{"report_id":"ae6b291b-95b0-4d00-9ef3-c148da3c010f","version":6,"status":"done","tags":[],"date":"2026-03-02T23:12:01Z","url":{"schema":"http","addr":"www.12sl.cc/","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"www.12sl.cc/","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"title":"舞姬直播app_官方下载","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.12sl.cc/","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-06T23:12:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T23:11:37Z","timestamp":1772493097,"ip_dst":{"addr":"Client IP","port":43380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.252.179.190","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-03-02T23:11:37.597012+0000\",\"flow_id\":1188662686056867,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.252.179.190\",\"src_port\":443,\"dest_ip\":\"172.18.0.41\",\"dest_port\":43380,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-03-02T23:11:37.328099+0000\"}}"}],"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-02","alert":"Hunting_JS_WebAssembly","trigger":"www.12sl.cc/static/js/canvaskit.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"static.js.388sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.12sl.cc","ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-02T23:12:02.770819Z","last_seen":"2026-03-02T23:12:02.77082Z","alert_count":17,"request_count":16,"received_data":8892692,"sent_data":6992,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WebAssembly","description":"WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.","website":"https://webassembly.org/","common_platform_enumeration":"","icon":"WebAssembly.svg","categories":["Programming languages"]},{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"wujitv.countly.cniia.cloud","ip":{"addr":"43.198.27.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-05-29","domain_rank":0,"first_seen":"2025-06-07T22:11:14.406959Z","last_seen":"2026-02-27T11:28:06.369057Z","alert_count":0,"request_count":3,"received_data":104192,"sent_data":1449,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.js.388sl.cc","ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-04-27","domain_rank":0,"first_seen":"2025-05-12T03:06:00.724098Z","last_seen":"2026-02-27T11:28:05.688093Z","alert_count":1,"request_count":1,"received_data":778,"sent_data":414,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.12sl.cc/","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"1e91bcab88def0911a6713c0fd51c364","sha1":"5dde5953a9eb4b2a6af036d6485736e9865bdb1c","sha256":"afc86317d7ca8e1096d7fb9b183ef080a3811c79db673adec767113973e45e94","sha512":"d0aad3aa7bb0d2809d836a8bf2e1c08f46c31f0ea617e9e18f6ab1483a5f4197ee4461af7137b7fa19dae64ce35f2ccda75c1750210e24e29cad00eee0214b31","ssdeep":"","tlshash":"5b11e56cdc57823bf847a058fb66b9181b7d8b5b4914e007b7de46244f23ad34d14788","size":946,"data":"","first_seen":"2025-06-07T22:11:19.985012Z","last_seen":"2026-03-24T10:09:47.676539Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/config.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"3fa0c0e01c0cbfc5f7ad3638d50371c1","sha1":"3607c6932bec136f28a7b8a9bfca84dd08c4c543","sha256":"b5da6823998b0ceda77feb7e4140b7fef5c47b06bf92353dd0fa195dfc606914","sha512":"38be372831f1aaee7f8f8162bd742a3542f1b75a3c202f990ec8fbbb42950fb9609c5d6b553f5f1b9e557a185a249d2b5e3262bef8f977a6bc487a833bf7b520","ssdeep":"","tlshash":"56c0026a81325b313026168587fb1e041840669a8148d00224dbc25697f300342844ab","size":154,"data":"","first_seen":"2025-08-22T07:10:52.667375Z","last_seen":"2026-03-24T10:09:47.672902Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/jquery-3.4.1.min.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"09b145ca68719aba4ac58062524ac311","sha1":"eabbbe951f5289cee22bed827bdeff43181c60eb","sha256":"76d5558f358df27047823f8ccd78f4834c7a5f23b4780944e7b00d15c84264a1","sha512":"6e89edb198c9fc6bbaa7f9956d0c970eaf5d0f523f53feef50121ee29f4358f445894dbd66ca90009e7752996fe1d8bcbbedb35532c00fb79fba91864fe2752f","ssdeep":"1536:+TExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZxOPmw:+gZm0H5HO5+gCKWZyPmHQ47GKc","tlshash":"378309dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","size":88060,"data":"","first_seen":"2023-03-10T16:46:12Z","last_seen":"2026-03-24T10:09:47.673857Z","times_seen":45,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/canvaskit.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"687636ce014616f8b829c44074231939","sha1":"afa2a6a1e565badf0b8f75fab88f3497f9b7d6a8","sha256":"f02fc7e7a1732a87426a7012a26db4f4342cc27c713af86cdd9a463a51dc5e73","sha512":"7b3d81b04f365e2a1a51f750a4c6be9517e39ce8b0ada3c7b7204476bdc768d3ed2e8adce9790efa4d7fda2809c79fca2dd40a0ba4f4b8bc565a6233ba1aff8b","ssdeep":"1536:SDATC4qC0yXGEe+8yWjDCLtdRee2r40o4FWN83wZE2VDe+QRU/Ypk:1GEilCHId46z3U","tlshash":"27c3298976a674428393a0b8043f114fb23a5cc5a4884d1cf156ede9fc789ad8277f7d","size":126558,"data":"","first_seen":"2025-06-07T22:11:19.962834Z","last_seen":"2026-03-24T10:09:47.669787Z","times_seen":36,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-02","alert":"Hunting_JS_WebAssembly","trigger":"www.12sl.cc/static/js/canvaskit.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"wujitv.countly.cniia.cloud/sdk/web/countly.min.js","fqdn":"wujitv.countly.cniia.cloud","domain":"cniia.cloud","tld":"cloud"},"ip":{"addr":"43.198.27.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"dd5d7902e50b24491d9538c3c957447c","sha1":"8eed4ce01a79e62a7d3df1cb739fa637ab2abb1a","sha256":"e734ba9fac24ee52e280b550da6206c00eb122f22be9a55fe83b5d16d2fd76ce","sha512":"566d556cf714ef7fca6647c7346df47d344f78d6bfda0ed0e40c5fb6fc3570943e750c3d14a18e2d07913799f3d34d4f8eab7034e02364a98177db6ba3107e2c","ssdeep":"1536:Kjln5MeAujRXsiwY+vFsOgyQDGEG6sqSvMEWiqjW7yUi7dWdV6irmAcmZDHfREqx:8bjRX7RtiMVUiRKQirmNmdfREqf13","tlshash":"7ba3f9de658a3be8ad776274377e8200b378d3f61a1d6452790981683db4cc6027bf1b","size":103031,"data":"","first_seen":"2025-05-21T19:10:18.704611Z","last_seen":"2026-04-03T21:02:00.967968Z","times_seen":118,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.js.388sl.cc/download.js","fqdn":"static.js.388sl.cc","domain":"388sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"cfd1d3bf2d04aab4854c69016d1027e0","sha1":"243f7d00703f9d451343865b44dbf48d77f7bca0","sha256":"76714db7b0479a9f4de33f9dd3af5be7698a0e2d355e481c2c1381bd7fd88daf","sha512":"58494f124c1fd7608eed86c56aee4c16671e3b0610335c541f5632ef4a70fe2bde095cd3ef00eac59ff8a866816d851d0a89ce1a2771e1820453abe62166c5fb","ssdeep":"","tlshash":"08f097ab404b9149268644c3805f721a89db50ab349ad6cbbc60a4c5b4659af8a0d907","size":471,"data":"","first_seen":"2026-02-10T09:28:56.981744Z","last_seen":"2026-04-03T21:02:00.96461Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"2512414f817df8312569d55032748f81","sha1":"13467df6e962aa77bb36867ff1412e1ba9f8feb1","sha256":"e193735f8d500f10e2cdc6a94f5a43fb0257c1e2f8afc10fa04f0e3761d258de","sha512":"db6e4298746d519b0987bfa0feb89c39315718e178418e482b1c10c76439eae343afabf2db35ffaaa26c7ee6a3855084d39e9b88d35b11f87c354ceaf38874a0","ssdeep":"","tlshash":"a590029525c25101965295d4455b5c8450658675249569809180956259550205125cbc","size":47,"data":"","first_seen":"2023-04-11T22:25:25Z","last_seen":"2026-04-04T13:40:33.221191Z","times_seen":19229,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/appinstall.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a14913360cd89f0812ea4971df5a16b","sha1":"409a49517dfc31273a84977e1a852ef5ccd60063","sha256":"7c9895f2e57140b2a429c2b5df1eb51b2c0bf49f56365e198fb20a92fe79c1dd","sha512":"afdb6539176c82ae6d211655b974781f7854d7045af9e4f53d66c8c96860c3a0271c27115375c65e93e797585e4e04c9d61fa9464a58a211a0981b2583c0762e","ssdeep":"768:JKOpi9n0gWsgR/DUjVyMcamlyNWAa0kULOLOjOsO3Ow5l5W5P5M5ZgqDdL2fGjcZ:cOpil0gWxbzDqUHJFG+mSsZR1QeyDe","tlshash":"782310c879a2f8501766b172356fd47bf6ab6caaa488c90cd501f4dcfeb4118d533e88","size":47585,"data":"","first_seen":"2023-10-22T09:50:31Z","last_seen":"2026-04-03T21:02:00.970499Z","times_seen":6387,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/main.min.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"039befa6938181dbe4288250469fe41d","sha1":"919e15d0b6e62926a211f4111a78f5964242d758","sha256":"003d7f613ee8dad695ba04163f658a10d418143c371ecc8d2f6585756022a2d2","sha512":"c8b3f54e2422eb43b3fa9e58bd6eaac4400f50850afebf8b813f32cb3ce6035b970f2c0422b4c89767e0a7310c9505cf236fef041e643f9f7b4c4bc196bfa232","ssdeep":"192:gYE1uQ3jWAj2xVp39F2Sxrmklw60pH2R3da9LT3Y3NfIpGFQVUDtyBEKjuAU:M1rjWmEVp39F2cPepH2Rc9f3Y3NfIAQS","tlshash":"ef2262642ed02492138b5fa7bb1bb4d2da1d0a3e3f591c8fc2003c35a99a553ded5bb1","size":10190,"data":"","first_seen":"2025-07-23T05:24:31.503107Z","last_seen":"2026-03-24T10:09:47.66367Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"static.js.388sl.cc/download.js","fqdn":"static.js.388sl.cc","domain":"388sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:37.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.js.388sl.cc","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 17 Jan 2026 00:00:00 GMT","end":"Fri, 17 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8B:4D:AB:2D:58:69:CD:5D:E6:BF:FD:0B:A0:06:4C:CD:8F:D7:75:CB","sha256":"28:AD:C1:EA:9D:29:6B:9B:FD:56:D5:22:30:25:6F:85:82:E2:46:33:BC:E9:99:FF:54:71:48:59:9C:4C:47:9E"}}},"request":{"raw":"GET /download.js HTTP/1.1\r\nHost: static.js.388sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=43200\r\nContent-Length: 471\r\nContent-Type: application/javascript\r\nDate: Mon, 02 Mar 2026 23:11:37 GMT\r\nEtag: \"698ab07d-1d7\"\r\nExpires: Tue, 03 Mar 2026 11:11:37 GMT\r\nLast-Modified: Tue, 10 Feb 2026 04:13:49 GMT\r\nServer: nginx\r\nX-Cache: BYPASS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":471,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"cfd1d3bf2d04aab4854c69016d1027e0","sha1":"243f7d00703f9d451343865b44dbf48d77f7bca0","sha256":"76714db7b0479a9f4de33f9dd3af5be7698a0e2d355e481c2c1381bd7fd88daf","sha512":"58494f124c1fd7608eed86c56aee4c16671e3b0610335c541f5632ef4a70fe2bde095cd3ef00eac59ff8a866816d851d0a89ce1a2771e1820453abe62166c5fb","ssdeep":"","tlshash":"08f097ab404b9149268644c3805f721a89db50ab349ad6cbbc60a4c5b4659af8a0d907","first_seen":"2026-02-10T09:28:56.981744Z","last_seen":"2026-04-03T21:02:00.96461Z","times_seen":42,"resource_available":true,"data":null}},"time_used":1228,"timings":{"blocked":406,"dns":85,"connect":268,"send":0,"wait":368,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"static.js.388sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/config.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:37.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/config.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 7\r\ncache-control: max-age=43200\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:30 GMT\r\netag: \"1772493090\"\r\nexpires: Tue, 03 Mar 2026 11:11:30 GMT\r\nlast-modified: Mon, 02 Mar 2026 23:11:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: HIT, policy, disk\r\ncontent-length: 154\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":154,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"3fa0c0e01c0cbfc5f7ad3638d50371c1","sha1":"3607c6932bec136f28a7b8a9bfca84dd08c4c543","sha256":"b5da6823998b0ceda77feb7e4140b7fef5c47b06bf92353dd0fa195dfc606914","sha512":"38be372831f1aaee7f8f8162bd742a3542f1b75a3c202f990ec8fbbb42950fb9609c5d6b553f5f1b9e557a185a249d2b5e3262bef8f977a6bc487a833bf7b520","ssdeep":"","tlshash":"56c0026a81325b313026168587fb1e041840669a8148d00224dbc25697f300342844ab","first_seen":"2025-08-22T07:10:52.667375Z","last_seen":"2026-03-24T10:09:47.672902Z","times_seen":33,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/main.min.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:37.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/js/main.min.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nage: 7\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:30 GMT\r\netag: \"1772493090\"\r\nexpires: Tue, 03 Mar 2026 11:11:30 GMT\r\nlast-modified: Mon, 02 Mar 2026 23:11:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3860\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10190,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10108), with no line terminators","md5":"039befa6938181dbe4288250469fe41d","sha1":"919e15d0b6e62926a211f4111a78f5964242d758","sha256":"003d7f613ee8dad695ba04163f658a10d418143c371ecc8d2f6585756022a2d2","sha512":"c8b3f54e2422eb43b3fa9e58bd6eaac4400f50850afebf8b813f32cb3ce6035b970f2c0422b4c89767e0a7310c9505cf236fef041e643f9f7b4c4bc196bfa232","ssdeep":"192:gYE1uQ3jWAj2xVp39F2Sxrmklw60pH2R3da9LT3Y3NfIpGFQVUDtyBEKjuAU:M1rjWmEVp39F2cPepH2Rc9f3Y3NfIAQS","tlshash":"ef2262642ed02492138b5fa7bb1bb4d2da1d0a3e3f591c8fc2003c35a99a553ded5bb1","first_seen":"2025-07-23T05:24:31.503107Z","last_seen":"2026-03-24T10:09:47.66367Z","times_seen":35,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wujitv.countly.cniia.cloud/sdk/web/countly.min.js","fqdn":"wujitv.countly.cniia.cloud","domain":"cniia.cloud","tld":"cloud"},"ip":{"addr":"43.198.27.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:37.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wujitv.countly.cniia.cloud","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 22:43:42 GMT","end":"Sat, 02 May 2026 22:43:41 GMT"},"fingerprint":{"sha1":"68:8B:19:D6:59:97:AE:FF:30:6F:D7:F3:4A:C7:E2:31:A7:43:BB:D3","sha256":"5A:A2:5C:14:35:9E:AC:C0:00:87:71:B7:5C:F8:20:F1:1E:3B:A5:2F:13:FC:1B:93:E7:CF:FC:E6:12:93:09:A8"}}},"request":{"raw":"GET /sdk/web/countly.min.js HTTP/1.1\r\nHost: wujitv.countly.cniia.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.22.1\r\ndate: Mon, 02 Mar 2026 23:11:38 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 103031\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 10 Dec 2025 12:28:29 GMT\r\netag: W/\"19277-19b083c01c8\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":103031,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (970)","md5":"dd5d7902e50b24491d9538c3c957447c","sha1":"8eed4ce01a79e62a7d3df1cb739fa637ab2abb1a","sha256":"e734ba9fac24ee52e280b550da6206c00eb122f22be9a55fe83b5d16d2fd76ce","sha512":"566d556cf714ef7fca6647c7346df47d344f78d6bfda0ed0e40c5fb6fc3570943e750c3d14a18e2d07913799f3d34d4f8eab7034e02364a98177db6ba3107e2c","ssdeep":"1536:Kjln5MeAujRXsiwY+vFsOgyQDGEG6sqSvMEWiqjW7yUi7dWdV6irmAcmZDHfREqx:8bjRX7RtiMVUiRKQirmNmdfREqf13","tlshash":"7ba3f9de658a3be8ad776274377e8200b378d3f61a1d6452790981683db4cc6027bf1b","first_seen":"2025-05-21T19:10:18.704611Z","last_seen":"2026-04-03T21:02:00.967968Z","times_seen":118,"resource_available":true,"data":null}},"time_used":2710,"timings":{"blocked":705,"dns":48,"connect":324,"send":0,"wait":327,"receive":970,"ssl":333},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wujitv.countly.cniia.cloud/i","fqdn":"wujitv.countly.cniia.cloud","domain":"cniia.cloud","tld":"cloud"},"ip":{"addr":"43.198.27.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:39.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wujitv.countly.cniia.cloud","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 22:43:42 GMT","end":"Sat, 02 May 2026 22:43:41 GMT"},"fingerprint":{"sha1":"68:8B:19:D6:59:97:AE:FF:30:6F:D7:F3:4A:C7:E2:31:A7:43:BB:D3","sha256":"5A:A2:5C:14:35:9E:AC:C0:00:87:71:B7:5C:F8:20:F1:1E:3B:A5:2F:13:FC:1B:93:E7:CF:FC:E6:12:93:09:A8"}}},"request":{"raw":"POST /i HTTP/1.1\r\nHost: wujitv.countly.cniia.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 444\r\nOrigin: https://www.12sl.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":444,"data":"hc=%7B%22el%22%3A0%2C%22wl%22%3A0%2C%22sc%22%3A-1%2C%22em%22%3A%22%22%7D\u0026metrics=%7B%22_app_version%22%3A%220.0%22%2C%22_ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0%22%7D\u0026app_key=9ed0a8fe1922c9427e7e76dd6b880af3f7b18fbd\u0026device_id=38d7180f-56cc-4461-af1c-daae10fe8dbc\u0026sdk_name=javascript_native_web\u0026sdk_version=24.11.4\u0026t=1\u0026av=0.0\u0026timestamp=1772493099327\u0026hour=23\u0026dow=1"}},"response":{"raw":"HTTP/2 400 Bad Request\r\nserver: nginx/1.22.1\r\ndate: Mon, 02 Mar 2026 23:11:40 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7193935567b96f40739fbfaf435625e5","sha1":"793b3d0307f9c4451893fc52b0e010e1433bcb49","sha256":"2d465056338fa54cb10c592fe7a09319fa7d8a79cd912407d3a9a57b25dbb7ad","sha512":"f43630b077f2d49a79bb11da3b7e4f83df83ec0f4cc4df8cf4f95fdf9083682255ad1a03e48ba9a9ff1b1bb22e4a54034bcc51732c06ecfb36cc823f2e71badf","ssdeep":"","tlshash":"018000ceaa030022e8882828aa0003c02080a0b082280ba0b0ac00a3c88c0002b0fb88","first_seen":"2025-08-16T12:46:55.52805Z","last_seen":"2026-04-03T21:02:00.974902Z","times_seen":108,"resource_available":false,"data":null}},"time_used":2069,"timings":{"blocked":688,"dns":1,"connect":323,"send":0,"wait":688,"receive":0,"ssl":364},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wujitv.countly.cniia.cloud/i","fqdn":"wujitv.countly.cniia.cloud","domain":"cniia.cloud","tld":"cloud"},"ip":{"addr":"43.198.27.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:39.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wujitv.countly.cniia.cloud","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 22:43:42 GMT","end":"Sat, 02 May 2026 22:43:41 GMT"},"fingerprint":{"sha1":"68:8B:19:D6:59:97:AE:FF:30:6F:D7:F3:4A:C7:E2:31:A7:43:BB:D3","sha256":"5A:A2:5C:14:35:9E:AC:C0:00:87:71:B7:5C:F8:20:F1:1E:3B:A5:2F:13:FC:1B:93:E7:CF:FC:E6:12:93:09:A8"}}},"request":{"raw":"POST /i HTTP/1.1\r\nHost: wujitv.countly.cniia.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 481\r\nOrigin: https://www.12sl.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":481,"data":"begin_session=1\u0026metrics=%7B%22_app_version%22%3A%220.0%22%2C%22_ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0%22%2C%22_resolution%22%3A%221280x1024%22%2C%22_density%22%3A1%2C%22_locale%22%3A%22en-US%22%7D\u0026app_key=9ed0a8fe1922c9427e7e76dd6b880af3f7b18fbd\u0026device_id=38d7180f-56cc-4461-af1c-daae10fe8dbc\u0026sdk_name=javascript_native_web\u0026sdk_version=24.11.4\u0026t=1\u0026av=0.0\u0026timestamp=1772493099333\u0026hour=23\u0026dow=1\u0026rr=2"}},"response":{"raw":"HTTP/2 400 Bad Request\r\nserver: nginx/1.22.1\r\ndate: Mon, 02 Mar 2026 23:11:40 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7193935567b96f40739fbfaf435625e5","sha1":"793b3d0307f9c4451893fc52b0e010e1433bcb49","sha256":"2d465056338fa54cb10c592fe7a09319fa7d8a79cd912407d3a9a57b25dbb7ad","sha512":"f43630b077f2d49a79bb11da3b7e4f83df83ec0f4cc4df8cf4f95fdf9083682255ad1a03e48ba9a9ff1b1bb22e4a54034bcc51732c06ecfb36cc823f2e71badf","ssdeep":"","tlshash":"018000ceaa030022e8882828aa0003c02080a0b082280ba0b0ac00a3c88c0002b0fb88","first_seen":"2025-08-16T12:46:55.52805Z","last_seen":"2026-04-03T21:02:00.974902Z","times_seen":108,"resource_available":false,"data":null}},"time_used":2057,"timings":{"blocked":684,"dns":1,"connect":333,"send":0,"wait":688,"receive":0,"ssl":348},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/kefu2.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/kefu2.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e28-1a8e\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:32 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6798,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"b01481313ed22da9b5ddf80594f3e947","sha1":"0872ea62d810a12e846aa60df0b59239e88ae80a","sha256":"6a2c3ba2be2e93dd600289ee09407e5177c529563b43766810720dd4669c1892","sha512":"9981f2df1439b5bc82a30f6f5c879962c2f08e0c7b661675603f27934d38c685f8586d070d8ba0f1956fd245d6afe41ee4bf20df253e4a989eb195231b300e46","ssdeep":"192:eFAh/LKjpJMWS2S9DdyvxOvHodk09b8YfvBzopgjFw+bDcxA68n:XLkhS9Ddy50H69b8Yfv1Wgj7AIn","tlshash":"1d128c159d60eb4189e9d4d8acb710e022125ec0bfc6aad4d398d9b53fd23b8b0eccd5","first_seen":"2025-06-07T22:11:19.970978Z","last_seen":"2026-04-03T21:02:00.958096Z","times_seen":328,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":369,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/text2.fb00f724.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/text2.fb00f724.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e28-2a0a\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:32 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10762,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"63f6f87ed58fa378bb5171c35ee33828","sha1":"11e1edbf224ffed458eacba82355b0a46f11657e","sha256":"1541dd57f893a1b0cf6dca070b041cc64a3d22a87670e74cb520740dc4d7e402","sha512":"337859ef1c035832c9ebfa0f0cfd4e72c230d32cbbef76472638a530e79efff0f564d21e5f5f61d9c3a40eb594550c22e0c78e90ed3251e948fcad6064187e33","ssdeep":"384:6Hc/GmSomj09i0Aaeq/T9qD83DWB9B8yR/whqFCzo4DHxJ:6Hc/xk2saeq/Rqg3DWBbRoqFLEb","tlshash":"6662af438284d3b6c1ff17e60d962bb4e32eb698f25b9684c93966305f642a5d34d8c0","first_seen":"2025-06-07T22:11:19.981234Z","last_seen":"2026-03-24T10:09:47.675321Z","times_seen":43,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/appinstall.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:37.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/js/appinstall.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nage: 7\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:30 GMT\r\netag: \"1772493090\"\r\nexpires: Tue, 03 Mar 2026 11:11:30 GMT\r\nlast-modified: Mon, 02 Mar 2026 23:11:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47585,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (47585), with no line terminators","md5":"8a14913360cd89f0812ea4971df5a16b","sha1":"409a49517dfc31273a84977e1a852ef5ccd60063","sha256":"7c9895f2e57140b2a429c2b5df1eb51b2c0bf49f56365e198fb20a92fe79c1dd","sha512":"afdb6539176c82ae6d211655b974781f7854d7045af9e4f53d66c8c96860c3a0271c27115375c65e93e797585e4e04c9d61fa9464a58a211a0981b2583c0762e","ssdeep":"768:JKOpi9n0gWsgR/DUjVyMcamlyNWAa0kULOLOjOsO3Ow5l5W5P5M5ZgqDdL2fGjcZ:cOpil0gWxbzDqUHJFG+mSsZR1QeyDe","tlshash":"782310c879a2f8501766b172356fd47bf6ab6caaa488c90cd501f4dcfeb4118d533e88","first_seen":"2023-10-22T09:50:31Z","last_seen":"2026-04-03T21:02:00.970499Z","times_seen":6387,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/canvaskit.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:37.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/js/canvaskit.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nage: 7\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:30 GMT\r\netag: \"1772493090\"\r\nexpires: Tue, 03 Mar 2026 11:11:30 GMT\r\nlast-modified: Mon, 02 Mar 2026 23:11:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":126558,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (566)","md5":"687636ce014616f8b829c44074231939","sha1":"afa2a6a1e565badf0b8f75fab88f3497f9b7d6a8","sha256":"f02fc7e7a1732a87426a7012a26db4f4342cc27c713af86cdd9a463a51dc5e73","sha512":"7b3d81b04f365e2a1a51f750a4c6be9517e39ce8b0ada3c7b7204476bdc768d3ed2e8adce9790efa4d7fda2809c79fca2dd40a0ba4f4b8bc565a6233ba1aff8b","ssdeep":"1536:SDATC4qC0yXGEe+8yWjDCLtdRee2r40o4FWN83wZE2VDe+QRU/Ypk:1GEilCHId46z3U","tlshash":"27c3298976a674428393a0b8043f114fb23a5cc5a4884d1cf156ede9fc789ad8277f7d","first_seen":"2025-06-07T22:11:19.962834Z","last_seen":"2026-03-24T10:09:47.669787Z","times_seen":36,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-02","alert":"Hunting_JS_WebAssembly","trigger":"www.12sl.cc/static/js/canvaskit.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/bg1.b06746bb.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/bg1.b06746bb.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e26-bdf6f\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":778095,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"7a4a5f1d08f5b082818547630ead96ab","sha1":"a600d433b9dd30b0c20fa15a9fac91f0b24f0850","sha256":"5669224fbdda0deeeac22c8c5e406f8a876717d9d1ac314b55a226cc67e1e883","sha512":"459f8cce6176a1906318bed722f7a8e730920353e1565772191b48ac653194b768ba011402fc4d43ba8bb6d8b4357c12847d9764ee704560d9db2fdba03f18c8","ssdeep":"12288:eIyPjr35D7vxo0tM56h++wZfszgGrEp7YZzVm7fUjMCCCmFJzuAocQDAvDp6AM2y:GnVNZYIGCFMJnnF1wOY9DpnHL","tlshash":"3a45e1004211e310daae11f5aa5266c4770c5addfedabed8c234d1615ffe92da3cd8b2","first_seen":"2025-06-07T22:11:19.979461Z","last_seen":"2026-04-03T21:02:00.976691Z","times_seen":319,"resource_available":false,"data":null}},"time_used":535,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/and.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/and.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e26-eb7\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 3795\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3767,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"8eafc07fd5dd26355fdc2ed25daefb16","sha1":"eb49612b04ee67ca4f153a754bab6a7d367094d6","sha256":"9f9e39258b648d7dc4e217d4c3162793efbee371ad02a37dd076fe5beee17e99","sha512":"29eee3c94759f656e8ea189f5271f95be9bc4b219eba11bdacf74a8bb42b6631d78d80640e2e3c60e0a02ab5d30056e54586ffebf71de495f4f112a498b59cee","ssdeep":"96:ykU+gRN8Vw5oHuhFv/b/WyjB4C5c5VxMGyPR2s03IR1oAOQcSkRw6Idv8ED/s4T:JgReVwSHuhYSCC583zccs03a1oXST6I7","tlshash":"87c16c0307a4afb353e692fb2a911af6e6218719950e347af0e0f3219e5b54067ce4d1","first_seen":"2025-06-07T22:11:19.98314Z","last_seen":"2026-04-03T21:02:00.955693Z","times_seen":328,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":367,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/js/jquery-3.4.1.min.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:37.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/js/jquery-3.4.1.min.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nage: 7\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:30 GMT\r\netag: \"1772493090\"\r\nexpires: Tue, 03 Mar 2026 11:11:30 GMT\r\nlast-modified: Mon, 02 Mar 2026 23:11:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88060,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"09b145ca68719aba4ac58062524ac311","sha1":"eabbbe951f5289cee22bed827bdeff43181c60eb","sha256":"76d5558f358df27047823f8ccd78f4834c7a5f23b4780944e7b00d15c84264a1","sha512":"6e89edb198c9fc6bbaa7f9956d0c970eaf5d0f523f53feef50121ee29f4358f445894dbd66ca90009e7752996fe1d8bcbbedb35532c00fb79fba91864fe2752f","ssdeep":"1536:+TExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZxOPmw:+gZm0H5HO5+gCKWZyPmHQ47GKc","tlshash":"378309dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","first_seen":"2023-03-10T16:46:12Z","last_seen":"2026-03-24T10:09:47.673857Z","times_seen":45,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/wasm/bin/canvaskit.wasm","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:38.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/wasm/bin/canvaskit.wasm HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.12sl.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: application/wasm\r\ndate: Mon, 02 Mar 2026 23:11:38 GMT\r\netag: \"68117da2-6a96e2\"\r\nlast-modified: Wed, 30 Apr 2025 01:32:18 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: BYPASS\r\ncontent-length: 6985442\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WebAssembly","description":"WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.","website":"https://webassembly.org/","common_platform_enumeration":"","icon":"WebAssembly.svg","categories":["Programming languages"]}],"data":{"size":6985442,"size_decoded":0,"mime_type":"application/wasm","magic":"WebAssembly (wasm) binary module version 0x1 (MVP)","md5":"7f80e7aed01dd7f176fa317728321c1b","sha1":"1b36b77c920b46fbf8a91a4a5dd8074302fc1e80","sha256":"2a27e6ef7fab9d505db76b4c220f1d1cff7d66455648130fca931ba85bbe1002","sha512":"c468007ae7c546a3cf287b40e2b63202ef714a5059c7d15d71e3ad369bf41ff4c534e6762b0263a7fb3b198bd21e3ce8f83519594d0f746d74a6da0ba01a0be0","ssdeep":"12288:KdQKzEr7ZRGw/YKtV6zBVXD035Og8lYLPqE:9K+jGsPVkVXU8lYn","tlshash":"f325e703f11b986eb400b9771e0da63637279980b1a570a5df9d29eb7cbfc15248bb70","first_seen":"2025-08-22T07:10:52.677964Z","last_seen":"2026-03-24T10:09:47.670337Z","times_seen":32,"resource_available":false,"data":null}},"time_used":2516,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":369,"receive":2147,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/ios1.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/ios1.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e28-1ecb\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:32 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7883,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"d3ae76608cdba2e7d6b566a50dfdb207","sha1":"9402ddc6185001397cdebe9e69a7e3099d9d93e1","sha256":"93b88ca9081975591cfacc49b72d3475810d32cee9b3b91edafe3bc4d73d60f6","sha512":"189b133bcd254b852de99d6ee5730fdf74b6df36963f5cf2067b81c990044773678d5eb456b5e2a747b2d67157ab181c2220d5abaa24fb06734071c87eeacacf","ssdeep":"192:u7FdVRCovaLx7O+FyZBhT1OIFFALD+byxAHYjbwnHlxNqU1SPRGy+QlOzzx7dv/W:uPVR3vWx7O+IZL1OkI+bnMbyqUkPXOzm","tlshash":"4e32b015d631a391c3e8a0b488f327d451071504b7dafc60e279e8d5646bb6c3b9f2e5","first_seen":"2025-06-07T22:11:19.95283Z","last_seen":"2026-03-24T10:09:47.666067Z","times_seen":35,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":362,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T23:11:36.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Mon, 02 Mar 2026 23:11:36 GMT\r\netag: W/\"68601eca-90b\"\r\nlast-modified: Sat, 28 Jun 2025 16:56:42 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 956\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":2315,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"5ed234887b5e594be18aad9813fe5555","sha1":"afa2246c4f5692c41095124db6d1ee60b060af2f","sha256":"4e4408d5ed1a0badb0c56673cbf8ae619ef3960120a7c40f1c40f557d2349cee","sha512":"3f681440a81a4e3c69a11172a8a3e53af87c01a7517837da67abd1c824d130834ed8147f8a15b2d5a14d7045475d71ee4ea72bf9e5c4753826507cc6c438523d","ssdeep":"","tlshash":"ac41205edde7c06bb412d058bbbaf91c1b2dc6575610c849b7ee82244f2b7c34c07a84","first_seen":"2025-07-23T05:24:31.495149Z","last_seen":"2026-03-24T10:09:47.668408Z","times_seen":35,"resource_available":true,"data":null}},"time_used":1161,"timings":{"blocked":397,"dns":350,"connect":16,"send":0,"wait":367,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/favicon.ico","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:38.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Mon, 02 Mar 2026 23:11:38 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: BYPASS, Status: 404\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-04T13:49:08.649523Z","times_seen":478178,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":384,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/bg2.7deb9a0f.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/bg2.7deb9a0f.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e26-ba111\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":762129,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"5f7b8725c638871c9f448e14a21aef25","sha1":"f07a1d9f88433b668c825b818c30951b398039b5","sha256":"784eb0e5fad3aa2f90fcf2c08d85e54fdf6c76072e05da3128f8d834729f5ee6","sha512":"d7de4b475f0d22c34f362f8b13e8b11cb981e5b18b684391a8ee21edeb08879afdca1ecf73ff8194dc7f72703b37b14bce4f1f84c0754664bc4ed5a7e1a9d230","ssdeep":"12288:FK0itA0CQfQVxh5SgE3AROCHelcSkN3OsF/4bbgP2uJPajycr61nsgg/v2lB821g:WbfQfFLybpmcGov24vyQ4NS","tlshash":"3c35e004a350fba0d3aad1fe550216e871015dd5e6b7bd90d338d5a22c8fa2f6bde0d2","first_seen":"2025-06-07T22:11:19.949635Z","last_seen":"2026-04-03T21:02:00.963255Z","times_seen":317,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/icon.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/icon.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e26-8bb2\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:30 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35762,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"0aea54f7e301787d8d5161a4886c48b8","sha1":"3353227e679c45f18ecd4f42d044777f5bf3361e","sha256":"feb74f40958ffbd80edd90a3f41f6e4ae878360d6db3ce758981f579f6f1fb6b","sha512":"0e1f5527e0dd12bbef4b1317f1e45f8008690063835b447cec9eb2b5348b8f6520377616002ffd14ff41974003bb9f4206e4c56400c00d069244b0cfe8fed2b2","ssdeep":"768:hFnCMJ/i5EgqOoAtg264oBS6mvz70jN5ftOKqagZgQbhZ5+wlplZ4O+shiWHFF:fCMJ/i5EgEqN//yft8ZjxplZMsVHFF","tlshash":"7033e1426250e370e2d3d4e5786310da7b024eecbdeb9df1d754c55248da22973ee0da","first_seen":"2025-06-07T22:11:19.968708Z","last_seen":"2026-04-03T21:02:00.956938Z","times_seen":328,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.12sl.cc/static/picture/text1.e94c1836.png.js","fqdn":"www.12sl.cc","domain":"12sl.cc","tld":"cc"},"ip":{"addr":"203.188.180.36","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.12sl.cc/","date":"2026-03-02T23:11:40.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.12sl.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 20:07:44 GMT","end":"Tue, 14 Apr 2026 20:07:43 GMT"},"fingerprint":{"sha1":"90:DC:77:ED:A9:77:62:E3:F1:A2:D6:97:50:BE:E7:63:73:CD:75:6D","sha256":"B4:D9:40:18:E8:26:4A:C2:92:51:32:D3:2A:D9:6F:15:54:56:AF:14:EF:FE:B9:73:24:64:3E:5B:BD:E8:5D:8B"}}},"request":{"raw":"GET /static/picture/text1.e94c1836.png.js HTTP/1.1\r\nHost: www.12sl.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.12sl.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Mon, 02 Mar 2026 23:11:41 GMT\r\netag: W/\"67073e28-52c2\"\r\nexpires: Tue, 03 Mar 2026 11:11:41 GMT\r\nlast-modified: Thu, 10 Oct 2024 02:38:32 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21186,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"ed74ce600f516473dfc8914dcabd8493","sha1":"f643db966a2b169761c19d92c6f12bd237bc0f8f","sha256":"d6425f4a977db37fa713eb9afe796f6fe05f488626ddf45fc9d7ce2d474e1e74","sha512":"fed52fb7a6ed8d132bfdf880d2d0e7c8ef178c54f9597abbb060950bc74592c27a6730967d6eb9233745c7434a385053c5121e97dca986518fc8ee2a7618e456","ssdeep":"768:kZbUfLOqNwPX2ctuoeNvraCY8bJj1BXH1Ge/0SpGncHiIn3:kZ05wu1oeNTmCVGe1Gct3","tlshash":"95e2c003f2929770d6a5c1fb28678dd8c5188d48e7e7fa81c854d11095fe0ea25eee83","first_seen":"2025-06-07T22:11:19.972711Z","last_seen":"2026-04-03T21:02:00.961878Z","times_seen":328,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"www.12sl.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}