f51df14995e0c2c545dba7e1787e5e","sha1":"3cff7cb9d0f4320c1d831598f498f29f800f10a2","sha256":"3e425fb90b828790aa7b282018db0137e5211e7bfbd5388380522ed76b7f4399","sha512":"f3db114d5670332871bb623d88a90558931300d2cbf34a96b0baf25b63dc51e07c727dbd58d8b451098f687d5addc72dfa4b0ebe5202f197137fbcee38106fef","ssdeep":"","tlshash":"97017647e84934b914b766b27455690203a8b93a949a022c39b538db16cc885f2f9f30","first_seen":"2026-06-03T10:08:00.158864Z","last_seen":"2026-06-03T10:10:15.207896Z","times_seen":4,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.MPAVG_kC.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.MPAVG_kC.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-d31\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3377,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3356)","md5":"1f32bbf2a69d433ad9cd2ae4339c619b","sha1":"616f4266c99a85ada8b610a0f48939c759ce78ca","sha256":"cae1dbaaadd07bfbe3f773044497dd8b8eb84d580551fc57b9ab0bfc5543deab","sha512":"a43c7f68218242ceea3141fd6f3f82e167cbce2e8e2aa7a7a6998c04e6c88382b21f02b38bd1d83e2c2e873bcea8cce11513b9aa49ce109bdd80e6335fb4909d","ssdeep":"","tlshash":"386109b3b84fec710d630c38a41548425c08afdf81786a0de9b9b5391fac9a0d96c3b8","first_seen":"2026-06-03T10:08:00.213647Z","last_seen":"2026-06-03T10:10:15.291991Z","times_seen":4,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/use-notification.DYrhVCjW.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/use-notification.DYrhVCjW.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.AhYOak5C.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 189\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-bd\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":189,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text","md5":"eabe1025f70117ddc48bf99984d1524c","sha1":"1ff9ebe88648e95a4cf197ee99563d4d968aff6e","sha256":"8bec9a27838de0a2f553266883fd92ab09cf8931822343f8f31efb7bef1b07b4","sha512":"df2eb7999d4dd6de283289d0afec9fe084369212d61288e776fdab890de120b12647e0019a340867b2befda3d82a2b110caf9cc2bdfc7a3985a44e89ec9abc6e","ssdeep":"","tlshash":"a6c0228f308132b01b8305bb712a08ce42374a283a6416f0014f0534a351270e30fc4b","first_seen":"2026-06-03T10:08:00.302957Z","last_seen":"2026-06-03T10:10:15.289102Z","times_seen":4,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Input.CcS_fxKr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Input.CcS_fxKr.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-719a\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29082,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (10575)","md5":"0d5ba40dce3f91819d89041ca23d880c","sha1":"36fbc7a960e643d365f6f1c28c93c9bcc00713a7","sha256":"4a311fcfa642323bc76d7e087c72ecd568552c549e93cd660e72a96d0f9a4817","sha512":"cdb6abfc022e6777411f70dfcb7edfa7df4247b616d5c16246d5df2c1ec8d4e24141bdfe9a7061d7e3976fabcb19aca8a9cb745b917c05d5e14378021205c722","ssdeep":"768:XZacpv5VFP/7DYSWm5PVpK0QYUDc7et89xmCAKCIdfgmcw0S7RcL1Vmc92GH+2J:pDDP/km4tyFVc2GHf","tlshash":"efd2f9a4f90de0b465a3c9bcd18e861a33113663a601e1d4f0745ca51796bb9e36bf3c","first_seen":"2026-06-03T10:08:00.267467Z","last_seen":"2026-06-03T10:10:15.22747Z","times_seen":4,"resource_available":true,"data":null}},"time_used":490,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/BetCard.CpJEQuqc.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/BetCard.CpJEQuqc.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-f28\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3880,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3879)","md5":"3d5a85bdb3bd0ca453dc3eeec793bfee","sha1":"009727c1e61ef474e0bcd10444477b9d002babef","sha256":"eb1ea9a0bb71bd8322872435ecefee41ed79b435a984d2d40f147718d62133ea","sha512":"853e0fb2cda54685a0d690c24ba5597cbcece41d0e468736a907440fd6514af249df9b05dc6f04345aff77f1af4812815b02f04423d2baabbff06a9185d364a6","ssdeep":"","tlshash":"2081af71752e962c783bdca160d04bdd6a097203470357a4dfdb3c768cc78a66b3a95c","first_seen":"2026-05-30T07:41:04.634105Z","last_seen":"2026-06-03T10:10:15.318012Z","times_seen":8,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/BetCard.BzkliE3y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/BetCard.BzkliE3y.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.KwvdZ0jF.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-4ec8\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20168,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (19993)","md5":"f80d55d5f03700810e12b5bd1a1c2551","sha1":"2a9ec49968f74d7ebc696401f631cdc97b1a27a2","sha256":"04548ffb352a269ea564d04c5ceb6045e0cb88c1165bc3f60d7fc64a84897844","sha512":"5f1b54998556e8d0bddc5a2a3f49cc0f819cd024306394f56761d1ad313b99c1af16daec4251d527122257f7064208f401245dee957a4cb5ca5c8838da966ba4","ssdeep":"384:sDQUEDKKizqp3Qphf5exea4ZXbEsAw0Ev0szFSM76g:sthKjQphGeaoXbMwJzIM7l","tlshash":"f992e74e351745f6d43b8c3722193408e0353fdcdf25ac86f1eb96252aca9162a98fbc","first_seen":"2026-06-03T10:08:00.188063Z","last_seen":"2026-06-03T10:10:15.280616Z","times_seen":4,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/MatchTimer.BMVrwhX4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/MatchTimer.BMVrwhX4.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-81f\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2079,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2078)","md5":"85643f189364cb6aa074a791fe628c2c","sha1":"9840d5181ee80ae3fae51d9c6e57ac9d36045c30","sha256":"44ab6ad24b1c9a4fa377a5f4d6f1e1fc695e90beeca83b34cf2a10adb2263561","sha512":"f979ab2910c5b0075b50facbfc70f15be695b65dbf1a85f2efd2713a14a6f883c7a1d6b7f6c1107622ed618786d3189cdd024bdd93db8849c4e8e8f318606c21","ssdeep":"","tlshash":"4f41a745bb0f68e053b0098015444910ad2acb2d3133a9c5eb9c4fad936ae58afcd56d","first_seen":"2026-06-03T10:08:00.233074Z","last_seen":"2026-06-03T10:10:15.265945Z","times_seen":4,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":332,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/happens-in.CM8LO42l.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/happens-in.CM8LO42l.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 129\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-81\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":129,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"ae5e36995975e9ae7fe7a49f90f3d3ad","sha1":"d82f171350e16337a124596299c9d353a0b49065","sha256":"5a0159f90797b41d0637eadcf60531832dcc28b88a27a240c148b9d15f90ae84","sha512":"27eeada3244476126e3805c47fea7b3fe8f44017acf936a4446a2a2cf0de8f98a105ed0b7a47f3849458cb428bcf1ec3b8181a9f8cbdec60dbdf210b1d91f50a","ssdeep":"","tlshash":"2bb02bd533cb40b2c8ce432c882e404471003f0c01084110612920346f258927c51c3f","first_seen":"2024-03-17T14:00:22Z","last_seen":"2026-06-03T10:10:15.204851Z","times_seen":86,"resource_available":true,"data":null}},"time_used":741,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":741,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/MatchTimer.BV565ww3.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/MatchTimer.BV565ww3.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: text/css\r\ncontent-length: 149\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-95\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: EXPIRED\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":149,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"88bfdaa9674d5724b9b1b58cf09777b4","sha1":"e69c6cd9ded3f566ed84aa06b76c2bdbee7457ed","sha256":"0768337eaea3355b7268e8ce374e3285b2f25e3f9a9ad42f74cf590759079ff4","sha512":"c88702a0e3af6bb19e61a7c81aca65f69f2c09e3504f615b9ebafe75bdc7a8e0f82fd7ed01371a07aab9061464dcf106fdcfab1cf20b1e991c92636cf8509870","ssdeep":"","tlshash":"a9c08c960023862869a66c901d60a21a9002b643ea869345c8ca521bc8d71932ab0b8c","first_seen":"2026-06-03T10:08:00.151731Z","last_seen":"2026-06-03T10:10:15.198764Z","times_seen":4,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":317,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/homeLeagueOddsColumns.BjHe_XnI.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/homeLeagueOddsColumns.BjHe_XnI.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-d86\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: EXPIRED\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3462,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3461)","md5":"4f1b030f127b6c97585f24a02e90e896","sha1":"672fa0c9f3ea9cd96320406002c5971f273ead62","sha256":"0fe6399eb388346e7d27350e3dd78bccf9a7da08ae5545c17499f188f8fb62f3","sha512":"05d755b4a3052a1dd71d0902e1265521aa5bd2548bf945cce2adb5eea2118f6283ca0f239d07f09e40b168fb7859db9add041e63b9a5c0ef1c9ed1236e831210","ssdeep":"","tlshash":"a96175b1b92d107ca7bfe14075e80b9c1120a25793314e5fed89725689c75fb2b3ea48","first_seen":"2026-06-03T10:08:00.29159Z","last_seen":"2026-06-03T10:10:15.338416Z","times_seen":4,"resource_available":false,"data":null}},"time_used":574,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":574,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.0EyuehjK.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.0EyuehjK.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-70b\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1803,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1658)","md5":"8a459e7b44ba7033e5ba32ea08da0957","sha1":"1b639250f90dfb735b1bfbe1a6a3b86be8e3abe8","sha256":"fc0368a8ba0a0b7be8e928b56b1480ee7c28fc7ef957b5d6ee76a8ad63893f7e","sha512":"25114c0926e19075663c14f466a09d07fb39e1346e4aa91d6ebc8bf2a64776a5533a27680d8ba37a0680ebd40b0f02c8fc2fc708b0c30b337c578496edde241c","ssdeep":"","tlshash":"d031760a2929ab7f77178814f4813182604cbf66d023ccb6d2b115326bdb9f0975e727","first_seen":"2026-06-03T10:08:00.28642Z","last_seen":"2026-06-03T10:10:15.247051Z","times_seen":4,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/8099085514de1ff28d51e059c9bba199.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/8099085514de1ff28d51e059c9bba199.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 7911\r\nConnection: keep-alive\r\nx-amz-id-2: P5A4UR3CNiEuz5YMJP/oX+VhYTf3ueX/2svbZJRlv/BPjsj6JA2w7M78y4WaSrHPIHMp8M1Gmas=\r\nx-amz-request-id: V9FXVH80SKVQG87E\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Tue, 12 Dec 2023 04:28:22 GMT\r\nETag: \"8099085514de1ff28d51e059c9bba199\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: fo4btInGVptqNWt0POCKwxKjSVCCgj6r\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 6127\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_13048-39939\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:0 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":7911,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced","md5":"8099085514de1ff28d51e059c9bba199","sha1":"1f42f0861f1f4e032f113fbea67763ec743c2b59","sha256":"664660bdfcf5106e1dcb0b7f4f6048ac665258a9cd185c648a9fa06f2a780206","sha512":"3d295f845ca01d9364fc8f75770a0ee448c9c9b547cd30508f2fcf94bf2f081ea790ff65427ca4f2ec781f15f6ff02267feec0bdf7679b012766e94a666caab7","ssdeep":"192:++SZF0zZar71KW7O+p5HDz3q2fQavXXNzGJqXfUTSSz:+TFK4Y+bz3j3vXFGJiUmo","tlshash":"c3f1aee31325dbf6f8b6834cb20710a0d84f94312df1222bf08254fe1d6f55329a2e96","first_seen":"2026-06-03T10:08:00.420427Z","last_seen":"2026-06-03T10:10:15.245695Z","times_seen":4,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/FormItem.DIgziqJr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/FormItem.DIgziqJr.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.BsZB752o.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-83ed\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33773,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12048)","md5":"d5c98d723484efdf2520dca314dd8f2b","sha1":"1cdc1f81488e1de0a52e95c825c1cb6bc0237dc0","sha256":"477f407a2cd942554c90b6b49b6afa50e9d5e0825c10bc7dcff1ba2f0755c9bf","sha512":"97338a9a56d1018dad7426f94a0f0e87fabb772ec53c082a7027f37b5bdf63e67352f9be9f307cbc7178d267691d19501588b12f3c3351207e135b97d956280c","ssdeep":"768:ET7Tn8smVruvwmjjlRhZQSnYev6eCme8edeCWeC8eCqeCLe52eCmeC4evDesmoeU:NsPWQNoYJF3tK9W/rK0Tg","tlshash":"ebe2f9c876d8b45887e350e1a06b9017f22bb940982ee4c1f76f98f217f4a5c5762b3d","first_seen":"2026-06-03T10:08:00.409712Z","last_seen":"2026-06-03T10:10:15.244271Z","times_seen":4,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/not-reserve.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/not-reserve.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 2585\r\nlast-modified: Wed, 05 Nov 2025 07:32:40 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 4AEL8Tkvsq9Z1ljOvXhTWd7ew2xCBRla\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:32:57 GMT\r\netag: \"ada663379b43197e79b187b424dc8ee9\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: BLKQIjWNOG4lyUPPf8VSzS8IGdTEAMHp57YJNROyA3XlcdDPG_18XQ==\r\nage: 2161\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2585,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced","md5":"ada663379b43197e79b187b424dc8ee9","sha1":"8c31d5fa34c9205a716a93f19fa166ca50da4de3","sha256":"7dd7f8b2c4275f3d3e78dd20cb85a58b7a9f530d73877b3371feccdbda6bab5e","sha512":"5e6b9d1587d4034d4efbb461e488bbee90992a0c68b2b4808822398c0d9f695b8f599266dbc80ba1b49d4968be70ce48c5e5a5c52fc1e662636512853abc992b","ssdeep":"","tlshash":"52511ad5b2b4ca355b4fc5b1073a1e8331831e205ac2361ec6a73edea644fa06ce84c2","first_seen":"2026-05-30T07:41:04.806741Z","last_seen":"2026-06-03T10:10:15.329338Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/OddChangeIcon.WkWd7uc3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/OddChangeIcon.WkWd7uc3.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4e0\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1248,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1247)","md5":"2319e3183b405b26459d6bc986bcb9bc","sha1":"6aa9ff3afdf0464fac38ffdc9f30ba1b8efafe45","sha256":"3307511a425289c031b2061d76dccf360f23c1e5f996362d2fea032d19eb42fc","sha512":"7c1cc27651c0d026b77c5702e731c7e84065912486b140c5d944d7a0bc128b7b600c72682b7c4a50635e36b8815b8d752994b328cfb4864f64cf194d4cc2a4e2","ssdeep":"","tlshash":"7921219e5c4a8929de2a852b27225d1bd03196a1cfc9288fd7c06631d3e006a3ac81bd","first_seen":"2026-06-03T10:08:00.27837Z","last_seen":"2026-06-03T10:10:15.234037Z","times_seen":4,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Pagination.CIqUoics.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Pagination.CIqUoics.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-5577\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21879,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (13027)","md5":"3f3a40f8f43b96bdd6c618477bc82abf","sha1":"7424aca996162a683cf0ec679ac8ae09dab69dd2","sha256":"e34c7f97b44213d2a44a56fba1f284456197efb9d35811dfaff76ee852ec6b62","sha512":"6d0100488d42d3d558521831efbdb6ea6c857749d73bb38ebfb5542c785c22f7f41d76226f85a4ed783bf1938455c2a61a156cffce8098f678c912d0f3e2f473","ssdeep":"384:8jhLpRBaR2IjWDfXQVJkTwmdNbe97RhKw4bBEBpCw4fRJSZw/XOns1GSqMf3BljQ:8jhLsSDfXQVJMwmnbIVhQbBErCw4fRJI","tlshash":"20a20984f40d607127f3dd38c86f0a26b2497e43e504d1e475b24aa417ceb7ca6aab36","first_seen":"2026-06-03T10:08:00.324289Z","last_seen":"2026-06-03T10:10:15.256615Z","times_seen":4,"resource_available":true,"data":null}},"time_used":696,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":696,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CwYXShdD.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:52.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.CwYXShdD.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:52 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-128acf\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1215183,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (21344)","md5":"cea3156c80b5265656595002287b7eba","sha1":"a6e40a6a9e0e45527a02feb27bee72d0cddf8497","sha256":"25d15ed6a96bd59eb83b070daf2c8c3533c957848869cd775379e771dc389da9","sha512":"3dea8c6866ed557ddf5970287d5aa4da526c2686d301ed697e0cbe2cdb6d5d9e0c96f054b351417bd010df612417b1b33a892c17b0dd34841a03891822477127","ssdeep":"24576:xgXNz4+zELIvji/OSsJDy2MbGyijGyi0o:xgXl4+zELIvji/OSsJDy2MbGyijGyi0o","tlshash":"cf257dfc725634ea07b7d8e9002b1806fd353a53b81ec0d4f16999a63db0619d6f6b38","first_seen":"2026-06-03T10:09:30.235516Z","last_seen":"2026-06-03T10:09:30.235516Z","times_seen":1,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":373,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top2.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top2.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 22898\r\nlast-modified: Thu, 14 May 2026 08:14:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: LOGnTppTdxck7hXyAQRzzudvdKdru2uw\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"c60454ca36eeafbee3a4c9f6a3609c37\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: nmZ1f74KtAIIvSclO4SqsADAH5y7xK5WKqO-9GV0FXQW75L1dqCQYQ==\r\nage: 1809\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":22898,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"c60454ca36eeafbee3a4c9f6a3609c37","sha1":"bcd3671b6c4279a93ebc396e6ac0394112c9cbad","sha256":"f18837f1607b0b5de317b9f4eda6988d31e2ba388d6c088dbadec6fab7eca28b","sha512":"7118ea5a0b3611854f8459e64b538ba3ffc9fa38a57a27fb288a7c0d4832a04db7499b8f4ebdf1a6f919141bf62b4a0f29c32227a76ac3f43b31ce8cda811c64","ssdeep":"384:5T6fLwuMSdYyWN9QtajC61NoEbjIESOpG7QMW/AfFc/GAzzCoRapt/PU58J6mfJw:9UMysBjC61NoEbXXpMFSz9aCmfZp8N","tlshash":"5fa2e1850befe594ba773154768f0a6a851b7a9e401ccf2eb26d3835d4c1cf1a090f4b","first_seen":"2026-05-30T07:41:04.783326Z","last_seen":"2026-06-03T10:10:15.195063Z","times_seen":8,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202601/67e016bb877247759fe7dafe7aea16b7.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202601/67e016bb877247759fe7dafe7aea16b7.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 277442\r\nserver: AmazonS3\r\nlast-modified: Mon, 05 Jan 2026 14:11:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: e_8UrkiKRVK8cb5FuihY2EdxmHiwWoN6\r\naccept-ranges: bytes\r\ndate: Wed, 03 Jun 2026 10:07:21 GMT\r\netag: \"0438daed7bd6d9dd1228877d5b5a8053\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: fhna1kSllUJspmUqdwjNyVD0-SKke4kwrbJG1Yf-ysDZX6f8UpeywQ==\r\nage: 1809\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":277442,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 561 x 520, 8-bit/color RGBA, non-interlaced","md5":"0438daed7bd6d9dd1228877d5b5a8053","sha1":"1290999a00a30860aff9fd680de582a9559cd88a","sha256":"fe37789eee782ec1fe357d1a51eca0afefc3b4fe1f87a0fd9e8473f6b28962a3","sha512":"cf593bed110df0e36d365e15d331370fe6bfc32279b8bd124fa0a1013578f3c8527260b64873fb92dbb0fb1825f383764aa9b9db92669e59c67b5d60afc05f5f","ssdeep":"6144:k7F3xKgJFjOfvBFIpj+kn4l1sNbC+Wk8kDLDe6H3eff:k9x1JVsv/IpjRn4lebCdk8kDL5Huff","tlshash":"a74423e15e3ba2697f65c3950225cb881d63d43f17bcc5119b9accc502e6d8c8e2b36b","first_seen":"2026-06-03T02:50:07.957101Z","last_seen":"2026-06-03T10:10:15.274389Z","times_seen":6,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Popover.CSKhjSOU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Popover.CSKhjSOU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-8d79\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36217,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (20289)","md5":"e707e7f28d2428ea9fb734b1ac4f1e86","sha1":"cce360695568f4b7dfc47e9dcfc9514c4abe5413","sha256":"5811e9f126d2af3ad9949108029d87e55558f7d19335c27a6f2511270fa7d4ba","sha512":"e7044aea469894c8f824930d3219fdcde5adc111abd8b06fbe5df1b8ea41644be8b0db908b7bf22c8384be7a92899a7cc7886ebcdc070cbfc97c333b8998511d","ssdeep":"768:4k9gnwbDh45yeox9gCU00UgapJxihgSgNzinHDcpRj/RMbhlcS+pbHH+nUxzVbi3:zh4n4HWuNzinHofj/RMbfGDehiI","tlshash":"84f21b9134c6b47403bb86f6c08f4645a2290e26f90fd5d0f566ec6724e7268d2bef2d","first_seen":"2026-06-03T10:08:00.335705Z","last_seen":"2026-06-03T10:10:15.192105Z","times_seen":4,"resource_available":true,"data":null}},"time_used":690,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":690,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/usePagination._qMZmp7q.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/usePagination._qMZmp7q.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-401\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1025,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1024)","md5":"7d0be126f1ec3c907e67ad9bbafc6d67","sha1":"af1dc9462fa4e83d6fd88a10a7f36a80bf733e79","sha256":"1160312c720037d426567288ca32a15a613232a6037a9003295b3b54406dde73","sha512":"5d287de0201585a2baf1e749f2cf396f6ab4eb59dabd6ac53e2be18e57f62a03048d37669ba58247ef56437115e1cccc0c41901ed1abc6c33ba0248c24ca9c4b","ssdeep":"","tlshash":"b8110e8af2ab31a84379ccb49098100c4e046f92727698c87dc9079913b3c883340832","first_seen":"2026-06-03T10:08:00.161815Z","last_seen":"2026-06-03T10:10:15.306398Z","times_seen":4,"resource_available":true,"data":null}},"time_used":869,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":869,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Boxing.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Boxing.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4818\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: jKajfFxiBf50xZRNiPtqvaRJlW_XsmuH\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"522f6206be2b4d3a8115bee642891f15\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: U-WNa1py5uGDQZwocRnwDbgVtD7iSsb97pWZHRln9f5ZCSr6rpQHrA==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4818,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"522f6206be2b4d3a8115bee642891f15","sha1":"7c9f3823361734a79cf056392e955374a90387a4","sha256":"6e4ea93724188b909623297f786de73f0b1b5ce771d8c0295bf2d2158dd96577","sha512":"5ea59d2e26257c4413808650b9a79748fdf0619b850212ca69665c6c0a5a9e5bd97302772ad5beaf4b0535fcd234a640475dc18b56b23155d144905539f79ac1","ssdeep":"96:87SJkGRTNlYiL9IbIa8vDQeTfqQ6AHwtDADcmOJV6MhDgfW4gz:WSJk+TjYiLWP8vD1h6ASfbJV6MFgfs","tlshash":"92a18fde14f9e87edd5601c2e72b1b5253a3ff8241c3050f9c754c5c98250966bd766c","first_seen":"2026-05-30T07:41:04.717826Z","last_seen":"2026-06-03T10:10:15.332593Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Carousel.BJUclzFq.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Carousel.BJUclzFq.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.q3BCKoP_.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-51ef\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20975,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (11324)","md5":"9002f23645674efc865330cb10a48066","sha1":"faa8ebecf633dc3c89723af987664eb8fdcc8b09","sha256":"7b7a0d9f2f4c3701f8b9231dc2551f29f9591f889aaab5586d31c0d2c4b3b085","sha512":"b67b0d9205e3538383def23903a8397ba32490e2a6c611bbf16026002701af0f162cb622343d71ee36734adf99c594691fa9a316425473de0cec5349263a9e63","ssdeep":"384:m/RNjBDzqq9IRceNE0jNVX5ukNVXzJEzKqJKXGI2R7krmMeGL8w3duaf8/RsWMtq:mHUxxnzGIs7kCMrLF3d2/RsWMtDFc4+","tlshash":"c89219a07585b028a7a349c4c1e7440b33395fa3f406e4f4f07b61962965a6c92bfbfd","first_seen":"2026-06-03T10:08:00.153787Z","last_seen":"2026-06-03T10:10:15.270582Z","times_seen":4,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/ChevronRight.lAMfMYDE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/ChevronRight.lAMfMYDE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 544\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-220\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":544,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (543)","md5":"8b4e301ddf48058f7a6b86631a1992c6","sha1":"74ad1a0e7d3299acbffde0611f20c5e77e78c51a","sha256":"0ea602eee777b43ba55e09a5126fd9267a43b469c8abd2ceb1312e542fde9a2e","sha512":"54f2e2c1009809dc5de3fb6600acf73bd4c7af31ca26dc84f3d4486efffe5351336fe09009bbe2a519c6351c056819daece12d3c5200e8b6c776b6d4e31a3f74","ssdeep":"","tlshash":"8bf08bdf92d29971c9119a21d1b15041cf2914fce641cbccd22007249927cc13d0fdf1","first_seen":"2026-06-03T10:08:00.197066Z","last_seen":"2026-06-03T10:10:15.230325Z","times_seen":4,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/27b5b8229f61195fc2cac5b184fa3bf.jpeg","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/27b5b8229f61195fc2cac5b184fa3bf.jpeg HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 13642\r\nConnection: keep-alive\r\nx-amz-id-2: BwveFM56cvtJPzVIHokCSclX+XEP9g/aM8qF+T58J9D1CL90NbhhB2zk+8kgiB01RDlgWAXpiwc=\r\nx-amz-request-id: 5KMAAT48YWG7G6GR\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Tue, 04 Oct 2022 23:42:05 GMT\r\nETag: \"027b5b8229f61195fc2cac5b184fa3bf\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: IQuG4mdp4RxgnX.S4rp.aZ9wbpU5U0va\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 178465\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_17463-17827\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:21 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":13642,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"027b5b8229f61195fc2cac5b184fa3bf","sha1":"a42c51774ed45e22cecb3033067a402f3b53e264","sha256":"de2d7e9ce8b5d7def691011dd856519d20f4335e88d45346cb90a14df74c6feb","sha512":"b75543ce598165f5468fc63dd063b0ea5f4ca3155bd504dbc54f8886f3b1198e9b76cc775be65ef8d25a8cb540222e000f89208962f2cefa057b60a799a4a454","ssdeep":"384:U6Pde0STJBBvSBkCFrGROXuxP3DxGlseIoWDlI:UoSTjyhAG8DxG6B2","tlshash":"4552c0a3b7519869c87c96aba669afad1270453a0bc9c44448cfed735e892306f14ce8","first_seen":"2026-06-03T10:08:00.209349Z","last_seen":"2026-06-03T10:10:15.333501Z","times_seen":4,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":43,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/time.DPzcqdzh.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/time.DPzcqdzh.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 1005\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-3ed\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1004)","md5":"ed885594f6867e172d10f254643d21c5","sha1":"ac4b7d4543e9058a1e9889cd8dda741d7e285641","sha256":"adb2b1ade6971ca9cf4054a99469856caebd9fab6bbcb47b98bb5430618ca3e2","sha512":"8289ec1a0a9598d2dcc7c203e8a0e5ace05b174a6ede3f7d98e47c88a1185700037beb0de0a945f1100b917a17e37a078a53c9e00c5c2c9e49c30b14f3f4f5cb","ssdeep":"","tlshash":"5b1121c12469a026f52702ecd0f883a22525da30bd266a54ff3f4a26327b4c7881ff94","first_seen":"2026-06-03T10:08:00.259513Z","last_seen":"2026-06-03T10:10:15.261806Z","times_seen":4,"resource_available":true,"data":null}},"time_used":545,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":545,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.C4JMUtDI.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.C4JMUtDI.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-f61\"\r\nexpires: Wed, 03 Jun 2026 10:18:56 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3937,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3936)","md5":"df42e2c0024d84d79e48f79e920c51fa","sha1":"ef6e390284af8bd9d5d16fe2b0ba48edc6b13613","sha256":"df98351040ed217ddbe7f115718faf6511e5a829f8ff60c26a95cd8266ea9c49","sha512":"043e22ba2601e4314b8aa224c4a52bd2ec245a9082f02ceadda2933e5f4fbd24b76a32159b2c82699735b5eb272f67398c0855244405f8401699a420d98ceab0","ssdeep":"","tlshash":"4181522126450018c877f353faf0cbdd917cf243eab7288e63d466ba9dc32d562649d9","first_seen":"2026-05-30T07:41:04.62666Z","last_seen":"2026-06-03T10:10:15.200338Z","times_seen":8,"resource_available":false,"data":null}},"time_used":377,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":377,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useCommon.D_QntRoE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useCommon.D_QntRoE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/PersonLoginAbnormalModal.CKMpEKiS.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 971\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-3cb\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":971,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (942)","md5":"5493c1a4860df64e243cadb705a7770c","sha1":"a0870e9e7a45254d0ccad953b2ebdf4b4c33c206","sha256":"e221ca6797be9e6c007f4ac0ced862ee762ec1a059cb5ddd9b26b14fc1d8d5ae","sha512":"d90cb962eb5064294ac6d13138faafed20b4703ca851bfaf57678e725cae0fdfec9df8111d9e1f8776dd04259d33c138018a1c18de8b4fd5ba4d6958a412e62d","ssdeep":"","tlshash":"9b1150ae2f583cbd802858ecba5b49124226d6993d28cac0b04e0d19b1ddf40ff75fc6","first_seen":"2026-06-03T10:08:00.258115Z","last_seen":"2026-06-03T10:10:15.225417Z","times_seen":4,"resource_available":true,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.Dlmy23Tf.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.Dlmy23Tf.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.KwvdZ0jF.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-c43\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3139,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3082)","md5":"dc30a2ef09dd5d2b8002ccc215e36679","sha1":"8588f4e11b628ff9fb4b7cb933e34fd1d9334bfc","sha256":"d9ffaf17ec31cf9ee7bbbd1caa0f7b0e1d233d139553eb2811ccde4a693783e7","sha512":"e15ee835f2ba69efa12e9e7b3a8ee14b08fbe8816ee88dd27442736de18681d6f4835202d31b3426ff8467cd3ecffa492c48f3e3e88b0cf35ba72826ae4b16c8","ssdeep":"","tlshash":"e851b366b87d8cb8f2730cdca0214504a2091f4ee1726cd5e83a17ba2c07fa1cbdf428","first_seen":"2026-06-03T10:08:00.262416Z","last_seen":"2026-06-03T10:10:15.196539Z","times_seen":4,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/lock-echo-white.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/lock-echo-white.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 598\r\nlast-modified: Tue, 16 Jul 2024 21:42:40 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: KZJlqK26JWhbpu7_CBAkPmju_s4WqSmJ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:15:20 GMT\r\netag: \"6cb68db53315240510a5782cec0ad89f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: HZaP8q8PyoqDRIky7VkKWX70mB6mSCmSk09R88ct7vWnY-YExHacKg==\r\nage: 3218\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":598,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 37 x 36, 8-bit/color RGBA, non-interlaced","md5":"6cb68db53315240510a5782cec0ad89f","sha1":"c09cf02911d6823132c66fc30ca5b5cc5f1df638","sha256":"f201dd7ea4f74464f57649f657576808e25c038a9ebe2fc71f26644af83871ac","sha512":"c2c42d687226103692a1f3b4805772dd56142d12e38500083e2ef3b2e35f5ce27b7c2259ef89cbcbca9a1bf2d4f7f6cf479510dc0ad23b624706d7bee9dfee0b","ssdeep":"","tlshash":"b2f047da77a6706be65615d211e9048394014e3647f0180ee538d71e772b44434cd27e","first_seen":"2026-05-30T07:41:04.753163Z","last_seen":"2026-06-03T10:10:15.213642Z","times_seen":6,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/site-menu-top1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/site-menu-top1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 19082\r\nlast-modified: Thu, 14 May 2026 08:14:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: S39LZ8NSmlDenJOFtG0zb6.hOch3VV0l\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"89cf62dcf1f3b745254d922a4183a8a8\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: aYf6vbm7ZXBZodfVwXFhNHhCZQ7WUCGh1MVd0Io-7wY0Vc3kcYhFng==\r\nage: 1809\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":19082,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 160 x 120, 8-bit/color RGBA, non-interlaced","md5":"89cf62dcf1f3b745254d922a4183a8a8","sha1":"4ecdf9286bad59c3ccb06b769dae7263437d7921","sha256":"53970ef4b20c0107f9bce41f75957df2c51a6f10729036b594439023b641c3b6","sha512":"689d0375a37b75f4b5b47bde60454de99ffd19315720e4d30bc15f4d00060b89c5c5d7340e1181d45e052edef7b75b690cebf0e5d5e13521b458626ea223e8e0","ssdeep":"384:Pccccczu6TRDbcKxiQZ1XiuLrLdv250/nA633Ycx6JJsshprcL+gSYDBOK5Kf:25cEiaPLrZvXAXcx6JJLhnghAY4","tlshash":"9282e1cb8e02ca5cdd1590de8938a2a11748c2b65afff4c0cfc518ea59565c03d7287a","first_seen":"2026-05-30T07:41:04.8457Z","last_seen":"2026-06-03T10:10:15.198038Z","times_seen":8,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/site/f/siteNotice/queryList","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/site/f/siteNotice/queryList HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4884,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"35c8380c99aba19db7301443e5fa01c3","sha1":"1a2b3fce9932102abb7b0bf3c0c78c5c18a2bff0","sha256":"eac1a8834e3cfb5bd4ed5e947a1cf2ec4dd2b5e2393537420e87d19a29c91522","sha512":"382e2eb04469505ca0f3ad98f8baa7d3f539788f3e4654b5ad5308549ddf2e9c01338bab72046e2719e7cf79fd25d99d21d06a69cf60ba193db28c48154356c2","ssdeep":"96:6otT2fOw9KhCmFTNdm9OZHCVTormRCXHT1qGLS6aTrJ/xgCdFT/9zQtFTzJvxYy3:6otT2fOwkCuTNd6OZHCVTormRCXHT1qq","tlshash":"1aa1121f87e8e92d9f8802d232e7fbed97851a43c4d0ca6871cdde1e945a9732206317","first_seen":"2026-06-03T02:50:08.023824Z","last_seen":"2026-06-03T10:10:15.170515Z","times_seen":6,"resource_available":false,"data":null}},"time_used":641,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":641,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/GameHeroSwiper.CYTnqlyu.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/GameHeroSwiper.CYTnqlyu.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-d02\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3330,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3329)","md5":"9c7ef7e1c0dca1cfe8deca3a4b405da6","sha1":"5c1915b7bc1e0f3917052acf0663d48bbd004920","sha256":"c80c04d1c653893b3aa54feaaf8e0693fb35eee5e5664c790c1af2b0996de416","sha512":"f102b29e296d1a6087468c68a39cab2ef00b354f1540b13001e32110054f5cddca0eb3e80447a617ed9359ba4dbb7bca52d3dd6e340fee538776b8397fb70e11","ssdeep":"","tlshash":"b36120146d4e042800f7df46d8d46f2e9039da8397234c6d7b043756ce87aea357da91","first_seen":"2026-06-03T02:50:08.021011Z","last_seen":"2026-06-03T10:10:15.279905Z","times_seen":6,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/league6-active.DwN5Un0P.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/league6-active.DwN5Un0P.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-4fe79\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":327289,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (47316), with no line terminators","md5":"aff5caf03874062501920ea0472ea5fc","sha1":"61ce7228ca7e01d2b85d3a8efba529cd68350577","sha256":"711a9ff398dc4597b3da6cb44775723846bd7c2ded1f715fbd8a5724686b2544","sha512":"44aa0237b4cca516aaf7a462a6605e8223c1640d253529613473b74ef48b646ee270e3bcbfd4258d058564ec6c1507a7afd3c0b794a893f8a297713e38f69e8b","ssdeep":"12288:Ozo5YVSK3ugWfZlYcIyV4c8vFvQut7X3GSB0CXcff71/hVq5ZPkungJ52VBGDZTM:OzIKugWfZlvPE","tlshash":"1e9461cba44ae3758e8975d439b021a16e39c7f5864ded3087f231df163fb960ab0861","first_seen":"2026-06-03T10:09:30.250558Z","last_seen":"2026-06-03T10:09:30.250558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Dropdown.DcSQHj7m.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Dropdown.DcSQHj7m.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-4a80\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19072,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (7816)","md5":"b5cf50596de60d21378bcc1af63ed593","sha1":"a9b5726140d45d07b5f9d845309a7f2fe4b60a21","sha256":"a2280ad5cb3eeb58f2dbd8e9057ab83bc4488f7d6423c71cb409743c097125eb","sha512":"54f20ffba86b5f0b089cbb29670ac0e75371a34728670afeb79598fe34591aaaadcd337484c788e8b7bd98b05c27de9b3d7b45d86738ba4192ddecd98feb32ed","ssdeep":"384:eWFv8NYZShHwGlXmcxDsw547ipXVEizjSBp8ux27w:/B8NuShH5XxnV1zjSBp8ux27w","tlshash":"7682e794f44ce5609ae389d8d29a8109b2172b82ee15c2f2f07a1de513d5374e29ff2d","first_seen":"2026-06-03T10:08:00.194149Z","last_seen":"2026-06-03T10:10:15.203372Z","times_seen":4,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/world-cup.BvFKdTAM.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/world-cup.BvFKdTAM.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 33236\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-81d4\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: EXPIRED\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33236,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 504 x 100, 8-bit/color RGBA, non-interlaced","md5":"df8cb4ae580b950c20491bd5d6b2b7a5","sha1":"58c034f11efe9a79e8596d62abea1bd9652b9505","sha256":"6c4d2b44119d87e406b23551c3302accfdaadd72a74ac3f38dc96885451f10ba","sha512":"06bf4f49b9ed161b4daece922bcf678f41bd1331c0e6019a29a12c0a4b8ad4d0e0b9a696f16b2839626a169967353af7e7b9b679e1ba47edda01378cabcd005d","ssdeep":"768:t9hgmblWJCwFxKmxHzZF4iOptwoiIiFKKp+q2iAV9smu:lgGlWCExFZSiO3woiIiF3dyVu","tlshash":"6be2f1d380ce5ea714b78754939801175a83432c9c628bf8cafc9ffbc4d557898bc969","first_seen":"2026-05-30T07:41:04.725841Z","last_seen":"2026-06-03T10:10:15.249041Z","times_seen":8,"resource_available":false,"data":null}},"time_used":743,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":480,"receive":263,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.D0bA0Uv6.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.D0bA0Uv6.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-12c5\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: EXPIRED\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4805,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4804)","md5":"4022b0edf5b147b386c6b6d9513ff66b","sha1":"d778691152eafde57cece96a97fa8a509b539b0a","sha256":"2255157d023c35ca5272a03fca85d1ed79b957ef4948e7b8e2891b4797443bc2","sha512":"2acbba196b45a104502be59ea34e8cd34c939d5ffda27dbe6757facb175d9a262b8d3c17ee0a4ba3ac7d615edf057b060e2cfdd47f3c784665d1faf9bd7f67f3","ssdeep":"48:8cvHGfQi+nL8V5pq1ImVUjUw4VD5e/VD5eyVDALxEDCuU51bBhwhnkBpOegMxq7A:8OGfQ5nLEuf2oxOe8MUa","tlshash":"6ba102402d7c540d52a3ea05e5f50dbc0a2cd357526b1cce636d1da98f4b3bd227a24f","first_seen":"2026-06-03T10:08:00.31541Z","last_seen":"2026-06-03T10:10:15.278355Z","times_seen":4,"resource_available":false,"data":null}},"time_used":552,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":552,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.NviV1V_f.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.NviV1V_f.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc0-356f\"\r\ncontent-encoding: gzip\r\nexpires: Wed, 03 Jun 2026 10:18:56 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: MISS\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13679,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13678)","md5":"f9d28f24d8b3ab5ab81b2081004e8084","sha1":"8f07c7b4e22877793458d181fac46da0f8736f35","sha256":"e023b19c8c7c4a2977d8c4aeb663035954ef245c8c78f8863cfc4aa70ef03868","sha512":"50757e297fa9996f2a0d0cf3d9f5136dbb89c1bec8cc49a1202f21eb13cec90709ce9b1fbe984a40eeba64bdff481343b3a078cf53b4b20de29ecff452e61a5d","ssdeep":"384:gaOodxwwCNC7MC3CXCVMCSC9CpCjCNCKC8CrC+C1CaCrCHnCPHCsC36CjnCvQOCW:lEwM+8iMf+IM+VzK9EXC4SZm6OnktCuD","tlshash":"e352a613f16be11f7a3be66075e88eed702472438663b788d876536e84cb5472f32948","first_seen":"2026-06-03T10:08:00.206845Z","last_seen":"2026-06-03T10:10:15.327652Z","times_seen":4,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":437,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_script_setup_true_lang.COuUBNGy.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_lang.COuUBNGy.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4a1\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1185,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1184)","md5":"1171a8990d5ae877e7e3a826d4a47830","sha1":"a137dbe5f774e58073b8fe1d46b9750074518be2","sha256":"c2b43469a403228c431bfc3bdfc424d84c86a92d43278fe7cce7313e2b6494ac","sha512":"8f109bf85917de8033e6fe7099fdce59723000e5f99e1ce30a929c2bcd3a78560652a49810882ee50e4512e41ae99c92e03d20b3e66cc4874f5b50852d237164","ssdeep":"","tlshash":"9721338b3ca810bcc3730d08a1a259d92525475ca275d8e5343a542a13e7c807bca167","first_seen":"2026-06-03T10:08:00.331924Z","last_seen":"2026-06-03T10:10:15.2436Z","times_seen":4,"resource_available":true,"data":null}},"time_used":642,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":642,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/WaterPolo.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/WaterPolo.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 7753\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 8a4i_4lG5yN.zphKvlYtWtiZo8mRrbzQ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:11:46 GMT\r\netag: \"3a0657d2b175c2642d4f0f01bccc50a2\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 8s5jz0U7J_sUS6ZNBVuAAwMO_xpKrVpRtTYYF_inxeVb8onHCkHTLg==\r\nage: 3431\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":7753,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"3a0657d2b175c2642d4f0f01bccc50a2","sha1":"938b176d17efa2af30eb08b06d7fa1fa461e6653","sha256":"885db85bcdcedc48098d9e2cafcf13bf2a20825c79a68cd64d9ec848fbae8537","sha512":"b67765a3fb9ef6ca64de2cac1494c819db3db40e3e7d73b6b4796c891568b0a05d8cce1bdc32918941aa874190db609bc9b61d61bd4c53aa97c96bb82fc0925f","ssdeep":"192:WSgE9k6Rbb7hUSP+Ay5n35R1OFRky5k2s8TU9Wf/wmBSvo56:5aeUSPdyHR1OXkwky49l/R","tlshash":"def18dcd7984634d74484976f27b1e8478b6cc1c9082a1cf38a85911bb899579b3dac7","first_seen":"2026-06-03T02:50:07.877341Z","last_seen":"2026-06-03T10:10:15.245016Z","times_seen":6,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Skeleton.Bm44yorC.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Skeleton.Bm44yorC.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-9a4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2468,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1286)","md5":"dc5837a66b83d5911fb1e1e7b6c2ab4d","sha1":"4c306d9eb85c7daaef919a896fc2fe90857868dc","sha256":"fc0085ce71076b8ba9ca99d83d34492e7fb05ea815b578930cbfe66511638a66","sha512":"c836c1929344219d12b1fe695d79c3bdca14ad57dc4bb952e42adee9228b9d959c1a63d2832c6cb345ae14949ff2708c5b00dbd6084796aa63d2d50efc8443ec","ssdeep":"","tlshash":"af51656cf2dda8f729d3c8ff62aa075410293595ae70d291f1b738a276013339761f22","first_seen":"2026-06-03T10:08:00.380247Z","last_seen":"2026-06-03T10:10:15.258069Z","times_seen":4,"resource_available":true,"data":null}},"time_used":536,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":536,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.B4VX7whu.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-184d\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6221,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (3320)","md5":"0d6366a9502c8bfef53f566a44050709","sha1":"6ff545c27b066f2966df98a8452d19e8c379d984","sha256":"067ba6cca628899ae0bc1b8690e8f01b0411399abba4dcd1b916e8cf473cd68a","sha512":"aa793552a7edff43dc953ba414f2d7a5a5c58dd987a7e563ebd6c15fed39f79fa62abd530bce639032d535269d66ea21f4cf0d28498aaea1671d976e0ccf67f6","ssdeep":"96:jRhml712d6JEw0daFkQr+aOqF9lvmy9Y3YWDflectiP:F4lYdUkQr+nqF9le24YW5eH","tlshash":"80d1ea025684fffb89f28e787f5e0a34c4f1c675027185eadbad0c3855e6096637e542","first_seen":"2026-06-03T10:08:00.218923Z","last_seen":"2026-06-03T10:10:15.16213Z","times_seen":4,"resource_available":true,"data":null}},"time_used":789,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":789,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.CU2theOH.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.CU2theOH.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-133e\"\r\nexpires: Wed, 03 Jun 2026 10:18:56 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4926,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4925)","md5":"1bf1c152f3461398c76a787e824df75b","sha1":"1d00103a6bfc5e98839fa7df12f0275a802f9846","sha256":"19638ad40a7329a035eff657cf4a08322c6d02c39e96d89550f77b59fdc5a5e6","sha512":"2579feffd84bee15e7765c535334ac6c0aab066cba7c0ed27ece78cee73c4f41c98cb9662b7e57a46bc2918835d73d06a72cc894f68023212dcebc7ae5043438","ssdeep":"96:5WGXOyecfqNjvxqnb+pGO485ihnCpfC8H24sDvG9P:qrcf68nbI/75iFCp/24sDvG9P","tlshash":"01a163a77579b43e297b4e1d20c6523c3539bbc30f416661ececa79089c36e3ba11288","first_seen":"2026-05-30T07:41:04.728075Z","last_seen":"2026-06-03T10:10:15.288287Z","times_seen":8,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/f79070f76e57275c4985bffc6cafc169.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/f79070f76e57275c4985bffc6cafc169.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 13410\r\nConnection: keep-alive\r\nx-amz-id-2: 2vJVTfuCB7/pJn4DpmEqUhJaJl2W2+N6Ed3TM6fntyeOaxr7lSYioQeIHXo4Ft4w+cHkXRK3fvjD/x2bPLHzCLRd8nRuhAka\r\nx-amz-request-id: K9TKW93SXZC93A58\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 17 Nov 2023 02:52:13 GMT\r\nETag: \"f79070f76e57275c4985bffc6cafc169\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 0vuyVCeve2tb48N0M8pp5ld770xrKeQa\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 178466\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_16352-24878\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:17 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":13410,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"f79070f76e57275c4985bffc6cafc169","sha1":"f570ebbf755cc06d24eaab2189f05842bd7dc41a","sha256":"f36b3011cb79fc71fac58bf694209a006fe12f6da50ea57c98a261fd756225bf","sha512":"6febc3529cf662fa18331bf0cbee539441e1dead0595f51662d80eeb7c95101507263e7ebf0daf926870215280218e393741fc0af6a3bc17bcfe2f1e08c9e655","ssdeep":"384:niOG4/vCJSrkND2pyWz9MB80ammn2IVdr:ir4CEo9/Wz9Vmm1fr","tlshash":"1c52c0cffc05c4a5f3f8262bd37836dd2b256683260541c9e855f812317fa0556e985f","first_seen":"2026-06-03T10:08:00.4023Z","last_seen":"2026-06-03T10:10:15.259352Z","times_seen":4,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/ce1b80d13b5b4b199c70a8698129ee8.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/ce1b80d13b5b4b199c70a8698129ee8.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 11844\r\nConnection: keep-alive\r\nx-amz-id-2: KEKTYKZHskSevaYKk9hyZgkMsqh9OwtuYYOHtZ7IvO+wm8/4Qhj8unNY0TWQgjkURO1QJpgsWBXcT8I5nFoW3N1WjzmP50Ez\r\nx-amz-request-id: Z68NXFPDW5PQKYPS\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Tue, 04 Mar 2025 09:56:33 GMT\r\nETag: \"0ce1b80d13b5b4b199c70a8698129ee8\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: IK4oUJHrh1.WMSXd9n63fHk2dQg36epz\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 5392\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15483\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":11844,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"0ce1b80d13b5b4b199c70a8698129ee8","sha1":"9e1c95d72ab0a1a0a2437c027e0ceefce05e85c8","sha256":"92b3994a0a662131356f8369bf7843c07f7173415b48f2603c83a4e32cc8fa00","sha512":"732cf2931ab725d35f3e666ab540a0a25e2afbc1fce02bb799d311ee6780ee1e06607833e6179670ced995302cd4194956bfd8c7b01edf61923f700f92dd4e41","ssdeep":"192:pgSwaq2Xbqg4ZYqWDNCkzjXm6o9O5+LkhQo+XZ3FIb6o/pAwCWiYsIZXRkFYQK+2:SIlXbqgbDskvXm67+LBp+xAgsIBREEj9","tlshash":"d232bfc3b1b89e40ea58105399b6a0ad4d31fee4a39d49b72918e56cbd0b22de0796d0","first_seen":"2026-06-03T10:08:00.319708Z","last_seen":"2026-06-03T10:10:15.232541Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/service.lbnyBfqg.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/service.lbnyBfqg.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 21411\r\nlast-modified: Wed, 03 Jun 2026 07:46:11 GMT\r\netag: \"6a1fdbc3-53a3\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21411,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"94cb5dbf4d84248a3fa3599912746438","sha1":"1a862ac5d160eebf547d06f750ceb1b0576b9379","sha256":"3d7630917c9e3ae67ed533cd2a168e884829b74b7a79bd8e102f018774ccdcf1","sha512":"ecbb95e4072a68590c608749f862450ea6da5d85ac217f8b00d615a87968b9d85e6f241b356d62c3ca55d14df8be8a05e5c511f79fb9b6187dc0d46b49061ffe","ssdeep":"384:LqGKNNeW6zoRGcJvpfP3mnj9C4xC9WPaEgkXYk6nqKCDTVmsiX65M:LpK3koRGGp2dx+WPaEgySiDAbX2M","tlshash":"9ca2e1185f86cf36c3fee8554d3823b29481750abe7226d5ac2c12fe2113b2d1eca166","first_seen":"2026-05-30T07:41:04.606342Z","last_seen":"2026-06-03T10:10:15.206343Z","times_seen":8,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/details-arrow.DtgI1CkQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/details-arrow.DtgI1CkQ.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-ba1\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2977,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2976)","md5":"163a02ffd7cbf774ac47485f87d11631","sha1":"30467f6feacf6eb74e7a3628dcadccb3866dad2c","sha256":"2d502486f9a515ae20f2ae52153a0dc251b243eb4fb0bbbaf62f6bcb29395b00","sha512":"5faf7f5620bad75057bfdc339e7b40e5ef53b62b10cc0c0fc1cb22fd3e79a794e37b7704f3e8987c06e0a1a757eba76a861852382aa914afdfc2b14886828af1","ssdeep":"","tlshash":"f0514d7797644cedbe9044b554063719ac7a730dac2077f49d0d4318bad3b642a7991c","first_seen":"2026-05-30T07:41:04.633269Z","last_seen":"2026-06-03T10:10:15.173429Z","times_seen":8,"resource_available":true,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/config.BpcUrZ_O.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/config.BpcUrZ_O.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-710\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1808,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1807)","md5":"8ce1fadea8c88bd580d9afdd0bda37f5","sha1":"aefe3439b51d025b26f915d45eeec3433e2b3ae2","sha256":"3236f2722f428e539a1b95e01cb461b55df5800df94932c351fb42a9767e90f0","sha512":"ccd01d2eeca96368b05f541ee6b74defc95349c0d522790561c2d528b86e1514d87d6a81b9096c9a1f3276072c7da0252c909469b108c7ec5c9cf2ae4217fda8","ssdeep":"","tlshash":"dc31209e8b6338de09f20e5494db0f31d41c0309ed268825e3efe63ad502e816227e35","first_seen":"2026-05-30T07:41:04.696534Z","last_seen":"2026-06-03T10:10:15.207108Z","times_seen":8,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":546,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.ChlfHcMy.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.ChlfHcMy.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-1234\"\r\nexpires: Wed, 03 Jun 2026 10:18:56 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4660,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4659)","md5":"f72a9bcb12754997afc6ddfaddc7d410","sha1":"816b6c648ff7bceccc83871af5a82fbb3e0e5c97","sha256":"8320bd9f01d21694e5091c718808447bb5e609bf1040761c3d66a1af8570cc51","sha512":"a268cc8063b9b581d411b6c678ceced5d8b0d4795ff4f115a1daaa8d593ed6fa69047b320990fccced24b84935bb5422e463a1be22182816f8a5b95c410938fa","ssdeep":"96:QrH3Kcmumhoz9J7NX+BYO11ZBDyACPhbK683AzF:Q3rmumhYMK7AE","tlshash":"81a11f61b0ec606d3e2fc35868c2de6f7109f1e39f121d4cd55da2fe8ad2ba63562184","first_seen":"2026-05-30T07:41:04.819383Z","last_seen":"2026-06-03T10:10:15.26527Z","times_seen":8,"resource_available":false,"data":null}},"time_used":376,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":376,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CwYXShdD.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.CwYXShdD.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-128acf\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1215183,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (21344)","md5":"6678f1d7df3f527317d33d142e82c7d9","sha1":"0ba7b3be5dfc8b7f84252836c344df05b9c32011","sha256":"4384ceeceee54fad4f2cb88b64dbe6711d94b0da6d10cb2db3d30b5b7227b6e5","sha512":"bebef66fc8b2123db98fa4f61805c320c6428c40a86a9b608241f8ebc4f785b4b010e26294cb710fa2a42a301d7bdc4b2ca041c895b02469b188a71a6a0fcce5","ssdeep":"24576:xgXNz4+zELIvji/OSsJDy2UbGyiwGyi0z:xgXl4+zELIvji/OSsJDy2UbGyiwGyi0z","tlshash":"c4257dfc725634ea07b7d8e9002b1806fd353a53b81ec0d4f16999a63db0619d6f6b38","first_seen":"2026-06-03T10:08:00.231052Z","last_seen":"2026-06-03T10:10:15.283564Z","times_seen":4,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":423,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/BetCard.BzkliE3y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/BetCard.BzkliE3y.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-4ec8\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20168,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (19993)","md5":"f80d55d5f03700810e12b5bd1a1c2551","sha1":"2a9ec49968f74d7ebc696401f631cdc97b1a27a2","sha256":"04548ffb352a269ea564d04c5ceb6045e0cb88c1165bc3f60d7fc64a84897844","sha512":"5f1b54998556e8d0bddc5a2a3f49cc0f819cd024306394f56761d1ad313b99c1af16daec4251d527122257f7064208f401245dee957a4cb5ca5c8838da966ba4","ssdeep":"384:sDQUEDKKizqp3Qphf5exea4ZXbEsAw0Ev0szFSM76g:sthKjQphGeaoXbMwJzIM7l","tlshash":"f992e74e351745f6d43b8c3722193408e0353fdcdf25ac86f1eb96252aca9162a98fbc","first_seen":"2026-06-03T10:08:00.188063Z","last_seen":"2026-06-03T10:10:15.280616Z","times_seen":4,"resource_available":true,"data":null}},"time_used":777,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":777,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteConfig/202511/ee3819441aa843ebbc3fcfbea1bcbe83.png?t=1780481336546","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteConfig/202511/ee3819441aa843ebbc3fcfbea1bcbe83.png?t=1780481336546 HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 42751\r\nlast-modified: Sat, 15 Nov 2025 16:16:45 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ZB_X_s3yYKWbNy40BHwk8SsZ68ob2BID\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 08:13:46 GMT\r\netag: \"4b7d5edff22eef9f76863fbe30214b73\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: pWxaf-fTSa8i-U-WCikvvxX7e4hgrl8E9giXzx_P5MEF--UrAeDOOQ==\r\nage: 6913\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":42751,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"4b7d5edff22eef9f76863fbe30214b73","sha1":"a99d5c2d985ad9d22b045879a7870209fb614722","sha256":"da43fe136d4c9a0e7d859c35849a09ca7675a07f207aa4cd083c1bec02f0d70e","sha512":"a2e6b94f92242170f1044ac0d75b63a1e58f9331667e240269eda228c9f3bee8b8a592c9d87327df6b1d71938f30a86843d522ddc8ae1687182dc20c3ea87d5d","ssdeep":"768:6jgtLyYlr9sWCEbsbMSYd78COUW1+CNToJJwrQLMofwb4XW1F:aDO9sW2bMj8COX1+CN8JY5oo8m1F","tlshash":"2a13f1b34481c0e0d882187b8ee31bc97d3a570917f968b55e74a472e62b3446f6d3e9","first_seen":"2026-02-24T07:43:44.927031Z","last_seen":"2026-06-03T10:10:15.214398Z","times_seen":8,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.D9QCF6o3.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.D9QCF6o3.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:10 GMT\r\netag: W/\"6a1fdbc2-102e\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4142,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4141)","md5":"7a23d56eec17c23327f7736d9f6886f5","sha1":"50dd84fde91d56fd230c86dbc2ca1fc658c7c608","sha256":"3420f740079364fe98e85ab35deb01853c55ab98a4a77ef749cd5f9d2444e561","sha512":"f19347ef23dc5e3860fb5b2b9ff2752306475828f348478bfff9c86be032ace4f138f5f28c4253d34aff6fc057d4e82bbd4982a04840d4a34d2d19a01a2f2fcb","ssdeep":"96:QHeyMIJw+3UN0x+Gi0Obh0bydxM7373RZ:Q+yBWyUNcY0Obh0bydxMLLRZ","tlshash":"608194c171f8f02b56735937247e1aba483e7ac187058fbc5ea7a1c40961ea93763437","first_seen":"2026-05-30T07:41:04.609943Z","last_seen":"2026-06-03T10:10:15.201129Z","times_seen":8,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/GameHeroSwiper.KEZSG98u.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/GameHeroSwiper.KEZSG98u.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-3019\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12313,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (12244)","md5":"1a1a1f41c7c0e113a1b03ae32bf2ed3e","sha1":"6839a1308a4a8211093d737861579aa3955cd8bf","sha256":"6cec8c2f3694b8d73be580d8fd4269a3a9c2f85665e80ecc74e5a8131f62dc85","sha512":"8b3799c43fde9a0621b11e911e0a18a426665735f5d28dfd668450e68aa180fa49ff06d9b204134acc8e449b1511ee08d60b0dac49a1b0052ab7a9eab9ff656e","ssdeep":"384:qv+X+C3dGglWcEIKarIvYEy9LELpLLLKJmHbfV4GfRMQMon:qvUl3dGUWcEIKMIvYEy9LELpLLLKJQf3","tlshash":"d842fa5c6461487efb3a4d8f1684781d71286bc2ef69d881f2fd3a2617a1c79ca1932c","first_seen":"2026-06-03T10:08:00.393004Z","last_seen":"2026-06-03T10:10:15.171692Z","times_seen":4,"resource_available":true,"data":null}},"time_used":289,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.BsZB752o.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BsZB752o.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-304c\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12364,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (11931)","md5":"2e8604d2f0813d274bd3446d93c83c89","sha1":"8cf46d6efe89717caa2973d1afc658ac9724ed29","sha256":"7be834f48cec16d4429521ce293dfb57734a315a9a5b9d06b1d041ef047daba9","sha512":"e6c83f1972c5476d5c7597b8c1c511681b0c00ba773a009066a7940e19d928aab3c085e5951d2b87f2b5b80efb4aa96226c80e7e9c7a7ce8d9651aa1eb24a021","ssdeep":"384:wdyk3rE7qrlNEqh7lJcT9O7moHiIIV2E8RSyR:wd53eqrlNEqh7luT9O7HCVKSyR","tlshash":"56421b3c784a95ffb977c4ac61a0940270697b3ecd84d8a6e0af1911999bf3015e87fc","first_seen":"2026-06-03T10:08:00.250307Z","last_seen":"2026-06-03T10:10:15.21974Z","times_seen":4,"resource_available":true,"data":null}},"time_used":782,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":782,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Handball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Handball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5229\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: th4rdYRK4LZlzUO01hjks3l2wyW4N4gY\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"b455ea625f7c115fe543aeb4ec339a68\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: LsY2pCnP1VPSzLvjdUJFoBR-yTvGejqZ0NbhcRmyEFVw-eNVKA8PBw==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5229,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"b455ea625f7c115fe543aeb4ec339a68","sha1":"494d5dc1ea6e4a539aed14e6e299627dec04e633","sha256":"f3620c4ad2da80cd18d15e7528d11d137c6276a3c8457786850c2ed8aa512a7e","sha512":"885e9fa6c6667aea12170edea2924ffa627207a3cc517e26da30deac4a304f134cba55934f22bd23db82bf6635d37765e3c881133d6323e9f96978d601088b8d","ssdeep":"96:87S6vJGBlK/i/p6CLe0vri+oItrvbUlKUlYMPIBDkj9vLBRSiLBg1zhOrI4ZFnAU:WSkJIsPK3wlJIUlz0hSbFE+Jy2","tlshash":"b6b18ebf3ddc4ab8c41ce3bb2890572c765f148d924e3154820e402b41b1bed365baa9","first_seen":"2026-05-30T07:41:04.742133Z","last_seen":"2026-06-03T10:10:15.186428Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/search-icon.DIGhTt3w.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/search-icon.DIGhTt3w.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 809\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-329\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":809,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (808)","md5":"6562ae070b30df17151b7741e9b647aa","sha1":"fd2777a192db31cd89a8c797a7e89e9996988d26","sha256":"4662c08aed38a315db3a21e5f50f1ec96c0e005dbffd8075ec2f409deaf37f4e","sha512":"000603cb8e2dcdc027387ffdb3efe5437a3b7521671283a56e2a900da9518e784d3c6d3c88a917409630e3a40954c397c2da5ce83b0552b419881e75d17be189","ssdeep":"","tlshash":"0a01f5be420162cdd035cd2b2d267c41d0b624fb0d7542faead27254ee631d215f9e1c","first_seen":"2026-05-30T07:41:04.713371Z","last_seen":"2026-06-03T10:10:15.289913Z","times_seen":8,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.BZlpZ1Fk.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.BZlpZ1Fk.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-590\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1424,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1423)","md5":"bdd17f57bea2fe71bdd45687216ed936","sha1":"94492b34ee0d2abccd001ab36a62e0d344ac4f42","sha256":"ae2c53e1eebb7191e16f1a5bbab05aedaff26ba66ab6826c3f9a4053f671d32f","sha512":"6ac4f3d97164b70acd671f86e07ce2462e604a47361e915f7ecd9dcb91973ea1346575d06dc2dfcf9434d3485acfa4f334daba5c2ed8480ef43cf2a9f7806d6e","ssdeep":"","tlshash":"c621ae8334aed57f343aad3be0494b2c2315f68687932686ec38c7dc0987eb62e55013","first_seen":"2026-05-30T07:41:04.7329Z","last_seen":"2026-06-03T10:10:15.294398Z","times_seen":8,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.R8q4lxdc.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.R8q4lxdc.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-978\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2424,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2385)","md5":"4b76e1dcff03d28b936e859cd60def99","sha1":"052820cff23a682b16912d2393f1f8a23394734d","sha256":"20bc75e70c30fdd43e5dbf82c21b7a62f4350d150d38b8918ed97cc4c1d31878","sha512":"cc0a06d52b8a2018b9eaea609ad48c4dbba4c30f4a0f1960fc04bc3a45ddc02d1211682c1dc38bbfbb4239812c749bd3f0892c7fb75a284edd7e6be1e0246cdb","ssdeep":"","tlshash":"6f41a7e7ec5d897959738814b0d10c51691e3f47d03c5d5794b9fcb963e6c307a0e4a0","first_seen":"2026-06-03T10:08:00.240008Z","last_seen":"2026-06-03T10:10:15.276874Z","times_seen":4,"resource_available":true,"data":null}},"time_used":767,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":767,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/orange/voice.mp3","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/orange/voice.mp3 HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: audio/mp3\r\ncontent-length: 27217\r\nlast-modified: Mon, 02 Sep 2024 17:32:10 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: A8iVAWvk62QOdVCqlxmA_tEY4tx_Qy4D\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:54:59 GMT\r\netag: \"870121a5cdc217704c12d487f5ee463e\"\r\ncontent-range: bytes 0-27216/27217\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: EFE0n5J4KVdHhwGaIc-1VV3wuljKgE_HxDZWICn-yR6GJf3f_xF-cw==\r\nage: 840\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":27217,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"870121a5cdc217704c12d487f5ee463e","sha1":"10e871aba6d1dca800b8779c51ae1cbbfc2d0edb","sha256":"a66146607678eb3c324cc5169b74314281828108d7d1d04d18b5ad40a8b7a69c","sha512":"73e784e140ecc6c9f5a02befc3cf330facdc10a622bac98fce69d110bb51b36a1134c6378746a10a88b31d67088865a83401b532e1d3ba53b79410e5267ed61b","ssdeep":"768:OK/RL13CwFoatSB52ZnDfOnOgGOSwdUzpfY:OK9dlFzW5uDbMSjtQ","tlshash":"4dc2f1e530b2f910c08a8758cb7e1dad2457237b9f297ffff94ad3a201366851504b6a","first_seen":"2026-05-30T07:41:04.793076Z","last_seen":"2026-06-03T10:10:15.319782Z","times_seen":8,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/deposit-tip2.BWmcXMOV.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/deposit-tip2.BWmcXMOV.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: image/png\r\ncontent-length: 6776\r\nlast-modified: Wed, 03 Jun 2026 07:46:10 GMT\r\netag: \"6a1fdbc2-1a78\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6776,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 142 x 51, 8-bit/color RGBA, non-interlaced","md5":"3eb8137186ba57d0bb14b77432abd789","sha1":"2e295cc2c3565173d4bba7f76ff20be5e89ed36a","sha256":"0e9f445b73e59640760d98f662ad6361177db6c760de3dd273eb42fb565ca062","sha512":"b725e50ae68bf82f8ec2a8e534681d46bba17eb54008c31cd6ab300be651cb97d83d5b9e6fe68d34c78cd2d78b349e8e2fddb01a47523dfa68fda6d56ef0211e","ssdeep":"192:IO43E9LXciJvpGilqbLOGEw1KFORBYlvBkDn:p43UIi1pGbHEwQ4Dn","tlshash":"ffe1b0d1a791ecf03e407f968158904ce31be7828062c17683ef7e4c92b01caa9cfe91","first_seen":"2026-05-30T07:41:04.716713Z","last_seen":"2026-06-03T10:10:15.309307Z","times_seen":8,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":728,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/video.Bv5D9_Td.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/video.Bv5D9_Td.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 57\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-39\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"718063586df6dc66587fbd457ec5f4fc","sha1":"388405a35f553a05a7e8682e767b288db16c0daa","sha256":"c69902672eb03df339be1ddacada47060eb42bca1ccf5f5efdb38fba69a9aaa2","sha512":"260bd3f8c16fdb74e8548a50abb047a9dc2e77e528173048b63b42687413e0a27a9d4f15be052755de672c2238ce48b6304a6c2207e3f8a12168775cc75975d8","ssdeep":"","tlshash":"689002295c01836024954069af9289699411851a32750694d0160941a319456566c565","first_seen":"2026-05-30T07:41:04.641841Z","last_seen":"2026-06-03T10:10:15.188264Z","times_seen":8,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/GoldCoinSign.BYa_nPjb.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/GoldCoinSign.BYa_nPjb.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-fdc\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4060,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3977)","md5":"cb08cf8a40d19275c18edfa6b0f0acd8","sha1":"6f9d27d62b7d1e90cb2123354045354a081f7348","sha256":"bfbf09f8182f9ce343120ad3c01a49f92463a52c822506daf1d3632a65a69e57","sha512":"e17d73c7516405be009dd4b5b16fd4f762523e9804ae1ebe889728f3308e170b75e0d2d83f05a236ec799eab4fb77b8a2bbcff3facc38eaceb54c7ecef38b7c4","ssdeep":"","tlshash":"578196977076a5f879a75c44605480a7a20cbfeac0a4c01964fe082a3b86ca5978d73b","first_seen":"2026-06-03T10:08:00.235665Z","last_seen":"2026-06-03T10:10:15.238171Z","times_seen":4,"resource_available":true,"data":null}},"time_used":639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":639,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/EFootball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/EFootball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6506\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: FtnPRWP6wO7QzlCI1.EOw9EOABMGf1bV\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"114517b2b07f6f35696a0b5f43f6738e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: rZHpaABE_U4h1oghOvc0NF_lnipri747L25rSDg3ho-pIWxehzNDAQ==\r\nage: 1810\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6506,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 73, 8-bit/color RGBA, non-interlaced","md5":"114517b2b07f6f35696a0b5f43f6738e","sha1":"e7a052ec140aa1facdb265ddcf3d0b1963370608","sha256":"431a271bd772d9ae882e228ba26fd6ddf9fc1125beac3b379b4295c38e861b83","sha512":"c78bc414f9dbc10ea701c5da74a58daab16f1d370e5afb558c650d4bd909315708abd5a04f60ac8c5607e767451ca29d3e04720f9d4417e77b1c48b30690d1a8","ssdeep":"192:FSzqPhl0seo1ZDNWZz6E+BA6VcnC6CY9JwUdN7:kz4vfscp16CY/JJ","tlshash":"43d19f7e3813e80cdd78c14fc6df85ea939ace805453ca93a8a38c8de920e1156d52f5","first_seen":"2026-05-30T07:41:04.724559Z","last_seen":"2026-06-03T10:10:15.292761Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanel.BYNKc3TQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RoulettePanel.BYNKc3TQ.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1ac5\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6853,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (6852)","md5":"5460be6a3c756ab9cbf46f5969331adf","sha1":"858be4019e9ec9f6de6aaf7759f457779950c4ef","sha256":"7d2a3c67a89fd70e1d0cbe32a7bc516029f1cb5f121c5f2672bb1d9189f94d5c","sha512":"631d06c2e35d987dcee189cb42bde265a2832cee063c88c179690a250e0e853aae8fe4e8a37a8ff504440d5740f9fa2190d1559a9ffea604810aa8b74f697792","ssdeep":"192:Ta7FrVAkPRTVQFUR4NXsby7yB3bex4QTaC2w/6AR9M4Bs:O7FrukPvQK4yTpe2QWCT/6ARWCs","tlshash":"7de19ec9f9468437089726cb25e5504cdd0df66f827e5ed4f1158ab02bb2c39fb5220e","first_seen":"2026-06-03T10:08:00.254914Z","last_seen":"2026-06-03T10:10:15.193654Z","times_seen":4,"resource_available":true,"data":null}},"time_used":647,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":647,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/BonusSign.Bs0dkeja.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/BonusSign.Bs0dkeja.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-1045\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4165,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (4074)","md5":"e1510723b6c3d041e49c7e940b6c2099","sha1":"9e8e40a4f87f00d85138f1787b6668b020d7a735","sha256":"2791a6bbc158a6cbd65c3ae5962ed56233bcbda5c3ebefe7eb51bf965a6a163b","sha512":"b5ddcca0c5825c5fed75af8c2f5169cb719bb85383ca7a426b188b3fe4455154f6fef939bff17a238b7facd00d0159edfb9736a80abfb8adb8e80cd2f225a72f","ssdeep":"96:lT1FfvQ4/WZ62KHkSzl8AQWKuf0siCQ9Hy+Pi9a/aEBoNaD+2IGnx:BrQ4Jz8A10zxhyt8C7I","tlshash":"b781c64bb0366af4bab75c84609180a3a209bfeec0b5841971ff08363787c65578a737","first_seen":"2026-06-03T10:08:00.395888Z","last_seen":"2026-06-03T10:10:15.229618Z","times_seen":4,"resource_available":true,"data":null}},"time_used":854,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":854,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/right-icon1.Bx85-jIM.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon1.Bx85-jIM.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 9960\r\nlast-modified: Wed, 03 Jun 2026 07:46:11 GMT\r\netag: \"6a1fdbc3-26e8\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9960,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0734e5782f05c953bdd7acf2c595674b","sha1":"859e622c76447446235aac6a80c623bf3f7d036c","sha256":"baf1ad1337f5d52dc3aed20f35ffe1872f27831c347d161c9f9949919d5a6c4d","sha512":"3a89f46c686f9dabf6a0b49f6f59f94e85a5ad9c3cfcb3516faf2612d074cb6d1e205d3d875f4ab3d28e8eb2ccaa9a7768c52c7954895b596718116d0984d011","ssdeep":"192:RcSKais0fuCvtbbqTDBQH2AKbP1F8/9FuzgNQmo+uBnvOswKAUADX2ME:JHisrC1bBHiE/TuqQmojY3E","tlshash":"9422b7e9b3d0a3e0f50a97f4d42696a27b1f34bb3b64e7e4c2915c51b1270ec849cc92","first_seen":"2026-05-30T07:41:04.857739Z","last_seen":"2026-06-03T10:10:15.27917Z","times_seen":8,"resource_available":false,"data":null}},"time_used":399,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":394,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Basketball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Basketball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5959\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 3OtOrIhZG4JfqO.RU.6In1I_8ugtlVjQ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"8d90e7664426abfeeba59784511b8902\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: SH5XxEV8KZaZcl-wGG8a-7N1AbI7TGF3_y0V9XQV8_oy7zgyDm5_MA==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"8d90e7664426abfeeba59784511b8902","sha1":"b0b908e519c80310bf529b580cda88d30f963af5","sha256":"12550c42bde3f47cee280151ac6f6bda7047578a222cd6f945c6443a3f3c72df","sha512":"308d8f169ea4e86fe30feaf4827c7f77b1412720fb89bcd7970f73d5d0484bfbab344fc5273813025ab4f5f667de3f4fbb6f395491405bfb0c2d7cbf59b455aa","ssdeep":"96:87S0Y7dZMwBx6ArzUI83qXQ2jFunOx8PqJgJhkR6cZQGGArayG0TbGw/C/5Z9w:WS0OdewBFZ22xuhPHha7FGAAEb0RZ2","tlshash":"bdc19e6038a5a7513a45306a11961cd59265ccc89ca232cc3ff2fb5987dd6ac7085b38","first_seen":"2026-05-30T07:41:04.652837Z","last_seen":"2026-06-03T10:10:15.174408Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Cricket.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Cricket.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5031\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 4fL12d5PikIv2r71rUVqwYa21OpaEeQj\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"677304722789e38061437d9ae84d583e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: MLI92qCV9EcreVV7qeiGTb_NhFNfFFHUL7dC8RSvKk1VxqNmB-QkqA==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5031,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"677304722789e38061437d9ae84d583e","sha1":"2ce92570fcab5ddd8ebe8e70728e5c66964b579e","sha256":"9582f0480895c8d2a798940790fbd0f176213dfd4f635bf3ea98eaedc4bed637","sha512":"68c53d99daf99af14e43a2435410607951ef98c830c52a19bb770c990c8554bf58ab238caef7a8c070053c2b5de3121f309f42da46e917933468d662f83513bd","ssdeep":"96:87StPdtJA1ccsvM8yN2L6R746hMkd8UPeBh9iIA3xHpcjJhA9DEFA:WStPdWHyL6HhMJMef9iIoxHpAhIWA","tlshash":"75a18ce4bbb8887edc72f98701b6b48eac5c7c8a52a080ac528f70b1315ba58501631e","first_seen":"2026-05-30T07:41:04.620301Z","last_seen":"2026-06-03T10:10:15.181767Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/usePagination._qMZmp7q.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/usePagination._qMZmp7q.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-401\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1025,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1024)","md5":"7d0be126f1ec3c907e67ad9bbafc6d67","sha1":"af1dc9462fa4e83d6fd88a10a7f36a80bf733e79","sha256":"1160312c720037d426567288ca32a15a613232a6037a9003295b3b54406dde73","sha512":"5d287de0201585a2baf1e749f2cf396f6ab4eb59dabd6ac53e2be18e57f62a03048d37669ba58247ef56437115e1cccc0c41901ed1abc6c33ba0248c24ca9c4b","ssdeep":"","tlshash":"b8110e8af2ab31a84379ccb49098100c4e046f92727698c87dc9079913b3c883340832","first_seen":"2026-06-03T10:08:00.161815Z","last_seen":"2026-06-03T10:10:15.306398Z","times_seen":4,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202512/50aff53e5bd1436cad4c2b802f3a9ed0.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202512/50aff53e5bd1436cad4c2b802f3a9ed0.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 699476\r\nlast-modified: Tue, 09 Dec 2025 12:55:31 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: W2NSQnSfKeMunJlRv84iwK95sEkkJ0yR\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:07:21 GMT\r\netag: \"0afc6f4a7542e11cdc6f6444f930c24c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: aJ1FBJvboazegJok2_ubZe-cDC8AylC18tS5vBwI7bRiR20cZEjTVw==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":699476,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1122 x 1040, 8-bit/color RGBA, non-interlaced","md5":"0afc6f4a7542e11cdc6f6444f930c24c","sha1":"46767aa2e0adf42c05ea2e567037837ae027a3c9","sha256":"4e0f4f8bd539e6fa9a192a3539b253feb49d374530f98c208f15ffb1cb6963b7","sha512":"5f926ff0e6d027a3a9ef9a164263376ed84ec2c3609a2bb438319999952d91e3207e5dd9ce854606b0e43f7c11feb208a910486b6a993ba8d26f2a4665115d08","ssdeep":"12288:7h/WZK3zvR4sTxO+vcSktvgWB8k1LTtBxCtxA3v7QMy0m7AFZYa3oK:76KjRDTYgcSm4Ts3n3vUMo7AnhYK","tlshash":"dfe4238d8d9d88a801c01a1c43a8b467e4c3f8166b71193cd56a6c95a57cfdeef8e0df","first_seen":"2026-06-03T02:50:07.925364Z","last_seen":"2026-06-03T10:10:15.326763Z","times_seen":6,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/time.DPzcqdzh.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/time.DPzcqdzh.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 1005\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-3ed\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1004)","md5":"ed885594f6867e172d10f254643d21c5","sha1":"ac4b7d4543e9058a1e9889cd8dda741d7e285641","sha256":"adb2b1ade6971ca9cf4054a99469856caebd9fab6bbcb47b98bb5430618ca3e2","sha512":"8289ec1a0a9598d2dcc7c203e8a0e5ace05b174a6ede3f7d98e47c88a1185700037beb0de0a945f1100b917a17e37a078a53c9e00c5c2c9e49c30b14f3f4f5cb","ssdeep":"","tlshash":"5b1121c12469a026f52702ecd0f883a22525da30bd266a54ff3f4a26327b4c7881ff94","first_seen":"2026-06-03T10:08:00.259513Z","last_seen":"2026-06-03T10:10:15.261806Z","times_seen":4,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/GoldCoinSign.BYa_nPjb.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/GoldCoinSign.BYa_nPjb.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-fdc\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4060,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3977)","md5":"cb08cf8a40d19275c18edfa6b0f0acd8","sha1":"6f9d27d62b7d1e90cb2123354045354a081f7348","sha256":"bfbf09f8182f9ce343120ad3c01a49f92463a52c822506daf1d3632a65a69e57","sha512":"e17d73c7516405be009dd4b5b16fd4f762523e9804ae1ebe889728f3308e170b75e0d2d83f05a236ec799eab4fb77b8a2bbcff3facc38eaceb54c7ecef38b7c4","ssdeep":"","tlshash":"578196977076a5f879a75c44605480a7a20cbfeac0a4c01964fe082a3b86ca5978d73b","first_seen":"2026-06-03T10:08:00.235665Z","last_seen":"2026-06-03T10:10:15.238171Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/PersonLoginAbnormalModal.C0O7jhOh.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/PersonLoginAbnormalModal.C0O7jhOh.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\ncontent-length: 782\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-30e\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":782,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (781)","md5":"121ff9eb505558700c263530d5b53eb7","sha1":"fde8dc6a4150f6b1ad9914c36142f88a22c0a6e7","sha256":"940fef6a6534aeb9d14f3971c452cf7cd2fe7c61b99099063f7ecfea0a5b1948","sha512":"2d8d3d6a793e8a36b1a03039a0a104003c2bfe227f3dbc46368587d39c80d6f0f472ea52280351790a455acc1b114aeaeb68881b439280bb0967b8fe91015b61","ssdeep":"","tlshash":"93018ea5fdbd9219306fc6b6a1888c941515f3176a810be4fe753850ccc78a03727f6d","first_seen":"2026-05-30T07:41:04.65196Z","last_seen":"2026-06-03T10:10:15.219021Z","times_seen":8,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/18927fd0d0f4659751a050aa21cda0bb.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/18927fd0d0f4659751a050aa21cda0bb.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 12102\r\nConnection: keep-alive\r\nx-amz-id-2: MivIZpLKiVKD2m/raqf/kaZwcXZn8D7WMiovE4PABortZOOO2zjhX6EO8+VOKHdmHkxVObUZXDE=\r\nx-amz-request-id: Q88XT065G255TS3J\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Sat, 16 May 2026 15:47:44 GMT\r\nETag: \"18927fd0d0f4659751a050aa21cda0bb\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: riZdOuOcKGTyxDpA00rErYvXmWutWrHl\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 958956\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_13048-39935\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:0 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":12102,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"18927fd0d0f4659751a050aa21cda0bb","sha1":"002aa6b9630bba1dbe709c00cfc7aa5dc2bc919c","sha256":"c1bbb2e10719e2c104931da3e2770428fc07fad907710aa4efd9d47feb389e7f","sha512":"73949beaa685c922f2c9e2d6db457812f09b4b9ed42611da55b7c61fe3e0fe3cd3a3e6d6aa58666c2a866f26248da490ac1aabfee23f268b3282a5770ebad409","ssdeep":"192:EkFe2AhSJJyE/55TqWhb73CyUbIcaGyTHQELNXEO6/Dzo/2Atra9EItG/cmS:dFvV5Q47jMJKTNXEOczo+AtrMt","tlshash":"7942c0b6e667ea1f078bb05f315552014ef576ce1f0ba87c8360ec7426a0980e1ad563","first_seen":"2026-05-31T05:52:20.491868Z","last_seen":"2026-06-03T10:10:15.284402Z","times_seen":5,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":60,"dns":0,"connect":30,"send":0,"wait":29,"receive":1,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.r_zEoEiX.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.r_zEoEiX.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4f6\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1270,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1269)","md5":"5750cf751896b082d2200ca75ce60966","sha1":"22e32657381b4a58e2acea13608336baf7ac5719","sha256":"24657e44a1fdc5d8d2d368553097fde6ad7ff3d78924bad8d7e59ad161a7c0d7","sha512":"a37c4d0402b8fd86e19ebe07fab300366366c330bfba7ac5d93ef3f01e70c410be7d4401bb7092567b74cbb40ac19ccad39a6a92e527af1152927767f56e3f2b","ssdeep":"","tlshash":"b821102cec5ed9720ae38960a9541e000408df3ee6783ae06ddcb23c07df674618f32a","first_seen":"2026-06-03T10:08:00.191697Z","last_seen":"2026-06-03T10:10:15.251771Z","times_seen":4,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanel.BYNKc3TQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RoulettePanel.BYNKc3TQ.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanelModel.C4YiEeXu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1ac5\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6853,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (6852)","md5":"5460be6a3c756ab9cbf46f5969331adf","sha1":"858be4019e9ec9f6de6aaf7759f457779950c4ef","sha256":"7d2a3c67a89fd70e1d0cbe32a7bc516029f1cb5f121c5f2672bb1d9189f94d5c","sha512":"631d06c2e35d987dcee189cb42bde265a2832cee063c88c179690a250e0e853aae8fe4e8a37a8ff504440d5740f9fa2190d1559a9ffea604810aa8b74f697792","ssdeep":"192:Ta7FrVAkPRTVQFUR4NXsby7yB3bex4QTaC2w/6AR9M4Bs:O7FrukPvQK4yTpe2QWCT/6ARWCs","tlshash":"7de19ec9f9468437089726cb25e5504cdd0df66f827e5ed4f1158ab02bb2c39fb5220e","first_seen":"2026-06-03T10:08:00.254914Z","last_seen":"2026-06-03T10:10:15.193654Z","times_seen":4,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Carousel.BJUclzFq.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Carousel.BJUclzFq.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-51ef\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20975,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (11324)","md5":"9002f23645674efc865330cb10a48066","sha1":"faa8ebecf633dc3c89723af987664eb8fdcc8b09","sha256":"7b7a0d9f2f4c3701f8b9231dc2551f29f9591f889aaab5586d31c0d2c4b3b085","sha512":"b67b0d9205e3538383def23903a8397ba32490e2a6c611bbf16026002701af0f162cb622343d71ee36734adf99c594691fa9a316425473de0cec5349263a9e63","ssdeep":"384:m/RNjBDzqq9IRceNE0jNVX5ukNVXzJEzKqJKXGI2R7krmMeGL8w3duaf8/RsWMtq:mHUxxnzGIs7kCMrLF3d2/RsWMtDFc4+","tlshash":"c89219a07585b028a7a349c4c1e7440b33395fa3f406e4f4f07b61962965a6c92bfbfd","first_seen":"2026-06-03T10:08:00.153787Z","last_seen":"2026-06-03T10:10:15.270582Z","times_seen":4,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_style_index_0_lang.B2z57bxU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_style_index_0_lang.B2z57bxU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-126f8\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75512,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31787)","md5":"7341403835f89ef572116380b6f832fb","sha1":"df402fcefefb6ab8eb64feb501475e55129561d3","sha256":"4b063311fb653a2a9826e3dc6910783770933dbe1ac6dc06db21f185ac614619","sha512":"9956d14e0219c2dd90b7f40b6b166d7b0875e77681111d7b6f260071f533f299d01c5c66a360e4b9cde741ce3d0d0ce137f50783bf7b1ccd141e38d0cafda611","ssdeep":"768:V3757ETdCyzbP9dX5IcJV1WFCZsD0tJs/MLWnb439z9FZ4LTgaM+kSftvfp+ScMG:dtwU23nWgWYqM3R8uScYVA925tCSo","tlshash":"c2731c98f60ab07152f7c9e9e0af464973123782a704d1f0f4b698610692779f0abf7d","first_seen":"2026-06-03T10:08:00.347344Z","last_seen":"2026-06-03T10:10:15.216736Z","times_seen":4,"resource_available":true,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Volleyball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Volleyball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5582\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: D3dLQA.qVr8ZNvsvDBstg.I4sNwnK5xF\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"86902d569e448113497dc0cf585ab082\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: G37xMmTQBIYMeFdum4-cmJu43Avm_DCtwBJiU1iUSxNw7AJOFU1LTg==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5582,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"86902d569e448113497dc0cf585ab082","sha1":"7e88eb53521c76762459bea347df3f3f4e9f894e","sha256":"d3f642e8e875fa8af7f9247ed241b08f6f5f6a2265bde5a681df710d09603dfd","sha512":"6aa6e48faf436852e01877b3cb37f13ff65bff355e5226093f200f82162beb047f39ae3e3f5c80bb88718b1411d175572b02155904a9300d0d6d39ce1a4073f5","ssdeep":"96:87SkNxk44OR+XMWK0Yj/2klaXZybbyU6oBdCzTA+94n7GVvbhUdmKh/YUsIoXLo3:WSh4XiMWm/2klapWj6L0++7GV1Ud9h/f","tlshash":"50b1afbb16be143e2607e53dd10df803dbd8abc8e854bfd858920ba1902788c31387c6","first_seen":"2026-05-30T07:41:04.823417Z","last_seen":"2026-06-03T10:10:15.328504Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/chatShare.CI7ZQNfd.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/chatShare.CI7ZQNfd.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.KwvdZ0jF.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-445\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1093,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1092)","md5":"8c484fa33aae9aa4caa73758c9fc5d4b","sha1":"b107f8624668440b31cc867a1630184d40145f63","sha256":"3a0da513cfde0cf206dafaa07d44b468fb74ee08c82dbab0da48872611e031c3","sha512":"db3dafe9a977c62df92588e4ebba1d81943d9282d582cbfe45586c29187a8e53ec45e707b5830bccde22758e65b180185491a9ecb45f7f109e2ead7dc77ea742","ssdeep":"","tlshash":"a711ddd6b1c639a28761145e90704666f2245d1539ad83f0f23e95733d2b81382fbe5d","first_seen":"2026-05-30T07:41:04.668588Z","last_seen":"2026-06-03T10:10:15.325044Z","times_seen":8,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/siteRewardModal.Dvn9HFxM.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/siteRewardModal.Dvn9HFxM.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 698\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-2ba\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":698,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (679)","md5":"45f51df14995e0c2c545dba7e1787e5e","sha1":"3cff7cb9d0f4320c1d831598f498f29f800f10a2","sha256":"3e425fb90b828790aa7b282018db0137e5211e7bfbd5388380522ed76b7f4399","sha512":"f3db114d5670332871bb623d88a90558931300d2cbf34a96b0baf25b63dc51e07c727dbd58d8b451098f687d5addc72dfa4b0ebe5202f197137fbcee38106fef","ssdeep":"","tlshash":"97017647e84934b914b766b27455690203a8b93a949a022c39b538db16cc885f2f9f30","first_seen":"2026-06-03T10:08:00.158864Z","last_seen":"2026-06-03T10:10:15.207896Z","times_seen":4,"resource_available":true,"data":null}},"time_used":786,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":786,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/BonusSign.B3GMhO1P.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/BonusSign.B3GMhO1P.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\ncontent-length: 793\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-319\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":793,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (792)","md5":"7a4a2e7cc9e93ecc3d487daef2bc9799","sha1":"e469b43fcd21a7951b549080ae6b4f9484e27008","sha256":"cfd340ceaa886421d1e6ebbb71e9f0e71801f6a7d54509a4847a16cce67b4eba","sha512":"1e54b3c3dfd6cb95f6528e788f102ff4f5006043e76c9a29cb5b666431b0e4e2c1d957c0f71210293bb198e30389d85a988e8351e3433e033d261d21613a4407","ssdeep":"","tlshash":"ce01c25692423526c04f53c1b2c0955c0726eac3e5a36eee221c6ae657826e342d771a","first_seen":"2026-05-30T07:41:04.83171Z","last_seen":"2026-06-03T10:10:15.242693Z","times_seen":8,"resource_available":false,"data":null}},"time_used":322,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/472b8c1054f89dd16e59e06c035b9ae8.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/472b8c1054f89dd16e59e06c035b9ae8.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 5749\r\nConnection: keep-alive\r\nx-amz-id-2: O0jV1CsvCWG9Q5mA9VnkUvK3d5WOKQ++9vJ26TF8qAdMkc1X4MiiyUHQwMURRvHgJ9yNjZRJa9w=\r\nx-amz-request-id: 3CPJSE3TJXVJKEC9\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Thu, 04 Sep 2025 04:13:59 GMT\r\nETag: \"472b8c1054f89dd16e59e06c035b9ae8\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Y.AQGPkbHn34tLCCegvmAdx1PpoFiTZe\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1303413\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15475\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5749,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 86 x 86, 8-bit/color RGB, non-interlaced","md5":"472b8c1054f89dd16e59e06c035b9ae8","sha1":"ef519c086eddbf87e0d716764be8c21a94986fd8","sha256":"f052a413e8ae557163a2ae8aca7b5111596e2b5ee48ad4326cdc3cc0db61d4c2","sha512":"62a4c14c9041839d46545cd6c97f8970fe340423acecf7730b913444f078c331f4b3d3b11cdcff4651cbf0377b01afcb787e499d498a0d0bcabfce57a1c270cc","ssdeep":"96:6hTLomci0tVkgMN1pYZsUFrJF067D/BGrwoSQcXrfbyvqhIq9pHbSLRn2hKdN:+nomHUq/N1UsUp067dfQdqeGxSBgKj","tlshash":"b1c18dc1ae3ca6da568d2124dcd8060ea276e72d3f6ee88c6125c8a7547c5c70c9f324","first_seen":"2026-06-03T10:08:00.400625Z","last_seen":"2026-06-03T10:10:15.310177Z","times_seen":4,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":59,"dns":1,"connect":26,"send":0,"wait":30,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/96c825ad8e504283dd58676874424c2a.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/96c825ad8e504283dd58676874424c2a.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 16085\r\nConnection: keep-alive\r\nx-amz-id-2: dv3sB9IvSikL5LKDZ8o/LoCHN4vUwJPsax4Sa6V5jzEcl7sPfw2V09/mVVt3QB8qyL/+Qj2ybXQ=\r\nx-amz-request-id: Z68HJCG25M3RN8ZQ\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Fri, 12 Nov 2021 01:53:49 GMT\r\nETag: \"96c825ad8e504283dd58676874424c2a\"\r\nx-amz-version-id: Klu6VCH1TSl30381aCR90LDjZGxDQEy3\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 5392\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_16352-24880\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:17 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16085,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"96c825ad8e504283dd58676874424c2a","sha1":"2ba724f51b813797360dd2396ccac74332cfa4c6","sha256":"5ec8333d1dcb70f405971cdc51683b6460e06b1cc4b246fdf0a0d4bd794ff9f6","sha512":"865cc4f0cac94da5c89be9c0a14c536e71cb73549c4f6ae898d689025f483a4f267c07c2a31bb5b7d427954a2817f253b016c4079711742c9e9bb59ce659f15b","ssdeep":"192:fJ3Rr/UqSs/CKdPD8OB66PCedJ6rtEws5GjZv1oikbcC3IgpaVF7BHDCqUIyxYcF:fJO/s/CKRjZPWcipganmI2xFnYPInv","tlshash":"ac72e1d4645fd1bbf257342bde32e979631cb14f02a0a5d81758e8fcdcc62060518fa5","first_seen":"2026-06-03T10:08:00.407071Z","last_seen":"2026-06-03T10:10:15.320657Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.D67AFp5E.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.D67AFp5E.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-5b3\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1459,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1458)","md5":"cc3a3aa1213607d03966ff4493c719fa","sha1":"e02202a0a1c0efb89fc500c27d4c6259a92aba42","sha256":"3dd9ca0357d7a04c797d37016a8d8f6ca351c2085b765214c2f4ec7446143cf6","sha512":"31fcfbfb127094ca21760e9622a11384af1894f210f9af74381cb3131f849edf840d877f52a2c98cb46182e2807ebb40d4348a52b384bbd69e0e67a5ded5ddbb","ssdeep":"","tlshash":"fd31bd227738711c943be5217880aa4a2410e34f6867950bfe25a779cdcb4f33b6279a","first_seen":"2026-05-30T07:41:04.600458Z","last_seen":"2026-06-03T10:10:15.311076Z","times_seen":8,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.DOuwUyMp.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.DOuwUyMp.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-16ba\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5818,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (5696)","md5":"145db57658d5418ad218fcc3b6391ac4","sha1":"731e40cf257d28d39a55a55405d3b7b01b4019f2","sha256":"58561498c7eb530950d063baa176bbba62391295afddf6072d6104599e08fd3c","sha512":"a1572e8d311f02522d8c1718142cbb0464fd06ad2e972ee9c305b613ff3573b906c2d00c1a49d0e6103abe3b17b84ec6664fd048399ec5a88ba621f53c89fd87","ssdeep":"96:NpnvAKzW3YrGdv1PISGEwRA6tm1xyY3A53Au3AV4GzK63ewVzbUkzEctpsJUcph6:nvAwSGEwRG13i3J3+Pl3nftIUGh4p3wy","tlshash":"b4c18699203fbb7ab6174834756859d2a3087faac115c44bf1bc1c232bce8b416cdb79","first_seen":"2026-06-03T10:08:00.177086Z","last_seen":"2026-06-03T10:10:15.187451Z","times_seen":4,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":560,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/ChevronRight.lAMfMYDE.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/ChevronRight.lAMfMYDE.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 544\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-220\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":544,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (543)","md5":"8b4e301ddf48058f7a6b86631a1992c6","sha1":"74ad1a0e7d3299acbffde0611f20c5e77e78c51a","sha256":"0ea602eee777b43ba55e09a5126fd9267a43b469c8abd2ceb1312e542fde9a2e","sha512":"54f2e2c1009809dc5de3fb6600acf73bd4c7af31ca26dc84f3d4486efffe5351336fe09009bbe2a519c6351c056819daece12d3c5200e8b6c776b6d4e31a3f74","ssdeep":"","tlshash":"8bf08bdf92d29971c9119a21d1b15041cf2914fce641cbccd22007249927cc13d0fdf1","first_seen":"2026-06-03T10:08:00.197066Z","last_seen":"2026-06-03T10:10:15.230325Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1041,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1041,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.BsUAnUYC.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:52.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.BsUAnUYC.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:52 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc0-209cf\"\r\ncontent-encoding: gzip\r\nexpires: Wed, 03 Jun 2026 10:18:52 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":133583,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"59ac43b23dfb26d30670365572fc3962","sha1":"6e5e079edbab87316204b052ec3fc35ae70a9d6b","sha256":"074cbf1b7163aeb81530988dc0a524464d6e80a5eb43c536ac10ec0de16fff92","sha512":"ca3f8996a7a0f86f4c2fc3b454852958c7fee8bb5e357ab7e6d2a13826a58b7785013b57ee3f2a3c1de80073c37cff4440f7af4bba543f113d8217054489db9c","ssdeep":"3072:7p64nQOfVMVLPjfV/GJqf/3Xq/tgFUw912f5pH2349B6jXMoAkMSITqa9efoMNIE:9lnQONMVLPjfV/GJqf/3Xq/tgFUw912G","tlshash":"ead3a6516628603f7c3b90f2c1e4bc9cb21bf682ef2615f4fd49612259c1afa1e72715","first_seen":"2026-06-03T10:08:00.242941Z","last_seen":"2026-06-03T10:10:15.335952Z","times_seen":4,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/sportActive.svg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/sportActive.svg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 24 Apr 2026 11:29:24 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: u9cvmN0rptiMJCoVnicS2rDMr_U2PRER\r\ncontent-encoding: br\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: W/\"17f037afef78671b3a79131ef93a0bd6\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: zctqoQsDLyrw8S83Nwih9rJKDfyxSxuSEMdkQIJ0VSoW9gLqporpag==\r\nage: 1808\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":3437,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"17f037afef78671b3a79131ef93a0bd6","sha1":"4aa4d445f24048d8995eab34c9fd1c11749c1ea8","sha256":"f1a8d21ff03e8ec4e19f414b384732cf9167975488d4dc83b573fccd1401a0ad","sha512":"04d4adca9d5e3a2822f13f1fb708cba5761b3153588e98aa887d7b7466e7bbdcbb9b7e72e895c145cbb703ce1ce51deafa97a58b3a854ccba1d134c96203aa9c","ssdeep":"","tlshash":"026164fbaae0b6c1e546eb24e4338455baaf3cb77f9116c5c188ef44b3040e54d88c44","first_seen":"2026-06-03T02:50:07.922972Z","last_seen":"2026-06-03T10:10:15.330144Z","times_seen":6,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":90,"dns":1,"connect":1,"send":0,"wait":2,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/right-icon2.CA_mfVyH.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon2.CA_mfVyH.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 60519\r\nlast-modified: Wed, 03 Jun 2026 07:46:11 GMT\r\netag: \"6a1fdbc3-ec67\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60519,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6111e72a5bcd012ceb62d5add84c9949","sha1":"cfd667f062465cd60f7f5be64f51eba0ab42ce4c","sha256":"e392f4128c43fdb316678c473bb409494391cb098ff17f3cca050524c927dbbb","sha512":"b9434c10216cfb60779054bfdf8e0399eaa9e38e9ddb664512ea1e54ff70b0cd4fe2c42c910a9545b7730cbae9e871d339c4c636b1a5ab42d94f058f69104c88","ssdeep":"768:aTDuFBlw3W63T+OrENriyaolJPS2J9SzEt1rHnJrYr7U/ggNL43iL9Mu3iaarv:aT+wGy+O789k6rHJrYr7UIgNCUauybL","tlshash":"fa4395f5a7d8b2e0e106ebf4d4229461775f3cfe7fa6cb9983a05d90d62205c898dc90","first_seen":"2026-05-30T07:41:04.773059Z","last_seen":"2026-06-03T10:10:15.33098Z","times_seen":8,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":393,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.Bk_D30N7.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.Bk_D30N7.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-47a\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: EXPIRED\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1146,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1145)","md5":"6536c5009b58d82f1cc686285a0e4da5","sha1":"56b8a6118a1ae40027b1e1e459de4c0bf5d86387","sha256":"92c616c9ccb43241c728f83eaa9eda8159d3356fad557123dc65bec2d8110d35","sha512":"87bdb05c1d1e48be58f3bcc5607d90981330ae0fb7c6659a9e97404626eea39325266ebb4bd1e9b452f9f53737b6859ccacd5021197409920d8405843e4d9844","ssdeep":"","tlshash":"7f2191197167701596ef4348c1d09f3c811ba7c3a62638a9e76296de17527f231d123d","first_seen":"2026-06-03T10:08:00.260887Z","last_seen":"2026-06-03T10:10:15.282068Z","times_seen":4,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanelModel.C4YiEeXu.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RoulettePanelModel.C4YiEeXu.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-7d7\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2007,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1994)","md5":"482346c7e505bc9dfaea505944722467","sha1":"f388d897c5f2e584db653ab80587e67d24f4d004","sha256":"60ca6f22ef272e3ff005fc2b2a79aa89bf0342dc311b0df5af47ebb93de601bf","sha512":"94256dbbe8c8bccd640d883d4824955d158059f6c2bcdc01fb4078f944c492e26b90b05a71f14e610b172472bb8ff8ca7d42b1922ca3261ad792f32ac7609dc1","ssdeep":"","tlshash":"2141b6c9b45acaf566bb0e9ce51944d1f11c3a2d6331f48830dc80232fb5de4957e71a","first_seen":"2026-06-03T10:08:00.371994Z","last_seen":"2026-06-03T10:10:15.228914Z","times_seen":4,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/PersonLoginAbnormalModal.CKMpEKiS.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/PersonLoginAbnormalModal.CKMpEKiS.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-2c0b\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11275,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (10202)","md5":"6bda40d0fd8de66a52710a03afeee290","sha1":"03fb60206c080ecb321cd9fa7fd69741b2835cfd","sha256":"1003347f017341aa72030152d643e39a734256e4f8c3d6c427b0eb53fc19375d","sha512":"b27f335af4f1c0aa79568c5fcf82e86a1eb147fa29b2d396f415af04496bb52270d8b46eaca4b7c767d2cb69ee24814c8bc5cc7f7ce3105b8a1ef4c6712be800","ssdeep":"192:+goFIPwhdsWzw4swSfqCDd1ui7FUfk23OvuAacNN+ppwFbeFIV:+tFIPwhmcwlf97FUfk23G1NNdeFU","tlshash":"2832091c313aeb7e3f0b5420b1a86058900c7f9ac518ccd7e9be4c272adaef45685785","first_seen":"2026-06-03T10:08:00.22659Z","last_seen":"2026-06-03T10:10:15.215988Z","times_seen":4,"resource_available":true,"data":null}},"time_used":849,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":849,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useRewardModal.xxp8-ci0.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useRewardModal.xxp8-ci0.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 364\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-16c\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":364,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (363)","md5":"022a307c1723df6e434f0b67002d0bc0","sha1":"687413f8ae416fa802229e063ab2b68e22038406","sha256":"f7eab77dab1b0172cdb65650a223df93722e032dd211ac4dd48c97adea4bdeed","sha512":"49f9dbd5881c084a918757aef45295dc6990132601c11e2ff4ae434dc314e428aa4d8d63a63db7415597391f6e81a6d646434dd5752885a54b88be2a102ef52d","ssdeep":"","tlshash":"5fe0c0a7e0ca5af9242f198ba135007941d8149971cb8e84535c09d60b2d3d2f02bb03","first_seen":"2026-06-03T10:08:00.221396Z","last_seen":"2026-06-03T10:10:15.16859Z","times_seen":4,"resource_available":true,"data":null}},"time_used":641,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":641,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/AmericanFootball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/AmericanFootball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5558\r\nlast-modified: Tue, 28 Apr 2026 03:44:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: AWeDlgH7R4a72WtiHbFp8V3pbKdvhied\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"31c4ab00b35a863a4f3579d4671a5565\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: T3EbKHinkKXuE4GunW0sN99ZCvLrGtB33IsCdB-i0SmsrC7hYnJnkQ==\r\nage: 1810\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":5558,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"31c4ab00b35a863a4f3579d4671a5565","sha1":"21aa5684fd8806c31e7f867c0780b31d72a0bf44","sha256":"834672e2b150ec1c2dbe42a85085267496ce597138bbb5a83f83e89ebed659b8","sha512":"9c695838c22393fe8a5237bcdf153d9557aa43f6fd56d48c0266ca636fc3dfff2ad298a4d603aca9f91ea50f8ecdf0eccfce7f7fefb133a1ca60befe76073e58","ssdeep":"96:87SKnJuC62gDWZCyd7oqdkAtpqSkGDZO/GNy9N3XzxxmJlQLMRWi4zm9:WSbWz7fabSkKNyjTx+v4q9","tlshash":"48b18e9a94764102d09fb66f4cf391b09f873b802589cfa27cc3bd663b207268955d87","first_seen":"2026-05-30T07:41:04.751559Z","last_seen":"2026-06-03T10:10:15.226095Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/EBasketball.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/EBasketball.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6644\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: zY5lwo74tzH_S_ox.IMkUtf92Bnx7Ke5\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"ba6037fdb293dcc9faf3bef5077fd92f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Y-UpOuzOJYsVqqSS8QdeBRJaYbs7CMCDAavLcw7nKMHXlT3wIL1EsQ==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6644,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 72, 8-bit/color RGBA, non-interlaced","md5":"ba6037fdb293dcc9faf3bef5077fd92f","sha1":"4c888bc8f1601c8611fe714c5467b42b9b375ed4","sha256":"19a7da1d4d8ecb8567756a395348745a24b1c7e981f5c5b18be519f38c80426e","sha512":"ad7c0807b59e8aac06fd811189294011c388e0759d20941c3da7a978f33f750f58ca57aa23837addbce4985b40062e78cd7c3359ce88947aeda81b8414e08ae9","ssdeep":"192:PSiLW/KlBV7Q6Ewj6usT7rhXawPZ1Aw4RYrtum4u:6iLyEBaJwOT7PZZ4irkTu","tlshash":"6cd18e4e2ce6dc7b541edcde1ff7b3f4ca324bd646c153046b657b01810256448eaba1","first_seen":"2026-05-30T07:41:04.801653Z","last_seen":"2026-06-03T10:10:15.223328Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.KwvdZ0jF.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.KwvdZ0jF.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-3e27\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15911,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (15672)","md5":"be24128644c921313b613655b0e5234b","sha1":"6757f63622e6a3e9fe5c69e3bbae30b62df8e4ac","sha256":"c75a28b76f399692275471216adbabf36c5b7bfafa8d56608fa7f7f079af856e","sha512":"f5a1a912cc8ab92e585aa6c15ee9bafe5e64a989ff58a03213f487699862c212dc3d06219e758d592410141b47c732beda5cd22ad730628e1c18e83926e67dce","ssdeep":"384:s4/30e4n4WQlTJV6qQThZzGmd5U4bAczwgI:sfn4lV6BTmq3zwd","tlshash":"ad626d0f310b567e677189af82724c00a1218fda84518ee7e4ff4b181613ddeab8d71e","first_seen":"2026-06-03T10:08:00.337989Z","last_seen":"2026-06-03T10:10:15.184289Z","times_seen":4,"resource_available":true,"data":null}},"time_used":724,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":724,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/_createCompounder.CzkBocFs.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/_createCompounder.CzkBocFs.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.q3BCKoP_.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-d29\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3369,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3174)","md5":"1341129e5f863be771961b74e6931d81","sha1":"2eb72b7c8f4e616bfab303fc60b779efa06e85ae","sha256":"fbf9f355f629ae10949aa34a029b73f74030e6aa444449f38f939a32c066d449","sha512":"75ad66f52a6826487cd89e6ad4bac4cf648969ff561382932c5b723dd730d815fed94c674f0c3e44df212aefdd976bfd1107d410fd41458832f76f57f1e04eae","ssdeep":"","tlshash":"e461524968a7b548630870400aba0c89c3b91f7771e5e2dde3b6ec853e75f2852d5b26","first_seen":"2026-06-03T10:08:00.349378Z","last_seen":"2026-06-03T10:10:15.239906Z","times_seen":4,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/98b8bd888626bdcda009190b373ab5e5.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/98b8bd888626bdcda009190b373ab5e5.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 8410\r\nConnection: keep-alive\r\nx-amz-id-2: ZvzDxKYwAce30wzMJDFMTEcGKBHDyBb8LbiElm1Q3QjM2PEOSK9xsNUCNctuMGfuv6azsTMfRMN5uVYqWlm+prJm25DXlNtj\r\nx-amz-request-id: 1TEJM87DQXG8P3MD\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Sat, 23 Mar 2024 20:33:28 GMT\r\nETag: \"98b8bd888626bdcda009190b373ab5e5\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ACs0E2CyLn95d3N7mjexmyffCN_TRon2\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 179661\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_14518-13109\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:7 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":8410,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"98b8bd888626bdcda009190b373ab5e5","sha1":"1622e6a611da1daa446f2edae58f52e1ee9266d8","sha256":"33ce636c35c420b9f7c7ebd4e06272a2af935b393efe0ce57fbe3448992efa73","sha512":"07e226b0721cca4c4df9b582f5fb2df37b7d173a0324de53e42bc666d57edc8de4c1cef8879c4afe4b350186602679e0749f010405c06e517d53c05d1d861409","ssdeep":"192:5McNlx11ogCfFXpXaOhu/Jv5KkMj4KHX37OAPl:PvCf7XVuBxeMKHXrOAd","tlshash":"cc02afd8a4e8d5df32141d2136319d18299502f4cee89a0ca7bf13b21f58ba65cc3f7a","first_seen":"2026-06-03T10:08:00.180125Z","last_seen":"2026-06-03T10:10:15.22125Z","times_seen":4,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/GameHeroSwiper.KEZSG98u.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/GameHeroSwiper.KEZSG98u.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-3019\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12313,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (12244)","md5":"1a1a1f41c7c0e113a1b03ae32bf2ed3e","sha1":"6839a1308a4a8211093d737861579aa3955cd8bf","sha256":"6cec8c2f3694b8d73be580d8fd4269a3a9c2f85665e80ecc74e5a8131f62dc85","sha512":"8b3799c43fde9a0621b11e911e0a18a426665735f5d28dfd668450e68aa180fa49ff06d9b204134acc8e449b1511ee08d60b0dac49a1b0052ab7a9eab9ff656e","ssdeep":"384:qv+X+C3dGglWcEIKarIvYEy9LELpLLLKJmHbfV4GfRMQMon:qvUl3dGUWcEIKMIvYEy9LELpLLLKJQf3","tlshash":"d842fa5c6461487efb3a4d8f1684781d71286bc2ef69d881f2fd3a2617a1c79ca1932c","first_seen":"2026-06-03T10:08:00.393004Z","last_seen":"2026-06-03T10:10:15.171692Z","times_seen":4,"resource_available":true,"data":null}},"time_used":492,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":492,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/siteSportBet.M0NnB7ij.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/siteSportBet.M0NnB7ij.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1e04\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7684,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (7665)","md5":"3f7ba0b277c1653b33c9fed5041d1cd3","sha1":"a739b5c2194078224695959ee12e54938f02ff06","sha256":"0ceb33572c7801b7c7e0cb29b898897f89d585618a471a4fb75135041b202292","sha512":"6979d217ccbbc62371f0514ebf9b47ed3482b760ea725f2532300f496f34e7348926c122e03bb0205215906b546a9d49811e7a6fc9bd9cab09619e02ae159835","ssdeep":"192:ELl1ostNIWItd/WE3F8znkIYPrctVD0fultl+uNUicAZnwlqKc82cxllYNghm2M:yl1osnIWIv/WE3F8zktDcTD0fultl+uV","tlshash":"c0f19472b29e520147c0203c90f907a27734647e24b38cacbfadeec95625a5573b9b3c","first_seen":"2026-06-03T10:08:00.367045Z","last_seen":"2026-06-03T10:10:15.250396Z","times_seen":4,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/game-center/f/game/gameNameDict","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/game-center/f/game/gameNameDict HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/json\r\ncontent-length: 46458\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":169403,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (20435), with NEL line terminators","md5":"d0fd2d16e149f9602fcfd9edc119b931","sha1":"64d5cc41246301f55bd6c6c4a8a4faf68fe561aa","sha256":"820d634d84eaff543d8d5c97d35c9fbdef457d9f11e7d9f6c87ca7a9ce4d1e77","sha512":"7b78809f1d853a9582e2b517c0e7d34f0a578a8dd9e566340249001c1d72d83fd9ea0347eb26bfa8057a067dc8715d48956dee84c501ed34954f0bf38d41e2bd","ssdeep":"3072:73zTXs4ZU6stE9IdSAgzAcjCZYMl4yQSOOWTmfd:7qSAgzAcjCZYU4yQSOOW6fd","tlshash":"3e14a5ddc90d8ffc86a87eb51a0b21edb4f0b28fb5dc9949326259b32dd870d01265b1","first_seen":"2026-06-03T10:09:30.291627Z","last_seen":"2026-06-03T10:09:30.291627Z","times_seen":1,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":334,"receive":86,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/InputOtp.BY2YT0q8.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/InputOtp.BY2YT0q8.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1421\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5153,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4338)","md5":"4dd479246a09c5cde11d9b85c19c1e46","sha1":"b4c356b2c4188dc7cc924a416a39190a35c43e5a","sha256":"16b12e516dbef28476a5fddef97cd38d87d5480f05406b80e65808814047f2ef","sha512":"eb2120f4d2b9dae788a42128a4a903effc2e4d6ca85e6094b1b33b082a741aa9e2af0e734b8c051e5b2e052ddb680a4cb7907d113a953e3e07239160b7f80b46","ssdeep":"96:zkMFbCbPHSwCwIHXzspJkaVBF0TcpS+pzldfsL2q1G0HM1cB5HGcB8q:YMFbCbPHSwCwczspdzLpS+p5dq1hHKcT","tlshash":"03b1e7953193a1b671f24ee684aa4021d6123f08a86df0d0d573cc5516a0b85a3fff3f","first_seen":"2026-06-03T10:08:00.246916Z","last_seen":"2026-06-03T10:10:15.269687Z","times_seen":4,"resource_available":true,"data":null}},"time_used":787,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":787,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Drawer.DmytjcuK.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Drawer.DmytjcuK.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-3af5\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15093,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (6796)","md5":"30bc869957aff340d6c9d28c2d5b6a86","sha1":"7abdd99b44ca510bf171ccbfcd0d130a576b7915","sha256":"533298f8c0a50e765713adbae71e3057daa81010d789d09d48ced7a2c0e7c88e","sha512":"c1f41b0534307507cc5a60cba328f66d50fc2ed29857214bf7e7ece7358ef594c8e9097530247740eb37b10b1d62d0d5d255623122b9c184d16e88e7ec6674d2","ssdeep":"192:BES4bF4ctw0bXOqeGSV7mci+arsRvXLoRxN+mNLaVatpvmEDbwlbTol4GRJCCkDh:X8Fm0rBv29i+3ZXRQUlbG4GQsbjc","tlshash":"1162e764fe19b07425b7c2e9c0de5b68117c97d2e72ac8e8f172346b11c22b85217fe6","first_seen":"2026-06-03T10:08:00.304289Z","last_seen":"2026-06-03T10:10:15.177966Z","times_seen":4,"resource_available":true,"data":null}},"time_used":875,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":875,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.R8q4lxdc.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.R8q4lxdc.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-978\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2424,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2385)","md5":"4b76e1dcff03d28b936e859cd60def99","sha1":"052820cff23a682b16912d2393f1f8a23394734d","sha256":"20bc75e70c30fdd43e5dbf82c21b7a62f4350d150d38b8918ed97cc4c1d31878","sha512":"cc0a06d52b8a2018b9eaea609ad48c4dbba4c30f4a0f1960fc04bc3a45ddc02d1211682c1dc38bbfbb4239812c749bd3f0892c7fb75a284edd7e6be1e0246cdb","ssdeep":"","tlshash":"6f41a7e7ec5d897959738814b0d10c51691e3f47d03c5d5794b9fcb963e6c307a0e4a0","first_seen":"2026-06-03T10:08:00.240008Z","last_seen":"2026-06-03T10:10:15.276874Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1027,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1027,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Badminton.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Badminton.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3724\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: WstUMFXE9R_PIGvO3YZ..SEp78p9RT6g\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"2df89a45cd8eead917f1a04f760cb35c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: BT50PEIiQnCVywmkaF63QxOxLMBPu6_Ess0WW7fnXLitAXlN847agw==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3724,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"2df89a45cd8eead917f1a04f760cb35c","sha1":"5c0dde8efcd74d2ecaaed58f8fc93cb7bb5af3cd","sha256":"1e0340420bf95402cbb14fb2b49b90ae22c1199e5873f63b189397442a95cd56","sha512":"31e496fb76553f068ee8179b6f62428eda2112ebf5cdb367c31ad9b3afcedf25f761c9834b7b78c5f8c5fda996c29cf4c24a8630794114f74cf2b657a7279f25","ssdeep":"","tlshash":"78716c53fe8f7630be1d50d1ae01cea17a7682490fc545518f9271b07cabf9e816a0b1","first_seen":"2026-05-30T07:41:04.800696Z","last_seen":"2026-06-03T10:10:15.31889Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/MixedMartialArts.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/MixedMartialArts.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6110\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 2sqr0o7gNP0Uoq0QnPZLnpM1Wa2cqG4B\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"451745237cd6238434fc9ef02db24b20\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: QjLfLNuSZjFZ6pABgywc0uU5mSUwuwISljF2oSuN9IWmxoHPwSKSVA==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6110,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"451745237cd6238434fc9ef02db24b20","sha1":"64e570c93605823ecbd84f79c513855d472e7875","sha256":"edc74dd7f7f552c584987a0dc5527156f213ae03fe93d9f8edb22018b17430d1","sha512":"6001d0d3ed52df16b44ebdb16834e5875d929b2f3d6b427c141a36b29c07ed2cf5a3c568acd09673dda3b9f61b331552bc048ee94f07a44a5c9c5485cca13303","ssdeep":"96:87SkiU/+1JhJdPUqvk49AJqLXDYicGhkKF7XekKH7Jz0V4AzMQ54PF2pQzSVN2IW:WSBUsJdPR9AJYzYicGhkKF7ukk7JYVqX","tlshash":"15c1aea641713318a94940e8e6c6b94b7f661d2f97b16801f849a2bc6422034d6dab57","first_seen":"2026-05-30T07:41:04.669153Z","last_seen":"2026-06-03T10:10:15.271247Z","times_seen":8,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.AhYOak5C.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.AhYOak5C.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-530\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1328,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1295)","md5":"5bb612e72d8e9a553d8bf46de37ee436","sha1":"db0e0ba48a744dfdfd2026449ef11c0791af662e","sha256":"6789c389fbe24a09ec748518ed5e9d7f4d4d725b02eb64fd1c755d211743dc77","sha512":"742baade5abcfd9ed1e3668ff9be043327e35eb9ffea08afa09166aec23a63b40ec3fa5768b852461fcedfb515e1dcbd85de7e133b9a253b3db712fb2408db5f","ssdeep":"","tlshash":"9921758a71c1f1710b3f84dce8918631f335b738d7a5cda0ca8e4e1542d1146e5afb59","first_seen":"2026-06-03T10:08:00.293426Z","last_seen":"2026-06-03T10:10:15.254112Z","times_seen":4,"resource_available":true,"data":null}},"time_used":646,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":646,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.Dlmy23Tf.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.Dlmy23Tf.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-c43\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3139,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3082)","md5":"dc30a2ef09dd5d2b8002ccc215e36679","sha1":"8588f4e11b628ff9fb4b7cb933e34fd1d9334bfc","sha256":"d9ffaf17ec31cf9ee7bbbd1caa0f7b0e1d233d139553eb2811ccde4a693783e7","sha512":"e15ee835f2ba69efa12e9e7b3a8ee14b08fbe8816ee88dd27442736de18681d6f4835202d31b3426ff8467cd3ecffa492c48f3e3e88b0cf35ba72826ae4b16c8","ssdeep":"","tlshash":"e851b366b87d8cb8f2730cdca0214504a2091f4ee1726cd5e83a17ba2c07fa1cbdf428","first_seen":"2026-06-03T10:08:00.262416Z","last_seen":"2026-06-03T10:10:15.196539Z","times_seen":4,"resource_available":true,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":879,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useDict.9D1mHm0R.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useDict.9D1mHm0R.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 325\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-145\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":325,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (324)","md5":"8a84adff40cfe7385ad18b59a3dadb82","sha1":"42f33bf69f33e90913ef497929d22aef2315207f","sha256":"a87e9d5e1156c19593cd10f1f7f9e76a4ab781a2ff0d41699fa617bb6dbb355c","sha512":"53c4ab0d4d5e7fcc4a25357bf8a5633723f4f38140f2e7aa9ed4ef6bb8ffc20d22db12ec0a9d66d8fa965341751290ce942f60f3656b7e35ab3304bbdbe72ff8","ssdeep":"","tlshash":"f7e07dcc385d34e8430f0cbd5a201152876567b2f12dc4d0d0fdad47619e542e83fb12","first_seen":"2026-06-03T10:08:00.318519Z","last_seen":"2026-06-03T10:10:15.19438Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1030,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1030,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/5a9c309a6706f9ab74c9d8deea1072ae.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/5a9c309a6706f9ab74c9d8deea1072ae.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 21823\r\nConnection: keep-alive\r\nx-amz-id-2: 568sMUgJ+NtqgYrFuNk2qWMZYXtWpWuj4l0AMZA3Gwnt0BL0Lc0hoHJDezK/qbtW047hfRwzh0aepgLeHVuIz9rLp20WQX4W\r\nx-amz-request-id: B6E4GZGBS7HFNW47\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 29 May 2026 23:59:31 GMT\r\nETag: \"5a9c309a6706f9ab74c9d8deea1072ae\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: xxhBJXDQGTSBbLtVwGsv2YldZWFx.17s\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 183234\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_13048-39936\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:0 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":21823,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"5a9c309a6706f9ab74c9d8deea1072ae","sha1":"e8b15aa68cff908a852aec3b3eba7400152ec57b","sha256":"8e28f75d95aca803c1ee03ccaa2cfb093df9d14c32dcf63cf3f5b886ab108bdf","sha512":"daea2f2dc0919fbd650d2d3fa5315ce6fd6615873c94327cdc4363166ddc1f661afe80c90e5854acd506f89c67ae236c6d6a7152ba556e4ce5c18d0aa1ca8328","ssdeep":"384:4RgK5BSFjZvXktdkz2nC+t2z/A01CXRbw0nDV4KjxV5xzX:4Rt5BS9Mtdk6bylCXRbrDRbzX","tlshash":"ada2cf8b241dd5c1ea36a5336a03315b6c3daea90703da8f1b6c483e5ad74b8dee0475","first_seen":"2026-06-03T10:08:00.296583Z","last_seen":"2026-06-03T10:10:15.307386Z","times_seen":4,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":45,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202601/698dcff4d7c744cf864f9db50548189b.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202601/698dcff4d7c744cf864f9db50548189b.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 273093\r\nlast-modified: Tue, 20 Jan 2026 14:29:13 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: zDxeUXTDIKMinu._jOvb59s4GIZFV6F2\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:07:21 GMT\r\netag: \"95db87a77bd3372365c673c41535467a\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: KLjFjEPjgVbh7Ett2NyyvhuUo-L-XDw-pUNDv1JuRrv6ZLofoICrUQ==\r\nage: 1809\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":273093,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 561 x 520, 8-bit/color RGBA, non-interlaced","md5":"95db87a77bd3372365c673c41535467a","sha1":"ef774f2d903cad6f6f4f6b15813b3508d9b3b5a8","sha256":"0dfc192fb7fe47f4a9bcbaaef514fb588a11093f1910a67b3454503cfd30698b","sha512":"445b108a0bb8adc1354db22c1e54ff243b42b058f7b7af5f85fbd1f69a862de7a2c9a7682d756336bbec0464d9f9ec7afaeef0290a3697f4f41a2cfcc16f65e6","ssdeep":"6144:zk/fa02UOWsMWLFJ7ikDIN/MEhqbG11GVe1yDbI:Q/fayOJXCkDIDhYyG0kDs","tlshash":"c14423dfb41482d210a85181a76ed36b4eb1bde3fcc9a5685407cb91db91e3fe08d9e0","first_seen":"2026-06-03T02:50:08.014806Z","last_seen":"2026-06-03T10:10:15.253394Z","times_seen":6,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Skeleton.Bm44yorC.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Skeleton.Bm44yorC.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-9a4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2468,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1286)","md5":"dc5837a66b83d5911fb1e1e7b6c2ab4d","sha1":"4c306d9eb85c7daaef919a896fc2fe90857868dc","sha256":"fc0085ce71076b8ba9ca99d83d34492e7fb05ea815b578930cbfe66511638a66","sha512":"c836c1929344219d12b1fe695d79c3bdca14ad57dc4bb952e42adee9228b9d959c1a63d2832c6cb345ae14949ff2708c5b00dbd6084796aa63d2d50efc8443ec","ssdeep":"","tlshash":"af51656cf2dda8f729d3c8ff62aa075410293595ae70d291f1b738a276013339761f22","first_seen":"2026-06-03T10:08:00.380247Z","last_seen":"2026-06-03T10:10:15.258069Z","times_seen":4,"resource_available":true,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/RoulettePanelModel.geErxOXH.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/RoulettePanelModel.geErxOXH.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\ncontent-length: 105\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-69\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"fe2212c11df8568e4cc52b8dfc140673","sha1":"dd54c62266782cf9b9bd8598af9933e0a6bbc129","sha256":"c691b95686d4301db069f7c88df6e117ce6795d2f47c9ff9772961f157330406","sha512":"5ca52da3f56acc45beb79c10677a5cf5be4e9c5c47a396076b55f3570ed247174391219c9ef184b56579f75a917fbd5b1bc44cc587653336378e874656a8563e","ssdeep":"","tlshash":"08b0122f7f65c1853c31e2d071049d6c0e20368103110f23fa54d1434dcb1e6740721c","first_seen":"2026-05-30T07:41:04.623408Z","last_seen":"2026-06-03T10:10:15.212096Z","times_seen":8,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Darts.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Darts.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6566\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Ct1J6UcYnaNecgk5OdvGyvx6ITjpNN1n\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:08:22 GMT\r\netag: \"acb74aa8dfe6199601a3cf060fd783cb\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: lNvWomKhyS4bjdfsQXT0DncVHAe0x-vDg5doPKIfu9XE3RstUsfOBg==\r\nage: 35\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":6566,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"acb74aa8dfe6199601a3cf060fd783cb","sha1":"45e6abd19f8e015ef48af23ef6b33b37badb7cc8","sha256":"3a1e633671368a2e03d10ef7158e9ed84e265430ff646b987b4528b7dfca3302","sha512":"13b2945e0378dd0bdaf636120dab00d595cbe1d87606fc39e576ec4ad0bb86010d3bf0db0230c45cb5cf68ea0dddfa88b523a90c59e1362c0346a77b9278da0c","ssdeep":"192:WSHJLzO6Sdh3GJq4Y3bVpXchJvDUjIEQvpd:5HJLzOndtGUL5ShJYjepd","tlshash":"ebd1afd7dd45125608b24a33a1cf7bf8a3b74dcc88ce8916d5f700b0941a30b1badac1","first_seen":"2026-05-30T07:41:04.856416Z","last_seen":"2026-06-03T10:10:15.254806Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/useDict.9D1mHm0R.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/useDict.9D1mHm0R.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 325\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-145\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":325,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (324)","md5":"8a84adff40cfe7385ad18b59a3dadb82","sha1":"42f33bf69f33e90913ef497929d22aef2315207f","sha256":"a87e9d5e1156c19593cd10f1f7f9e76a4ab781a2ff0d41699fa617bb6dbb355c","sha512":"53c4ab0d4d5e7fcc4a25357bf8a5633723f4f38140f2e7aa9ed4ef6bb8ffc20d22db12ec0a9d66d8fa965341751290ce942f60f3656b7e35ab3304bbdbe72ff8","ssdeep":"","tlshash":"f7e07dcc385d34e8430f0cbd5a201152876567b2f12dc4d0d0fdad47619e542e83fb12","first_seen":"2026-06-03T10:08:00.318519Z","last_seen":"2026-06-03T10:10:15.19438Z","times_seen":4,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":284,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/7538807298e31f4f30362aae2ff3105a.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/7538807298e31f4f30362aae2ff3105a.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 6573\r\nConnection: keep-alive\r\nx-amz-id-2: 4QrHKRRh54nFuCSIzS1gsYpsKqK4i/lyLnjcPeEsbRW5z6mFKW26hrMdvYtZO+4ORUHTpW47l+znSjCQfuKQGpRnfMnF1kQA\r\nx-amz-request-id: MD8KDQ7MJ6AM8Z7Z\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 20 Mar 2026 09:40:07 GMT\r\nETag: \"7538807298e31f4f30362aae2ff3105a\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 25Qx8l9q_3K8FwYFV4oUlkCoQFVHYf.D\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1988\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15479\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6573,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"7538807298e31f4f30362aae2ff3105a","sha1":"a5910379f4545b917e18a896aba3815594197613","sha256":"c22a4c4175d88a4e6c89561196dacd00f369ec269dd9f568a6257320e5b6b1f8","sha512":"7ef5716fcaf27c88cadcaf778496fce70ddf104cc0108a4c9760251c26e54b1010d5be6e4d191cb38ca3b8cfaa4d4b7363ed19fcd69ee8e61c0e331bbaea6360","ssdeep":"192:ASGFOjFh3JmLHfjRHjgryleSUcXJJM/m883CHN9FRdg4dui4DP:nGFOjF0/F0ryAwXJByHN9FRmUuv","tlshash":"88d19fe9b02593d407417682392b31947a282c04db3b75741d40faac4b0dfbc7e98678","first_seen":"2026-06-03T10:08:00.216727Z","last_seen":"2026-06-03T10:10:15.231805Z","times_seen":4,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":44,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/api/site/f/siteConfig/query","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"POST /api/site/f/siteConfig/query HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: zh\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nDevice: PC\r\nCurrency: CNY\r\nFrontAuthorization: \r\nContent-Length: 2\r\nOrigin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/json\r\ncontent-length: 4598\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\naccess-control-allow-credentials: true\r\ndefaultlang: zh\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10778,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0f96ece3cbc4c24b10f48a5de1d5b5ca","sha1":"13d3f35f3ed82d34b1af9fffe2f43f6cf4c4d1fe","sha256":"c4db12bc4d7065f7f83036d0104ddff35d22752bc0be37e3cfdc8bc7a43b2069","sha512":"004b79f857fec4d3ae6a23f771b4f4c47d5f7e21a80c6fc04848c885897d20d9383d58682bb616e2e4ab2d8eea39b029b901a44cf6fd480ed1b689fe158900cc","ssdeep":"192:fsCfkWrWOMM+VnAwgx2ePhRoDwXhovmawEwZOmcKMin8h3mT/ggCDdmt9WR:ksrWVM1LJRfhov7jmRzjVCYts","tlshash":"9522c70b43cc9ca88b4a13c834affa5c95881647c9c0cd95e2ddaeac97d5a73721721b","first_seen":"2026-06-03T10:09:30.300378Z","last_seen":"2026-06-03T10:09:30.300378Z","times_seen":1,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.g1SOqPSJ.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.g1SOqPSJ.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\ncontent-length: 281\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-119\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":281,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"26462b1c1044ed2903c4918abc66310b","sha1":"e1090d80aeb6dec4c9bb8e63b6acaf84bb2ee283","sha256":"cbe1e441cc64ca9d843dd4bc0c68d36c084b20c6470b0f23970e7ab08af94622","sha512":"c34fc3eddd6cfcbbda174e1a94df3566b84f4e6974d3f28e96486598fbe24e6e51a5ebdbe231957fcec2a857ac6431225d131884afb71904d11b4f6c4ab27c45","ssdeep":"","tlshash":"25d0cd01f6561d2d1142c3486edcd0a444f892eb1d2588c973c025464b0659f31201c3","first_seen":"2026-05-30T07:41:04.804877Z","last_seen":"2026-06-03T10:10:15.251089Z","times_seen":8,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":324,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.BsZB752o.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.BsZB752o.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-304c\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12364,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (11931)","md5":"2e8604d2f0813d274bd3446d93c83c89","sha1":"8cf46d6efe89717caa2973d1afc658ac9724ed29","sha256":"7be834f48cec16d4429521ce293dfb57734a315a9a5b9d06b1d041ef047daba9","sha512":"e6c83f1972c5476d5c7597b8c1c511681b0c00ba773a009066a7940e19d928aab3c085e5951d2b87f2b5b80efb4aa96226c80e7e9c7a7ce8d9651aa1eb24a021","ssdeep":"384:wdyk3rE7qrlNEqh7lJcT9O7moHiIIV2E8RSyR:wd53eqrlNEqh7luT9O7HCVKSyR","tlshash":"56421b3c784a95ffb977c4ac61a0940270697b3ecd84d8a6e0af1911999bf3015e87fc","first_seen":"2026-06-03T10:08:00.250307Z","last_seen":"2026-06-03T10:10:15.21974Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1020,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1020,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.r_zEoEiX.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.r_zEoEiX.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RoulettePanelModel.C4YiEeXu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-4f6\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1270,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1269)","md5":"5750cf751896b082d2200ca75ce60966","sha1":"22e32657381b4a58e2acea13608336baf7ac5719","sha256":"24657e44a1fdc5d8d2d368553097fde6ad7ff3d78924bad8d7e59ad161a7c0d7","sha512":"a37c4d0402b8fd86e19ebe07fab300366366c330bfba7ac5d93ef3f01e70c410be7d4401bb7092567b74cbb40ac19ccad39a6a92e527af1152927767f56e3f2b","ssdeep":"","tlshash":"b821102cec5ed9720ae38960a9541e000408df3ee6783ae06ddcb23c07df674618f32a","first_seen":"2026-06-03T10:08:00.191697Z","last_seen":"2026-06-03T10:10:15.251771Z","times_seen":4,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.DIeT0CuM.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.DIeT0CuM.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.MPAVG_kC.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 525\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-20d\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":525,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (524)","md5":"4607c973da4158d462875f6b00452bd6","sha1":"6dbcf4f4ca62da6bdc171d018655c3b23557cb85","sha256":"36dac0e952090fefbe168a8bc6247e4da1f12943806c04153c140b0243bf9d0b","sha512":"4e1465020c4c6ba239e9bf76a85785778ccee1d611e772e3f1ebff24d016c8693a76a60ca37d9154c150a0aaf01525fdd92340161614c70bb525338bc8236e8a","ssdeep":"","tlshash":"bbf00e2a7f4cc0f4a2370dcc31b38028072f07e9b534e7a581d33f691b89520a99e179","first_seen":"2026-06-03T10:08:00.341496Z","last_seen":"2026-06-03T10:10:15.273155Z","times_seen":4,"resource_available":true,"data":null}},"time_used":366,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":365,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/theme-images/sport-green/pwa-icons-vi/180.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/theme-images/sport-green/pwa-icons-vi/180.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 19835\r\nlast-modified: Wed, 29 Apr 2026 10:19:18 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: pyY8VSPFGKJP9EbQ_53QskcgoJWdec2.\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:07:23 GMT\r\netag: \"eff89b3168e3dc4083613c9287e6c2d3\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Ms-SIGKkNYA17usEnsKvJjmmScubFPwy18r38G04PU86n4LLlBv4Kg==\r\nage: 96\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":19835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"eff89b3168e3dc4083613c9287e6c2d3","sha1":"d5efdf2e4097be3ca411bff866d930549cb63a4c","sha256":"2f590b22d7bb194b40364b835235693826e87c74eae5e796de43aae80c917386","sha512":"4a6505b52e04194663a2d3ee9622069d401522f647ce66096cdbeb7192143dae60f11d2e6986f68b749441ae6ea249e169d4596b7f85926a7f6ce90e458c58bf","ssdeep":"384:re1b7OQ7xe3s/pVrtXqGAFUsEtrdffOw17/WNqBE3qc7NlmR1jvobe+4tfHvxa:c/OQd2s/LBXzAKNtrdnOwlWNqBcb2R5+","tlshash":"bb92d0dd147077788d2280a32b5928fb9c5f245766e6d03577b8e997becdf4aa2c4c00","first_seen":"2026-05-30T07:41:04.79592Z","last_seen":"2026-06-03T10:10:15.246349Z","times_seen":8,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Suffix.CMk4Eg5a.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Suffix.CMk4Eg5a.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-301e\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12318,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10431)","md5":"175f5c1a6eeddff21956e4679e01e58a","sha1":"2069d68046243418233194614a92e88caf5da494","sha256":"1677379cf1e9ea50031a11426d9932d42919a71bd5f0295f2007ac696113a0bd","sha512":"1d32ab2084291e0b02d096b7d5f08bd13fb675d28efcfb6c8ee2eb0386281c77fb49fbb0a8409ba1b504bed6b56c9b2a3fc710c21dae75227cbc1ed9a898f8f2","ssdeep":"384:+ceFTiztWg8ERLcg7bgwM8AQDM/c3siKHQwoRf:3eFuhWg8ERLcZ8AQDM/c3/KSf","tlshash":"45423a8d2c1bc3b80527929cb2dd0e08b91a6677edc09c45d8d7ab61609bdc9913eff0","first_seen":"2026-06-03T10:08:00.204444Z","last_seen":"2026-06-03T10:10:15.215193Z","times_seen":4,"resource_available":true,"data":null}},"time_used":695,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":695,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/InputOtp.BY2YT0q8.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/InputOtp.BY2YT0q8.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/PersonLoginAbnormalModal.CKMpEKiS.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1421\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5153,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4338)","md5":"4dd479246a09c5cde11d9b85c19c1e46","sha1":"b4c356b2c4188dc7cc924a416a39190a35c43e5a","sha256":"16b12e516dbef28476a5fddef97cd38d87d5480f05406b80e65808814047f2ef","sha512":"eb2120f4d2b9dae788a42128a4a903effc2e4d6ca85e6094b1b33b082a741aa9e2af0e734b8c051e5b2e052ddb680a4cb7907d113a953e3e07239160b7f80b46","ssdeep":"96:zkMFbCbPHSwCwIHXzspJkaVBF0TcpS+pzldfsL2q1G0HM1cB5HGcB8q:YMFbCbPHSwCwczspdzLpS+p5dq1hHKcT","tlshash":"03b1e7953193a1b671f24ee684aa4021d6123f08a86df0d0d573cc5516a0b85a3fff3f","first_seen":"2026-06-03T10:08:00.246916Z","last_seen":"2026-06-03T10:10:15.269687Z","times_seen":4,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/f035db35ce229d9e795bf931089bb4e3.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/f035db35ce229d9e795bf931089bb4e3.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 16584\r\nConnection: keep-alive\r\nx-amz-id-2: GQhlA9cJaIP5xogklN0dnyTubd5s8IWV9HtWTGBKZDB45ExcTn3zlqr5Qi4Kbr6k+kLqcjVY9hW7lLmuCTYOqoFU6A6MwLpf\r\nx-amz-request-id: A3YJASHK922KPCYS\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 27 Mar 2026 16:58:54 GMT\r\nETag: \"f035db35ce229d9e795bf931089bb4e3\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: DUI6PIVDSno7NbuN.0GVPDL1QDgpXYau\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1608981\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_16352-24874\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:17 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16584,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"f035db35ce229d9e795bf931089bb4e3","sha1":"5961ac23fb4effe94f5717bc97a2d5ddebd0bcd5","sha256":"4df4cef3976dbb17f542938efb30c05f89d2352e0df77707eb1f5b2990ce57e8","sha512":"f7c6864b957410ae4e3d552afe1169e4f7589b281db09078743d22ef262e03146c2aa39930f06b402a6bed04a40397e2328375e0475b356edb029b34faf6da57","ssdeep":"384:kF1lL+wISWIBvqIPRGpTHw5Fp5rrzSLDVhhXRH2u6DbV:kF/ywIL5IcpTG5rrzS/Kd","tlshash":"6772c0ad81d00940c8ac6acd46e1f8c28ae11c6d6e4498dfffed6fba54377652638d24","first_seen":"2026-05-31T05:52:20.42272Z","last_seen":"2026-06-03T10:10:15.325902Z","times_seen":5,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":61,"dns":1,"connect":26,"send":0,"wait":29,"receive":2,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/e3a20795158182e9535463dec7d19f81.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/e3a20795158182e9535463dec7d19f81.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: image/png\r\nContent-Length: 9200\r\nConnection: keep-alive\r\nx-amz-id-2: fl83OIT6TwarJd2xrWDkojsJzKWAZD4LcfQrEB0gYmGMMtq8/P4GC8THO48H7T3ZJqV4JpS+sd3GAii+gZW6emPY1wBBBRR9\r\nx-amz-request-id: 4JGF440P6KT009C4\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 21 Oct 2022 10:51:21 GMT\r\nETag: \"44e219832b96ca571e55089dc6cb0044\"\r\nx-amz-version-id: hWcyuB_qYwleS6mCGMSwPavthDlUWhTJ\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1793136\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_17463-17823\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:21 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9200,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"44e219832b96ca571e55089dc6cb0044","sha1":"ec1af424c91ac555234c466011d3abcfa6679350","sha256":"ae7877340e8e0124d1eb08ed9362b216f2537c10634d7ea4ba4519dd99995e41","sha512":"9c9502d7c49284e2106f0e2f1b1ef7d09e225b59b38208db4283f654871c4a500301ea57c0657fe94a46e8a7735dc7050dad7e249cdfa340d3f95994f7548113","ssdeep":"192:pSY41xucnISNhStLFXQAVswaefDC/6qYD78Vnzc1l1xI7:QY41xhXMtJXyefm6qYD49zc1lw7","tlshash":"c512c0b21c83c26b4b5455f51f5fc5383c7523a6a6e8da8a068de0d97c7445c1ae8271","first_seen":"2026-06-03T10:08:00.140211Z","last_seen":"2026-06-03T10:10:15.224059Z","times_seen":4,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":64,"dns":0,"connect":29,"send":0,"wait":28,"receive":1,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.Dy1-2vme.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.Dy1-2vme.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-b78\"\r\nexpires: Wed, 03 Jun 2026 10:18:56 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2936,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2935)","md5":"552e15de8b2fb479469a1aa824e35dd4","sha1":"1d7a12ba7ba234884f9f3b4e194120e1add536e5","sha256":"c002b42157cb6d7e6d60fee772e99757fbe6ec7c67b016306318708aaa276661","sha512":"6b2d417edf16d9e6d629d90b8fca15dab5b132d2c5a4ddbcc798ffdbe0190b675255a08b8338613e52c3101b4ba635f8b4d36b07c918676cd501ed644c3818b6","ssdeep":"","tlshash":"ea519192f39778132c77ce829105baff9f6e3b425e0b4875a060326953c2ad27514f36","first_seen":"2026-05-30T07:41:04.720616Z","last_seen":"2026-06-03T10:10:15.296826Z","times_seen":8,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":379,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/loading.B830RxXH.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/loading.B830RxXH.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 30505\r\nlast-modified: Wed, 03 Jun 2026 07:46:11 GMT\r\netag: \"6a1fdbc3-7729\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30505,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 427 x 427, 8-bit/color RGBA, non-interlaced","md5":"dd5fe17816bb2af0998194c5888155b4","sha1":"54228f6bfd9acd8d2ba1ebacc60459a6be90904e","sha256":"0e789d976423d62c631a38975acc2a720004f476db063b5bda08b6462a39cc82","sha512":"2895d42854589708e4d011956259d6654e0b115e386b32ec393c6f46bcd0181e524e52ca437c6a3469a0e0255992fdd2f1cd2df2a8740789fba5c70033e079e0","ssdeep":"384:Jcfn/YQWBPY49lgXZhTOO8W4fq6eFYmgBSOdBeUjBO5pqIY2MZiOLa09e6YEtnor:kUBljgpcO88R6mQSu0pTLbcipEGnq/C","tlshash":"bdd2f1fb2802567b0e3fc89d8b1a46c2b70b27038d6fe444d4a45a7d972afd85f72644","first_seen":"2026-06-03T02:50:08.038021Z","last_seen":"2026-06-03T10:10:15.27254Z","times_seen":6,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/right-icon3.DhL8zjOQ.svg","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/right-icon3.DhL8zjOQ.svg HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 47484\r\nlast-modified: Wed, 03 Jun 2026 07:46:11 GMT\r\netag: \"6a1fdbc3-b97c\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47484,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a5155e65c57614de67b8ec15c42a232f","sha1":"890c06646b260d6c664bc12ca9f96babbcbf9aa6","sha256":"38bb58eaa5b7a889c516fcf383eaa5038bc6f733e43137533bdfdd57ca18cdde","sha512":"502c1414b09e0ec1624640c23bbaf681e158d0afa35760e35598263caf0a143c7effb8f667cd5620ab2d05f5e20ae0ec71d7aeef22fba102a86eb992173a1885","ssdeep":"768:EIbffQNc+n0C/ew94iyPwWGoL6wK0Zr0pSHSOmJt/7s+DBdNv/keov/B+VkkolNU:ZEB/ewi3VUFJJ7s+DBkZ+qdHa","tlshash":"a123c5f733a1a2f8e80bfba9dd2354607c563cbebb85c3d5c250ae94a655158cd88cd0","first_seen":"2026-05-30T07:41:04.77458Z","last_seen":"2026-06-03T10:10:15.323315Z","times_seen":8,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":392,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteConfig/202511/8e9b1b0d8a84420f8d48643f6fe63ed1.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteConfig/202511/8e9b1b0d8a84420f8d48643f6fe63ed1.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 21322\r\nlast-modified: Mon, 24 Nov 2025 13:14:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: cVVWv0JlR1oB2o4Xw.GZIhrlrtqGCBns\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 10:07:17 GMT\r\netag: \"fd43cba637436f0ff41272148a952a5e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: _kbShmQKO2_0KRdGMQdnmemA7GnvfQY48axz9Wjq44EYJxkIK9veXg==\r\nage: 1809\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":21322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 368 x 100, 8-bit/color RGBA, non-interlaced","md5":"fd43cba637436f0ff41272148a952a5e","sha1":"0998ae892c19d573c094a1f4c022a87afa8d0c0f","sha256":"09dfc6b2d54a842fcef6f9456b94d9b88d3bfa54a6353071b3eb32d297123cc9","sha512":"c8196a56814ab34df47495876051a96c29beb5d24257427c4d142897a197925f74b6eeb2664161d3e6ef7e1c6e6715925056bceb97d1a7a8f659960528a2d192","ssdeep":"384:awVuWMK8I/0eisfqUdlDBHDF2lc/n+0x39pVIwUsKAqsDbWwzmpER3:TuWMKNEXUXh4c/n+0x39pVQsLnzmK3","tlshash":"49a2e161bf5cd7d4a93b30dc0a238260d7e7d326d61e22dad3412b41aa54b73127cb99","first_seen":"2026-02-24T07:43:44.885844Z","last_seen":"2026-06-03T10:10:15.231055Z","times_seen":25,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/css/index.Cb87T-p6.css","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/css/index.Cb87T-p6.css HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: text/css\r\ncontent-length: 141\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: \"6a1fdbc0-8d\"\r\nexpires: Wed, 03 Jun 2026 10:18:55 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":141,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"fa0ce5514e807cb046d966fb57fead48","sha1":"1d6380788e17178a5fa1abbcd1b654ece292bc90","sha256":"3a963917a5e90eaa7bbb54ebd50bdd42295be33e1b2db8aa48bb8cf1981d9d93","sha512":"304c316fbbd54272aa4dcf20c0003f20087502e9cb1267b80acc1604f80032b64ceade0c39874d436ca4ae3a3dc94aeb6f54fc63e8e80e59f2e5c8bfc32d3fd5","ssdeep":"","tlshash":"1fc02b462a4c0806aa3fc150419371184708c668cac1cfdc533132e43d0ab2300325a7","first_seen":"2026-05-30T07:41:04.738135Z","last_seen":"2026-06-03T10:10:15.199516Z","times_seen":8,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":311,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.MPAVG_kC.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.MPAVG_kC.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-d31\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3377,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3356)","md5":"1f32bbf2a69d433ad9cd2ae4339c619b","sha1":"616f4266c99a85ada8b610a0f48939c759ce78ca","sha256":"cae1dbaaadd07bfbe3f773044497dd8b8eb84d580551fc57b9ab0bfc5543deab","sha512":"a43c7f68218242ceea3141fd6f3f82e167cbce2e8e2aa7a7a6998c04e6c88382b21f02b38bd1d83e2c2e873bcea8cce11513b9aa49ce109bdd80e6335fb4909d","ssdeep":"","tlshash":"386109b3b84fec710d630c38a41548425c08afdf81786a0de9b9b5391fac9a0d96c3b8","first_seen":"2026-06-03T10:08:00.213647Z","last_seen":"2026-06-03T10:10:15.291991Z","times_seen":4,"resource_available":true,"data":null}},"time_used":992,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":992,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.kRkdNn81.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.kRkdNn81.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-842b\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33835,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (29990)","md5":"d9f05f1d2a2202bf7cac3911fed3ea08","sha1":"c62c27d7ba8a6842751248cfca7af39306c060d8","sha256":"a2234d551e2596ff468c75d062f7b4602bcc52a667d92987072dfa07560b5328","sha512":"687dc2337f0d3b269909bafe8ebdafdd05993d415a0f0f23117dcd0bc8cb0f4902dcde4eb2046db749440bc2cc304fa7bc55f62c3ae0c30f3e510a5a594fb7ab","ssdeep":"768:ehkIBTn/6PXbJkhABfvE7GQyk33NMQdSyZefMAPrmps3PX5W5qRqX6YLQzy:UkkWJY7NtdZqMAbfX0M2","tlshash":"c7e2495db0116a7ee37bd4d160391088a1282fade82088d7f97f4d3127c9ea427ed769","first_seen":"2026-06-03T10:08:00.14834Z","last_seen":"2026-06-03T10:10:15.195783Z","times_seen":4,"resource_available":true,"data":null}},"time_used":765,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":765,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/phoneStatus.DsDFSgt-.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/phoneStatus.DsDFSgt-.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.BsZB752o.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 210\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-d2\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"2997acb0f5b00fa084de4c86f5f1a50a","sha1":"e26cd0bc1c157bfdc967a139a61be2d9d5a3bfd3","sha256":"222abccb18585aba8f7364366337fb1715481cb11d99ae7f599f798a482c8c60","sha512":"371f7197e6179185248aa14ee3179df77f06c86ec4294717f0af612919f9515173fe6c48fd82c2aa5f328e43a3becdaad2e4a0e07cb5edc470255e9eb4d89eeb","ssdeep":"","tlshash":"c6d022eedddab0f0c20050926020813db0060ab5b83cc2cab0fc0c319e1b084f3baf15","first_seen":"2026-05-30T07:41:04.65147Z","last_seen":"2026-06-03T10:10:15.185327Z","times_seen":8,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/8c53e7aefd44c725c59df17051ec40bf.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/8c53e7aefd44c725c59df17051ec40bf.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 6881\r\nConnection: keep-alive\r\nx-amz-id-2: g7sCTNBuU+yMji5kVCpaJ4vrahorCm532DTJrqlAQwfP9LkvZCm6b3SUk8357dsQ2NBx61gaz+XQZPyCzJm5uBFENfBzanT+\r\nx-amz-request-id: 5V40RYBED1JQCZXG\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Tue, 15 Apr 2025 04:41:32 GMT\r\nETag: \"8c53e7aefd44c725c59df17051ec40bf\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: ttE9HskdegnmYEX.HURPWUTVEKoiN6Nv\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1724550\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_14518-13113\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:7 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6881,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"8c53e7aefd44c725c59df17051ec40bf","sha1":"7440565a96afea7003fcd3e278020e3eaec9526d","sha256":"d7446c4d7090acefc6ed9df173651002cc79289dee3f6d78d51dc13ae37a1a81","sha512":"ff397146c51988e90dbcdec9204e9d040da5d09619be0f3c341d58fbfea1a45868eb69259d62668f61fe9d7ee3ce8c9aaa15eb443bdd2d9fe37df9f210abc680","ssdeep":"192:LfRhygzQjWWFs3bZ6HXQSQLfww+Gd/Rv+QX:LfRw+WaIQ1f9n/Rmy","tlshash":"a5e1afb7c49a875c278107d931272aa20a470e3e7d22237d05085773575de7b69c58da","first_seen":"2025-12-03T06:24:18.110415Z","last_seen":"2026-06-03T10:10:15.197281Z","times_seen":7,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.YK7gRJyx.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.YK7gRJyx.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-643\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1603,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1596)","md5":"90f1ec627af14cf0358806742ab43378","sha1":"a507e75f9c0c994d79fddcf5a951f60f849c8757","sha256":"ff7d06dfd46713aa248c33ef11fc5cb315fd352f0dcc2da3112d8b80f237e1f0","sha512":"dc52271cf92ba7a25f7631a3f6a79a668f7c983b2d9547659342e9bb4445135ba4f63a75da969f9640ced973666be927f4d1489877ea793d328cfe8910bed78d","ssdeep":"","tlshash":"d531658ab41dc0f62fd398b9f121211a534d8fed9546d1e201ed6a5d0f4eced0a4ea36","first_seen":"2026-06-03T10:08:00.284118Z","last_seen":"2026-06-03T10:10:15.211317Z","times_seen":4,"resource_available":true,"data":null}},"time_used":290,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":290,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Select.Dr8_3GoA.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Select.Dr8_3GoA.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1315d\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78173,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (20197)","md5":"50d0d2c918219970a98ad9fb13b760a1","sha1":"c19316259cd9bf786774afbebfbbc0bb8f406188","sha256":"568fdf51af50bc198f1724d5d39e2ca7f641e276121e61f4dfbd75ec9f942fc0","sha512":"3207bcea11a877f5a3e9dec480f7cba87d083803e4cacc698a67a352f96305cf20dd9f0b3d9d7e6fca90447f62fc602f02cb643b94652f18da1c2bc3fef16c8d","ssdeep":"1536:wUotoJ1eQYe9XP76Hh1fAkq3JXaJDgK9fxBd6/y21ZUsQAGBi+g8eGYZ:wUotobJz9PeB3q3JXaJDgK9fxBd6/RUm","tlshash":"c2734aa4b90cb0b255f7c9fcc09f0149b3213b51b900d1e4f97699a12aa5778f267f3a","first_seen":"2026-06-03T10:08:00.211463Z","last_seen":"2026-06-03T10:10:15.183148Z","times_seen":4,"resource_available":true,"data":null}},"time_used":490,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.KwvdZ0jF.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.KwvdZ0jF.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-3e27\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15911,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (15672)","md5":"be24128644c921313b613655b0e5234b","sha1":"6757f63622e6a3e9fe5c69e3bbae30b62df8e4ac","sha256":"c75a28b76f399692275471216adbabf36c5b7bfafa8d56608fa7f7f079af856e","sha512":"f5a1a912cc8ab92e585aa6c15ee9bafe5e64a989ff58a03213f487699862c212dc3d06219e758d592410141b47c732beda5cd22ad730628e1c18e83926e67dce","ssdeep":"384:s4/30e4n4WQlTJV6qQThZzGmd5U4bAczwgI:sfn4lV6BTmq3zwd","tlshash":"ad626d0f310b567e677189af82724c00a1218fda84518ee7e4ff4b181613ddeab8d71e","first_seen":"2026-06-03T10:08:00.337989Z","last_seen":"2026-06-03T10:10:15.184289Z","times_seen":4,"resource_available":true,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":873,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/9dffe0d67b952f9a73f62d83e5cee112.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/9dffe0d67b952f9a73f62d83e5cee112.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 14579\r\nConnection: keep-alive\r\nx-amz-id-2: GjIR75DA8ouc4/P4I9CaIDO9zYf/XGF3ARm0NnZDOETl0TLaTe6oJm59qVHDbfC8pQDuxGyAnfY17jIj73fCdyW2PVswVpsh\r\nx-amz-request-id: K92TP0HR14H3FRE3\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Sat, 03 Apr 2021 12:20:17 GMT\r\nETag: \"9dffe0d67b952f9a73f62d83e5cee112\"\r\nx-amz-version-id: 4IQajBwgAVI8Uo9fLDBmTcesLDWYmvjb\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1816855\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15476\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":14579,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"9dffe0d67b952f9a73f62d83e5cee112","sha1":"82f30efc620b8a609ce47b677c9b59af133c00c5","sha256":"505a5cd68957dbd558fcd8677b344f6fcb215dc3a5d97ceaba3fd4dca0077cbe","sha512":"e6735f98128799bb3b1666d9f56fab6ede1075405ea0b8bca09ab02026ae507e7556976490fd036a0c48743233f3b3b82acfe7ec95870bf464f061b92b212737","ssdeep":"384:nVuSiUN16ODwLVkbHKnf9P2QymfQTrFlMfKM:nVXroFt2WfQXFEKM","tlshash":"4062cf8c3dac3923c8a86172c03e6988104c6b5dd8fac46eda58dd3156eb72384f8684","first_seen":"2024-08-19T17:45:17.517983Z","last_seen":"2026-06-03T10:10:15.282795Z","times_seen":5,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":73,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/Soccer.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/Soccer.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4100\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: PqH5yWXMeA4HfWz6wLoV9XESkPZgEbbh\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"43cf50d1377a80bc4cbe1a0afe1ccd0c\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: fCELYbg6xyyKX1-8EVO2CJw5QhzHdWZgI8ABYsfAGCh3iKELF_WWLg==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4100,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"43cf50d1377a80bc4cbe1a0afe1ccd0c","sha1":"e282335b14bedd98fee46a5cf7a54954680862ee","sha256":"08aa300178376a09a8db67b3bf026e2b10522dd29bcb2fe26097f4e80c49710a","sha512":"3b9f75e6d41e93f9f72fef68cd0bbc4901013073e403f328924a43fd8568ab8137a4a2c1634ac71e90f92ea4135b4a184e79e4c277b9ee32821e003dfe69b281","ssdeep":"96:87SqPRdl/cnwP6YAGRbXaxf/uDDN3M0uf8QHIEL:WSqPN/yY/hM/uDDN3M0uf8QHIEL","tlshash":"6b816d4ee6957293a0d8553441fdd0af7894a3aafe12c80d32e01cfb701c03ca60bb64","first_seen":"2026-05-30T07:41:04.602004Z","last_seen":"2026-06-03T10:10:15.304549Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/TableTennis.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/TableTennis.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4262\r\nlast-modified: Tue, 05 May 2026 05:34:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: MDT5bPD6V_9S__nZLMNqc7j0roPz659i\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"d97da25317b1ad902b641881861a3043\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: FGNwcJXXFtix7lgD3ALJkN5a2-RajW_YooFNwe8bXh2FalympfdnJw==\r\nage: 1810\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":4262,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"d97da25317b1ad902b641881861a3043","sha1":"43cab7f0d601e6ca7498c4067a3834ce2634d3c0","sha256":"3be50736ed5b4b68dacd9a3b286097246d7e0f498a468b1109392f5614687b46","sha512":"d6428863992ae0fc415055addace14ee07aa7bf8612d63157975f18c2e72a750e37c993ef65a69e863fa7cd07f4d85796f225127c0e240cd27607c97457711d0","ssdeep":"96:87SP/jtnXrt5+Yl++qwI8RgLnTxdVs4C9lrT349PdWWKBE/xZ:WSP/hbt53o9R9TxdVerT34nKu3","tlshash":"3c916df287377d2384680c64e09d43a9487466d66b65c2062f635c460a38153d3d6a78","first_seen":"2026-05-30T07:41:04.764265Z","last_seen":"2026-06-03T10:10:15.239109Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/IceHockey.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/IceHockey.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4414\r\nlast-modified: Tue, 05 May 2026 05:34:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: dL2fOd.IhaxdemSckgzx9tcODnCL2Zhv\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"59fa3b6a9dd45ab4059941f82f83b1d4\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 41E3V8IUa9emvY0Q7LthiC5TEkezqgy2FFiUoTVTsyCE7zezLtE9dQ==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":4414,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"59fa3b6a9dd45ab4059941f82f83b1d4","sha1":"04f7ca9d4f178cc99e1d11278e10f43a0fa39919","sha256":"479aa40d03804129b5c668ca296c527f7e40cce462dcf668ef1704048b6bdcd0","sha512":"fe69ddeed69180d4eed40d5614e51af678f3b33d487f6bff14d17c3deae5e26d4dfbc978162b9fb1cd1f183bd2213c10c57b28ee33bc6d83a3c5ca29f6ab7562","ssdeep":"96:87SbbLzb3SPruFhoGJb0u39rNo1+Samxm64VlLQnZIhBCE:WSbzjDB0GcwNmD4VlLqZIPx","tlshash":"48918ccdc8fa615f602d9be11c653082d42c398e56954a2c06cfe89f5c453d2bae3285","first_seen":"2026-05-30T07:41:04.655066Z","last_seen":"2026-06-03T10:10:15.257342Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/siteSportBet.M0NnB7ij.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/siteSportBet.M0NnB7ij.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-1e04\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7684,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (7665)","md5":"3f7ba0b277c1653b33c9fed5041d1cd3","sha1":"a739b5c2194078224695959ee12e54938f02ff06","sha256":"0ceb33572c7801b7c7e0cb29b898897f89d585618a471a4fb75135041b202292","sha512":"6979d217ccbbc62371f0514ebf9b47ed3482b760ea725f2532300f496f34e7348926c122e03bb0205215906b546a9d49811e7a6fc9bd9cab09619e02ae159835","ssdeep":"192:ELl1ostNIWItd/WE3F8znkIYPrctVD0fultl+uNUicAZnwlqKc82cxllYNghm2M:yl1osnIWIv/WE3F8zktDcTD0fultl+uV","tlshash":"c0f19472b29e520147c0203c90f907a27734647e24b38cacbfadeec95625a5573b9b3c","first_seen":"2026-06-03T10:08:00.367045Z","last_seen":"2026-06-03T10:10:15.250396Z","times_seen":4,"resource_available":true,"data":null}},"time_used":329,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.D2vAGpDU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.D2vAGpDU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-472\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1138,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1125)","md5":"71864188a858f6cbef6a86f1d87adddb","sha1":"e6118e55f8d8d490af9b1b9f5c8be0509d3a20f5","sha256":"8cc8fd55c57ae78d83efd81c76817bdb6b58273d51d106565b332e1cb17abad2","sha512":"dc780eeb11f8f269ee769fce969c6d382c615169b2c30fe087d08998fccae59664b0e61396936606bd7f79f6345a82ccccb4c562247b1904628368210f75e941","ssdeep":"","tlshash":"d621b946f25eb6b24c3d80fc9058ee67a3326414f26598b5d96d1d1fc149043f46fb72","first_seen":"2026-06-03T10:08:00.245389Z","last_seen":"2026-06-03T10:10:15.234742Z","times_seen":4,"resource_available":true,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-03T10:08:50.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:08 GMT\r\netag: W/\"6a1fdbc0-dac\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3500,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"635453fae18b44eaf04d616ca673619c","sha1":"b63d4b69b36ea235bdf0ac5df12ec0c58e08b159","sha256":"cb713fdb94ccd205cde3c2b0f141986faf44b45de1ab9681e75e8a22ebd06319","sha512":"439984fd65104790463e3b39e6aa715fe3fa901a92a5e8830acb44c7cc11ab7ec157620b62576749b6d4cfb076035905cdff82b7d45bb8d50edca0ad362c40ce","ssdeep":"","tlshash":"5f7175954ee0a0163ba347299afab00468e2d087850cd444b54ca3d99fd0f4ac7dfefd","first_seen":"2026-06-03T10:08:00.411894Z","last_seen":"2026-06-03T10:10:15.23326Z","times_seen":4,"resource_available":true,"data":null}},"time_used":3337,"timings":{"blocked":1504,"dns":743,"connect":230,"send":0,"wait":329,"receive":0,"ssl":527},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/web/sport/pc/home-icon/game.svg","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /web/sport/pc/home-icon/game.svg HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 24 Apr 2026 11:29:23 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: B3gsmpVo9ABENKBZ_CHOtow2WnB3u0sy\r\ncontent-encoding: br\r\ndate: Wed, 03 Jun 2026 10:08:20 GMT\r\netag: W/\"a4ae58be5748a57b9e974871724db8fd\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: qjeWebt3bU6Nhjk5k22cIbA6offhEf4OH19vwLdMkNsAqtlYBdIsnw==\r\nage: 35\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1962,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a4ae58be5748a57b9e974871724db8fd","sha1":"00ce8c384913999983afe01136af2cd6d79cc6c9","sha256":"2a5c78b187397c09ccc76d8247b7eb45c9ea20f6971e7092424374e7782234c8","sha512":"9dbfaa500414e9a5ce2a0a00acb776bdbbdc334e43e26e04b13de8f8bee0a4d62a05c18930071b8fcc07a62114079b09a0c88fe52cdbeb3cc3ec7614cb4052a9","ssdeep":"","tlshash":"984188fb469ce1d09603cf24e92ba4757ddb74fb3fa58be881409b6895150db498cce0","first_seen":"2026-06-03T02:50:08.043344Z","last_seen":"2026-06-03T10:10:15.226775Z","times_seen":6,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":88,"dns":1,"connect":3,"send":0,"wait":2,"receive":0,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Checkbox.BtziCGuV.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Checkbox.BtziCGuV.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-28d0\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10448,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (4729)","md5":"2dbb50404aab7653d879bf9658627ced","sha1":"868903b47bb7a844dc2c3d7ccbb506cb615573d5","sha256":"11e36e20172e4a7e6bc2a8b1e2bb0d3baf5d90a09fca1b21fcc56a3325f89c37","sha512":"280f0b94b956ace1bc6e493ce18c7c699e43eef2ae985c8f4a423460c9d0c42053396b7e47fa19c85f308300a00e6ca93bfd11081eb186fa1c85b8f4133968ed","ssdeep":"192:eeFNHFb68jFLqTpdbMlbzUg8ujjkupMn0pva9Qw4QtXXhUzPC3cHn0J1ijd:eed68jF4pdbMlbzUg8XCshyPZ0J1ijd","tlshash":"8722853abd4a91b229b3c5a59197480e61226652df15cef0f0f28c0119edafce44fb3c","first_seen":"2026-06-03T10:08:00.281541Z","last_seen":"2026-06-03T10:10:15.262569Z","times_seen":4,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/img/vip-icon.cH3STq8z.png","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/img/vip-icon.cH3STq8z.png HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 5288\r\nlast-modified: Wed, 03 Jun 2026 07:46:11 GMT\r\netag: \"6a1fdbc3-14a8\"\r\nexpires: Wed, 03 Jun 2026 10:18:54 GMT\r\ncache-control: max-age=600\r\nx-proxy-cache: HIT\r\nx-remote-addr: 91.90.42.154\r\nx-forwarded-port: 443\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5288,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced","md5":"33483e43b5818f1ba75440c0efdd8319","sha1":"26e0799e259421edeebebb5623a9b6ed137bacf0","sha256":"b42fe7b7c3c8fab256435e67ca977667e3353f7e67bbcda10ddf2b5cc13deb87","sha512":"6561643e312a096d23b7e7c2474ed59a756077f1760dd4c5dff732841c1b04b1ee739e19f324b310c5b620351dcc01e4aa5f63bda33d419528abae6a1c747f81","ssdeep":"96:vtAyrUtuis3gNlCzZZgcrL17p3frv7zgzOytFAp4nVltq0U1qZ2sLh0OEnAqz:FAyrUtuPguNGc31t3b7czk4nVq0U1qjg","tlshash":"82b18dc17b4bf14ae24206c11b926c5beead22c5f7ce6a4b514288204c93fa6052a312","first_seen":"2026-05-30T07:41:04.815975Z","last_seen":"2026-06-03T10:10:15.249698Z","times_seen":8,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/search-icon.DIGhTt3w.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/search-icon.DIGhTt3w.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 809\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-329\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":809,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (808)","md5":"6562ae070b30df17151b7741e9b647aa","sha1":"fd2777a192db31cd89a8c797a7e89e9996988d26","sha256":"4662c08aed38a315db3a21e5f50f1ec96c0e005dbffd8075ec2f409deaf37f4e","sha512":"000603cb8e2dcdc027387ffdb3efe5437a3b7521671283a56e2a900da9518e784d3c6d3c88a917409630e3a40954c397c2da5ce83b0552b419881e75d17be189","ssdeep":"","tlshash":"0a01f5be420162cdd035cd2b2d267c41d0b624fb0d7542faead27254ee631d215f9e1c","first_seen":"2026-05-30T07:41:04.713371Z","last_seen":"2026-06-03T10:10:15.289913Z","times_seen":8,"resource_available":true,"data":null}},"time_used":548,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":548,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.DPxJ3BEe.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.DPxJ3BEe.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-ae4\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2788,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2779)","md5":"06477a4841ca8296876293d3a28e4436","sha1":"1ba8abe244f59f8ec2cb947989d0a61772968827","sha256":"e1a82623bc6ce543a6263652b235920bd911a6a9ba267516ee618dadb65243d4","sha512":"12abcc690fb80efbd266bd58be0b8b402b09b37cee0094de1338ffaebc1756269365b87d33c7998e515e7d53ee85eb4a8fc8e4190514a87663411ffc2c728dac","ssdeep":"","tlshash":"4b51c7052813d6fa7efb4510512e5346c1083f28e42ec455a2fe48067bcb4b6f39e764","first_seen":"2026-06-03T10:08:00.133509Z","last_seen":"2026-06-03T10:10:15.208882Z","times_seen":4,"resource_available":true,"data":null}},"time_used":853,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":853,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/pc/sport/CSGO.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:56.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /pc/sport/CSGO.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5154\r\nlast-modified: Tue, 05 May 2026 05:34:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: AfRvqOoMcCWdPUHlpoUWXLsYfuvh3BDw\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:38:46 GMT\r\netag: \"b79145fe806ba8087544c29afcdf489e\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: GSh3r4sl3_Lp6nvd6xVx0k-onTiVyoqifTlsmEB7AMcHYo-rOGJZqw==\r\nage: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5154,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"b79145fe806ba8087544c29afcdf489e","sha1":"33620b87347b2f9850c88764262d4f4d660f4c2f","sha256":"9f701d2ecbb3ab298934358ffe2b13e3a56e5020da1560cea905541635118bfe","sha512":"7be425fff1737148fd578d3ddbceb065bb36459b09cb37fec7b9001dd66b3fb54d473aa6dfbc67fb2155f1f74642b04196c453e34d2ae62eb1afe605ec58903f","ssdeep":"96:87SH7u/MMKZuT0HAVEV/V9SCtpV5VBotrv0VTsJmrbhMNMvk8LMORrnDPc:WSHqU8T81V1tkrsyJ4iN6k8Zrrc","tlshash":"25b18cf7a513682261a1978c2cac0693470bbdc13280345aa4703dac8f3e97495acaee","first_seen":"2026-05-30T07:41:04.814927Z","last_seen":"2026-06-03T10:10:15.277615Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/homeLeagueOddsColumns.D_EQ-qYr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/homeLeagueOddsColumns.D_EQ-qYr.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-9cfa\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40186,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (39797)","md5":"1fc5dbb39a9c39f659d13d20ad8f6fb6","sha1":"24dd8691078c64e196dd7abea82ea8a04dea9b2a","sha256":"a5d7c1c53d1504f729ceb9340b0ce913ce6b9f89f7cc181f1fb88590b06884fd","sha512":"c5080973cec624b6d5760a7ee76828e599d21342cf78788230af5e10e2e0608a08ee32ec4d18cc18af8b3f98ab80f6277fa31fb47c3c36d07b472898b1d9e9ff","ssdeep":"768:ZZ9A72XizQzf+E0DNrWs4u9fATeOjUNPdVYOpd7e/L4:e99vfpqD4","tlshash":"8703f78c6027893cf6a7455460780096ea6d3f5be404e456f4fe4db53bcac629be8b3c","first_seen":"2026-06-03T10:08:00.287864Z","last_seen":"2026-06-03T10:10:15.210589Z","times_seen":4,"resource_available":true,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/MatchTimer.BMVrwhX4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/MatchTimer.BMVrwhX4.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-81f\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2079,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2078)","md5":"85643f189364cb6aa074a791fe628c2c","sha1":"9840d5181ee80ae3fae51d9c6e57ac9d36045c30","sha256":"44ab6ad24b1c9a4fa377a5f4d6f1e1fc695e90beeca83b34cf2a10adb2263561","sha512":"f979ab2910c5b0075b50facbfc70f15be695b65dbf1a85f2efd2713a14a6f883c7a1d6b7f6c1107622ed618786d3189cdd024bdd93db8849c4e8e8f318606c21","ssdeep":"","tlshash":"4f41a745bb0f68e053b0098015444910ad2acb2d3133a9c5eb9c4fad936ae58afcd56d","first_seen":"2026-06-03T10:08:00.233074Z","last_seen":"2026-06-03T10:10:15.265945Z","times_seen":4,"resource_available":true,"data":null}},"time_used":703,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":703,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Suffix.CMk4Eg5a.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Suffix.CMk4Eg5a.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-301e\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12318,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10431)","md5":"175f5c1a6eeddff21956e4679e01e58a","sha1":"2069d68046243418233194614a92e88caf5da494","sha256":"1677379cf1e9ea50031a11426d9932d42919a71bd5f0295f2007ac696113a0bd","sha512":"1d32ab2084291e0b02d096b7d5f08bd13fb675d28efcfb6c8ee2eb0386281c77fb49fbb0a8409ba1b504bed6b56c9b2a3fc710c21dae75227cbc1ed9a898f8f2","ssdeep":"384:+ceFTiztWg8ERLcg7bgwM8AQDM/c3siKHQwoRf:3eFuhWg8ERLcZ8AQDM/c3/KSf","tlshash":"45423a8d2c1bc3b80527929cb2dd0e08b91a6677edc09c45d8d7ab61609bdc9913eff0","first_seen":"2026-06-03T10:08:00.204444Z","last_seen":"2026-06-03T10:10:15.215193Z","times_seen":4,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/c77abb688e5669a12addf18a2637da86.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/c77abb688e5669a12addf18a2637da86.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 11248\r\nConnection: keep-alive\r\nx-amz-id-2: bRCRYHFApw5N/aMIP/q1231n7rjYr/lT2dDiecg6MNt97Dd4ray0+OaJuvDCHHktF6n6jTIoeUGwB5j8eUdxEj3bc3XhIgGG\r\nx-amz-request-id: PVPZZT7YDQ242395\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Tue, 05 Dec 2023 03:36:33 GMT\r\nETag: \"c77abb688e5669a12addf18a2637da86\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: YbU3BHlYY5.twKjVx6K9hrPFxpsBydku\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 5966\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15485\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":11248,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 68 x 90, 8-bit/color RGBA, non-interlaced","md5":"c77abb688e5669a12addf18a2637da86","sha1":"ef5167ef0e6e60b8cf56c8a92faee9d7bb545059","sha256":"f868d7858465d7d66b46cbc9b9a617c8b53ecf0d2771ccd034eb5dd3570bd6c6","sha512":"5c61cb0cfae0d5172f6cdf34e7fad7ab3677c506fd9727d78b15c3062d4502661ac8469812a01f7e8af3b70ed8612bc722edd837ece85da21851a2b6f1857335","ssdeep":"192:y93vqxirQPN/BEwQOBezMPK2L9C7heS26LdTaZHA0cHhRvN7gyi3U:y93vDru/BEYTXY7i6LdTMxcft9Z","tlshash":"1132cfe1d5d5c1f9389f8305f1aa623026ffa68bac7f55ba04090d78760c66a5bc03ce","first_seen":"2026-06-03T10:08:00.290022Z","last_seen":"2026-06-03T10:10:15.263277Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.0EyuehjK.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/HomeMaintenanceMask.vue_vue_type_script_setup_true_lang.0EyuehjK.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-70b\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1803,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1658)","md5":"8a459e7b44ba7033e5ba32ea08da0957","sha1":"1b639250f90dfb735b1bfbe1a6a3b86be8e3abe8","sha256":"fc0368a8ba0a0b7be8e928b56b1480ee7c28fc7ef957b5d6ee76a8ad63893f7e","sha512":"25114c0926e19075663c14f466a09d07fb39e1346e4aa91d6ebc8bf2a64776a5533a27680d8ba37a0680ebd40b0f02c8fc2fc708b0c30b337c578496edde241c","ssdeep":"","tlshash":"d031760a2929ab7f77178814f4813182604cbf66d023ccb6d2b115326bdb9f0975e727","first_seen":"2026-06-03T10:08:00.28642Z","last_seen":"2026-06-03T10:10:15.247051Z","times_seen":4,"resource_available":true,"data":null}},"time_used":920,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":920,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.DIeT0CuM.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_script_setup_true_name_PublicWinningSound_lang.DIeT0CuM.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 525\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-20d\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":525,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (524)","md5":"4607c973da4158d462875f6b00452bd6","sha1":"6dbcf4f4ca62da6bdc171d018655c3b23557cb85","sha256":"36dac0e952090fefbe168a8bc6247e4da1f12943806c04153c140b0243bf9d0b","sha512":"4e1465020c4c6ba239e9bf76a85785778ccee1d611e772e3f1ebff24d016c8693a76a60ca37d9154c150a0aaf01525fdd92340161614c70bb525338bc8236e8a","ssdeep":"","tlshash":"bbf00e2a7f4cc0f4a2370dcc31b38028072f07e9b534e7a581d33f691b89520a99e179","first_seen":"2026-06-03T10:08:00.341496Z","last_seen":"2026-06-03T10:10:15.273155Z","times_seen":4,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CoeJr0-4.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.CoeJr0-4.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-6b1\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1713,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1688)","md5":"e35c0e3b97bbfe2ee696e330a044ab19","sha1":"3e42d190a4b6e4a67664242f935ac34cb0de7957","sha256":"f5dabf5b486fff3350266ee6442e4097fb2b143371db08623c2a8b5bfa9eedd8","sha512":"91a6328422b108744a5d8eb5bb36b327a3b3ef6799efbf5ff0d7cc07ae991c9e9d91e310ecab4becfbee8a6a07b0f40249d5e51bc68594740c036e8a88d578ca","ssdeep":"","tlshash":"8831b4ae302ad6f8f71b08a0e0d54407861c7bac823afa8de7b905282f81554514e73a","first_seen":"2026-06-03T10:08:00.23843Z","last_seen":"2026-06-03T10:10:15.209787Z","times_seen":4,"resource_available":true,"data":null}},"time_used":782,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":782,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/homeLeagueOddsColumns.D_EQ-qYr.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/homeLeagueOddsColumns.D_EQ-qYr.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-9cfa\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40186,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (39797)","md5":"1fc5dbb39a9c39f659d13d20ad8f6fb6","sha1":"24dd8691078c64e196dd7abea82ea8a04dea9b2a","sha256":"a5d7c1c53d1504f729ceb9340b0ce913ce6b9f89f7cc181f1fb88590b06884fd","sha512":"c5080973cec624b6d5760a7ee76828e599d21342cf78788230af5e10e2e0608a08ee32ec4d18cc18af8b3f98ab80f6277fa31fb47c3c36d07b472898b1d9e9ff","ssdeep":"768:ZZ9A72XizQzf+E0DNrWs4u9fATeOjUNPdVYOpd7e/L4:e99vfpqD4","tlshash":"8703f78c6027893cf6a7455460780096ea6d3f5be404e456f4fe4db53bcac629be8b3c","first_seen":"2026-06-03T10:08:00.287864Z","last_seen":"2026-06-03T10:10:15.210589Z","times_seen":4,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/BonusSign.Bs0dkeja.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/BonusSign.Bs0dkeja.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-1045\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4165,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (4074)","md5":"e1510723b6c3d041e49c7e940b6c2099","sha1":"9e8e40a4f87f00d85138f1787b6668b020d7a735","sha256":"2791a6bbc158a6cbd65c3ae5962ed56233bcbda5c3ebefe7eb51bf965a6a163b","sha512":"b5ddcca0c5825c5fed75af8c2f5169cb719bb85383ca7a426b188b3fe4455154f6fef939bff17a238b7facd00d0159edfb9736a80abfb8adb8e80cd2f225a72f","ssdeep":"96:lT1FfvQ4/WZ62KHkSzl8AQWKuf0siCQ9Hy+Pi9a/aEBoNaD+2IGnx:BrQ4Jz8A10zxhyt8C7I","tlshash":"b781c64bb0366af4bab75c84609180a3a209bfeec0b5841971ff08363787c65578a737","first_seen":"2026-06-03T10:08:00.395888Z","last_seen":"2026-06-03T10:10:15.229618Z","times_seen":4,"resource_available":true,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.AhYOak5C.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.AhYOak5C.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B4VX7whu.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-530\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1328,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1295)","md5":"5bb612e72d8e9a553d8bf46de37ee436","sha1":"db0e0ba48a744dfdfd2026449ef11c0791af662e","sha256":"6789c389fbe24a09ec748518ed5e9d7f4d4d725b02eb64fd1c755d211743dc77","sha512":"742baade5abcfd9ed1e3668ff9be043327e35eb9ffea08afa09166aec23a63b40ec3fa5768b852461fcedfb515e1dcbd85de7e133b9a253b3db712fb2408db5f","ssdeep":"","tlshash":"9921758a71c1f1710b3f84dce8918631f335b738d7a5cda0ca8e4e1542d1146e5afb59","first_seen":"2026-06-03T10:08:00.293426Z","last_seen":"2026-06-03T10:10:15.254112Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1023,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1023,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/615d44f72c682eeb7a92f1ae182ef14b.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/615d44f72c682eeb7a92f1ae182ef14b.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 14619\r\nConnection: keep-alive\r\nx-amz-id-2: y95MvAJKZSUF5BfvR0xOGkNQNEwjT2ZCLmXrKIB0oa/Na3DCBZte4JsjVQBExwY+Hk4LdLaSP5Y=\r\nx-amz-request-id: W0SZGZG5PY5EHJMK\r\nx-amz-replication-status: FAILED\r\nLast-Modified: Fri, 24 May 2024 00:58:53 GMT\r\nETag: \"615d44f72c682eeb7a92f1ae182ef14b\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 20aQqCc0u1oo_Z4vXtzKDesGwoSZaHJm\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 175218\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_13048-39938\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:0 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":14619,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"615d44f72c682eeb7a92f1ae182ef14b","sha1":"c460734b3eadc932a5d915e04337afb8b0a5b220","sha256":"7b4f350bcfbc0c9cf6a381ebcf4df6ab1f976754c5a8775374f67a0830614a30","sha512":"5012441443c82d29d8b440e4aee9c6a869cee2be0eea597e9a0c70110fdbb5e9a4bdb3f8463a8a4dec8663e50234964916777ec1344d855699149f1d920e6aef","ssdeep":"384:9VDiajJRY7g+TOwn8xvChmPdfuiNh6DxKywRFmefG:91iyZ+TV8xvDdfhEDwaefG","tlshash":"d062cf3ec4b50be1a69d77f2c9eec505a5e5409e209600de81f6dd8209627ff84bcf92","first_seen":"2026-06-03T10:08:00.423608Z","last_seen":"2026-06-03T10:10:15.273761Z","times_seen":4,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tposs.qiddfc-dqiod52d.com/site-jerbc/siteNotice/202511/cb1689578b3e409fb90644cb6ab73a2c.png","fqdn":"tposs.qiddfc-dqiod52d.com","domain":"qiddfc-dqiod52d.com","tld":"com"},"ip":{"addr":"3.167.2.103","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:58.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tposs.qiddfc-dqiod52d.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Fri, 25 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:96:57:8B:56:09:2E:8A:4D:C1:87:CA:FD:41:09:B6:57:2C:4F:1D","sha256":"48:66:5F:5D:67:07:2E:C0:CB:EF:91:62:93:36:C2:EF:FB:B7:0E:4A:9A:93:C5:0D:10:9E:B6:05:6B:45:AC:AF"}}},"request":{"raw":"GET /site-jerbc/siteNotice/202511/cb1689578b3e409fb90644cb6ab73a2c.png HTTP/1.1\r\nHost: tposs.qiddfc-dqiod52d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 20029\r\nlast-modified: Mon, 17 Nov 2025 13:04:21 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: _pP3kc8.U97JQFp2Jmevg2r95JTdlQmb\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 03 Jun 2026 09:59:43 GMT\r\netag: \"9e2d8609aad8fb25842bf56204aad01d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0091ee978574700d165730d7f2557c34.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: cU6Y7XGtoouiJ-pA5QaYb65I_4YRrirqdT-4SwFfrAntl4yVKFm2KA==\r\nage: 556\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":20029,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit colormap, non-interlaced","md5":"9e2d8609aad8fb25842bf56204aad01d","sha1":"e9426048236ae48b1c3c9557d606ce1d57ebcca5","sha256":"18dc58ad5a3070cf9fdf70fd02cee7814dac6e25433adbcf5ade253dc60d1ee9","sha512":"9dc725c373790ced3079891e16dfd64783b697ea58f5d0590f9f4d2a70646f2f95814c993b0c67771a3774704a24d61672e7235ca59f10052bdc989de44dbc2a","ssdeep":"384:zTFjDCaVAwDuWSVyF0hOvTCuAHbyOaUzNdV6ueRp3fo6YkrpPUQal9iYyJaxkEy+:3VtVNFSVa0ovTFqbTzNP9gW6YktPEl93","tlshash":"6492d0c9bdda6b4a3d769c0c7889b07b036b3f1ed0811b45491a957ece33dd4291abc0","first_seen":"2026-02-24T07:43:44.875416Z","last_seen":"2026-06-03T10:10:15.252659Z","times_seen":8,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/details-arrow.DtgI1CkQ.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/details-arrow.DtgI1CkQ.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: W/\"6a1fdbc1-ba1\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2977,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2976)","md5":"163a02ffd7cbf774ac47485f87d11631","sha1":"30467f6feacf6eb74e7a3628dcadccb3866dad2c","sha256":"2d502486f9a515ae20f2ae52153a0dc251b243eb4fb0bbbaf62f6bcb29395b00","sha512":"5faf7f5620bad75057bfdc339e7b40e5ef53b62b10cc0c0fc1cb22fd3e79a794e37b7704f3e8987c06e0a1a757eba76a861852382aa914afdfc2b14886828af1","ssdeep":"","tlshash":"f0514d7797644cedbe9044b554063719ac7a730dac2077f49d0d4318bad3b642a7991c","first_seen":"2026-05-30T07:41:04.633269Z","last_seen":"2026-06-03T10:10:15.173429Z","times_seen":8,"resource_available":true,"data":null}},"time_used":286,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/RadioGroup.oTFPCem3.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/RadioGroup.oTFPCem3.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-2e20\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11808,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (3633)","md5":"559191607e43e4fce28f1158599b41fa","sha1":"bd16204dfc4cd74064a040d6b5326613c1a2ebe3","sha256":"847dc8faf5ed69051093390f09b755b46da41431104f942cd79b254ea141d623","sha512":"0118258fd68a93492eee280d77abd38a95f62347fa11d892586df6ab3c1ba38f161de599a7833df3a87d58624dd55e66b8a54aec902a4d5727cf2fe11ba40de6","ssdeep":"192:nMyN7jgkf0ip1p9EZ8ND6DQnbAlpGBoefsJME1e:JCiNDFnbA+oefsJ3e","tlshash":"ce32d7f9be09a1783eb3c694938f414a33057952eb11d4e0f4a3b05012eafb9959bf15","first_seen":"2026-06-03T10:08:00.269139Z","last_seen":"2026-06-03T10:10:15.303591Z","times_seen":4,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Dropdown.DcSQHj7m.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Dropdown.DcSQHj7m.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:56 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-4a80\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19072,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (7816)","md5":"b5cf50596de60d21378bcc1af63ed593","sha1":"a9b5726140d45d07b5f9d845309a7f2fe4b60a21","sha256":"a2280ad5cb3eeb58f2dbd8e9057ab83bc4488f7d6423c71cb409743c097125eb","sha512":"54f20ffba86b5f0b089cbb29670ac0e75371a34728670afeb79598fe34591aaaadcd337484c788e8b7bd98b05c27de9b3d7b45d86738ba4192ddecd98feb32ed","ssdeep":"384:eWFv8NYZShHwGlXmcxDsw547ipXVEizjSBp8ux27w:/B8NuShH5XxnV1zjSBp8ux27w","tlshash":"7682e794f44ce5609ae389d8d29a8109b2172b82ee15c2f2f07a1de513d5374e29ff2d","first_seen":"2026-06-03T10:08:00.194149Z","last_seen":"2026-06-03T10:10:15.203372Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1037,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1037,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.vue_vue_type_style_index_0_lang.B2z57bxU.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/index.vue_vue_type_style_index_0_lang.B2z57bxU.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.B_EyOe7G.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:57 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fdbc1-126f8\"\r\ncontent-encoding: gzip\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75512,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31787)","md5":"7341403835f89ef572116380b6f832fb","sha1":"df402fcefefb6ab8eb64feb501475e55129561d3","sha256":"4b063311fb653a2a9826e3dc6910783770933dbe1ac6dc06db21f185ac614619","sha512":"9956d14e0219c2dd90b7f40b6b166d7b0875e77681111d7b6f260071f533f299d01c5c66a360e4b9cde741ce3d0d0ce137f50783bf7b1ccd141e38d0cafda611","ssdeep":"768:V3757ETdCyzbP9dX5IcJV1WFCZsD0tJs/MLWnb439z9FZ4LTgaM+kSftvfp+ScMG:dtwU23nWgWYqM3R8uScYVA925tCSo","tlshash":"c2731c98f60ab07152f7c9e9e0af464973123782a704d1f0f4b698610692779f0abf7d","first_seen":"2026-06-03T10:08:00.347344Z","last_seen":"2026-06-03T10:10:15.216736Z","times_seen":4,"resource_available":true,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/cec131d4a64ebca6020ed604382e7273.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/cec131d4a64ebca6020ed604382e7273.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 4811\r\nConnection: keep-alive\r\nx-amz-id-2: 17e0X5wIfCU4NfmMIcadpZAw2/o5yL5+OsJmqOxxrsW7Vz0K+3h+IupHkKcugm4wSAyqBg9Z7+8=\r\nx-amz-request-id: Y705Z446475X1M2P\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Sun, 19 Jan 2025 06:03:03 GMT\r\nETag: \"cec131d4a64ebca6020ed604382e7273\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 9BaiQO4mB7oNcq7MEaFLyMOGb0ptxBFO\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 174735\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_15292-15480\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:10 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4811,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"cec131d4a64ebca6020ed604382e7273","sha1":"d5d9880bf48e0574ff8832a640f9a817ea4da90c","sha256":"cd2b4ce27d30ed52d6f2c538e6ec4ad96c87e170ed3be53a2b951ab8d431f04d","sha512":"183e10ddbd77ae8aa7c049b9db501a4273455a99be72373ccf5043da95cb9a998169a1192378399fd5f5a57bd7ba8e659bcfd61a32085691692ef504d2a40f4c","ssdeep":"96:UMU36B0316B+baeWS8eOld+K8O5Ct8whT1BROrew7/Xfhlsi0:UOo6BIaePHOGKXCt8eTEP7hlsi0","tlshash":"baa17d8052b5b7d6998247b4f8829122c430c906ad7f5d11f489d87fca4f86fa984b84","first_seen":"2026-06-03T10:08:00.223399Z","last_seen":"2026-06-03T10:10:15.221955Z","times_seen":4,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/Eye.DAta3D2Y.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:54.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/Eye.DAta3D2Y.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/home\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:54 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 612\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-264\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":612,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (611)","md5":"7a41733bb7e2a671bebaf477565a5ba0","sha1":"7c5cb53d55f1ce3e19afd74bfa0a1b80accba0c2","sha256":"e57ddecd0f8d6b8c6543abc18f9ed5a15970c3f59b9be7f39d059522a4cf7205","sha512":"019c7956ae0341ba5d4682c9beb35e35a7b1819e7c949991f9800f48b7c3228fd41f15642d448fd0af57a3428b5335bced9bc440720fe731da08820ed8a8744c","ssdeep":"","tlshash":"66f0ac0da3a5193c402d099c5b987515ae7b02b877194344cac99430f2264c1b1bbbda","first_seen":"2026-06-03T10:08:00.350655Z","last_seen":"2026-06-03T10:10:15.192897Z","times_seen":4,"resource_available":true,"data":null}},"time_used":695,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":694,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/happens-in.CM8LO42l.js","fqdn":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","domain":"efqfq9v-dfeqvdjoqwhf8.com","tld":"com"},"ip":{"addr":"67.211.70.95","port":443,"asn":59371,"as":"Dimension Network \u0026 Communication Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:55.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EA:90:77:D7:17:8A:17:7D:2E:FF:1F:97:A3:07:AF:8F:20:F3:1A:80","sha256":"4A:26:0D:02:4B:25:5B:FC:D5:B1:FC:D9:AF:5B:8E:18:C6:BE:B0:B2:36:D5:D0:90:3A:58:ED:FF:0E:34:32:BC"}}},"request":{"raw":"GET /static/js/happens-in.CM8LO42l.js HTTP/1.1\r\nHost: coiusha.efqfq9v-dfeqvdjoqwhf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/static/js/index.CcQ02tWX.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Jun 2026 10:08:55 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 129\r\nlast-modified: Wed, 03 Jun 2026 07:46:09 GMT\r\netag: \"6a1fdbc1-81\"\r\nx-remote-addr: 91.90.42.154\r\nhttp-geo-ipcountry: NO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":129,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"ae5e36995975e9ae7fe7a49f90f3d3ad","sha1":"d82f171350e16337a124596299c9d353a0b49065","sha256":"5a0159f90797b41d0637eadcf60531832dcc28b88a27a240c148b9d15f90ae84","sha512":"27eeada3244476126e3805c47fea7b3fe8f44017acf936a4446a2a2cf0de8f98a105ed0b7a47f3849458cb428bcf1ec3b8181a9f8cbdec60dbdf210b1d91f50a","ssdeep":"","tlshash":"2bb02bd533cb40b2c8ce432c882e404471003f0c01084110612920346f258927c51c3f","first_seen":"2024-03-17T14:00:22Z","last_seen":"2026-06-03T10:10:15.204851Z","times_seen":86,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":486,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-03","alert":"Phishing Block","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"coiusha.efqfq9v-dfeqvdjoqwhf8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.q5qo.com/data/f40fbbf1261237c70a10ff8b46482491.png","fqdn":"s.q5qo.com","domain":"q5qo.com","tld":"com"},"ip":{"addr":"153.43.67.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/","date":"2026-06-03T10:08:57.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.q5qo.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Apr 2026 15:34:47 GMT","end":"Sun, 05 Jul 2026 15:34:46 GMT"},"fingerprint":{"sha1":"E6:DD:5D:FA:B0:C2:AF:16:5D:AE:56:E6:3D:D8:5F:3B:AA:5F:7F:57","sha256":"06:AA:A1:A4:3F:2B:EF:21:95:97:BC:38:F8:E7:32:23:55:44:9D:6C:58:2D:ED:BE:EA:5A:52:3C:7A:7F:F7:96"}}},"request":{"raw":"GET /data/f40fbbf1261237c70a10ff8b46482491.png HTTP/1.1\r\nHost: s.q5qo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coiusha.efqfq9v-dfeqvdjoqwhf8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 03 Jun 2026 10:08:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 15596\r\nConnection: keep-alive\r\nx-amz-id-2: 7kimjabBlVORa1+CudbJlG4mYX97FBsgrKJN21dx6e6MmjrjUk7o+N/vmJ+VG5ePeev3FM/sDviKjIcImQ5I8HBbkCrIRa0r\r\nx-amz-request-id: S0XXM10BK2E4Z1T4\r\nx-amz-replication-status: COMPLETED\r\nLast-Modified: Fri, 30 Aug 2024 07:50:18 GMT\r\nETag: \"f40fbbf1261237c70a10ff8b46482491\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: EyxtdGWLIysSvaO_7VSdhXJeTtFjykfE\r\nAccept-Ranges: bytes\r\nServer: PWS/8.3.1.0.8\r\nAge: 1745933\r\nx-ws-request-id: 6a1ffd39_PS-CDG-04A5e173_13048-39941\r\nCache-Control: max-age=2592000\r\nAccess-Control-Allow-Origin: *\r\nvia: 1.1 PS-CDG-04A5e173:0 (W)\r\nX-Px: ht PS-CDG-04A5e173CDG\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15596,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"f40fbbf1261237c70a10ff8b46482491","sha1":"a2eb826834da73b82c932e808c136361992f25b0","sha256":"678cb12521fb898b3193b1b7a27ded69aa417912f52a35c26a1baaf636f333e0","sha512":"0afec57d8879c65e4b3d99e6c9bd8b89d32023d9d37c32c64f15ef08ca19b2a8013147c13f8cd811b9f5bf935565a51a0833227eaf4dd0bc2aa4ac1fed3a5c69","ssdeep":"384:7aeiSySr6/Nn3p3HkRB+l75oC/vXDcM7qPiI3eD5:WtRn1lKBC+CXXDc0CiYa5","tlshash":"0462d0d75cc6bae0fd318a1292a916833fb6d55368fc178508e14482ec3662ba8773f4","first_seen":"2026-02-02T08:09:12.443901Z","last_seen":"2026-06-03T10:10:15.263967Z","times_seen":6,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}