{"report_id":"b320a01d-ef48-49b4-ad4b-c0cb48ef66aa","version":6,"status":"done","tags":[],"date":"2025-10-31T20:29:39Z","url":{"schema":"http","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"title":"Download music, movies, games, software! The Pirate Bay - The galaxy's most resilient BitTorrent site","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":""}},"submit":{"url":{"schema":"http","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-05T20:29:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":9,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.118.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.071397+0000\",\"flow_id\":264703601219301,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.118.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.071397+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"38.132.109.186","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.091487+0000\",\"flow_id\":526213422474591,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"38.132.109.186\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.091487+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.116.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.111457+0000\",\"flow_id\":2197099582042977,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.116.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.111457+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.118.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.171635+0000\",\"flow_id\":264703601219301,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.118.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":0,\"bytes_toserver\":124,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.071397+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"38.132.109.186","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.192459+0000\",\"flow_id\":526213422474591,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"38.132.109.186\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":0,\"bytes_toserver\":124,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.091487+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.116.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.211798+0000\",\"flow_id\":2197099582042977,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.116.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":0,\"bytes_toserver\":124,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.111457+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.118.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.371826+0000\",\"flow_id\":264703601219301,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.118.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":0,\"bytes_toserver\":186,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.071397+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"38.132.109.186","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.392688+0000\",\"flow_id\":526213422474591,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"38.132.109.186\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":0,\"bytes_toserver\":186,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.091487+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.116.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.412015+0000\",\"flow_id\":2197099582042977,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.116.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":0,\"bytes_toserver\":186,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.111457+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"www.premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"thpibay.xyz","ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-27","domain_rank":0,"first_seen":"2025-08-28T11:49:41.145223Z","last_seen":"2025-10-16T12:28:43.009963Z","alert_count":48,"request_count":12,"received_data":87152,"sent_data":5434,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"6.adsco.re","ip":{"addr":"104.16.42.28","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":91627,"first_seen":"2018-01-15T04:15:29Z","last_seen":"2025-10-30T14:05:26.468802Z","alert_count":0,"request_count":2,"received_data":991,"sent_data":845,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"mkgaeneg4na3.l4.adsco.re","ip":{"addr":"185.200.118.62","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"domain_registered":"2017-02-14","domain_rank":0,"first_seen":"2025-10-31T20:29:40.077445Z","last_seen":"2025-10-31T20:29:40.077445Z","alert_count":0,"request_count":1,"received_data":463,"sent_data":434,"comment":"","tags":null,"fingerprints":null},{"fqdn":"4.adsco.re","ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":95532,"first_seen":"2021-01-04T16:47:52Z","last_seen":"2025-10-30T14:05:26.261798Z","alert_count":0,"request_count":2,"received_data":858,"sent_data":845,"comment":"","tags":null,"fingerprints":null},{"fqdn":"adsco.re","ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":3069,"first_seen":"2017-04-03T03:11:30Z","last_seen":"2025-10-28T15:37:22.849734Z","alert_count":0,"request_count":1,"received_data":1787,"sent_data":442,"comment":"","tags":null,"fingerprints":null},{"fqdn":"premiumvertising.com","ip":{"addr":"162.252.214.11","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2020-04-18","domain_rank":64798,"first_seen":"2020-04-19T20:30:46Z","last_seen":"2025-10-28T13:29:18.919677Z","alert_count":1,"request_count":1,"received_data":258,"sent_data":1750,"comment":"","tags":null,"fingerprints":null},{"fqdn":"c.adsco.re","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":100769,"first_seen":"2017-11-29T18:42:15Z","last_seen":"2025-10-27T05:22:03.189652Z","alert_count":0,"request_count":2,"received_data":82103,"sent_data":919,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"mkgaeneg4na3.n4.adsco.re","ip":{"addr":"38.132.109.126","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":0,"first_seen":"2025-10-31T20:29:40.085435Z","last_seen":"2025-10-31T20:29:40.085435Z","alert_count":0,"request_count":1,"received_data":463,"sent_data":434,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mkgaeneg4na3.s4.adsco.re","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":0,"first_seen":"2025-10-31T20:29:40.079661Z","last_seen":"2025-10-31T20:29:40.079661Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":434,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.premiumvertising.com","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2020-04-18","domain_rank":874532,"first_seen":"2020-04-18T19:54:24Z","last_seen":"2025-10-28T13:29:18.617846Z","alert_count":1,"request_count":1,"received_data":42497,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.118.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.071397+0000\",\"flow_id\":264703601219301,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.118.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.071397+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"38.132.109.186","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.091487+0000\",\"flow_id\":526213422474591,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"38.132.109.186\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.091487+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.116.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.111457+0000\",\"flow_id\":2197099582042977,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.116.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.111457+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.118.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.171635+0000\",\"flow_id\":264703601219301,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.118.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":0,\"bytes_toserver\":124,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.071397+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"38.132.109.186","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.192459+0000\",\"flow_id\":526213422474591,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"38.132.109.186\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":0,\"bytes_toserver\":124,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.091487+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.116.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.211798+0000\",\"flow_id\":2197099582042977,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.116.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":0,\"bytes_toserver\":124,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.111457+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.118.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.371826+0000\",\"flow_id\":264703601219301,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.118.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":0,\"bytes_toserver\":186,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.071397+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"38.132.109.186","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.392688+0000\",\"flow_id\":526213422474591,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"38.132.109.186\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":0,\"bytes_toserver\":186,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.091487+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T20:29:19Z","timestamp":1761942559,"ip_dst":{"addr":"185.200.116.90","port":3478,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.13","port":41907,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-10-31T20:29:19.412015+0000\",\"flow_id\":2197099582042977,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":41907,\"dest_ip\":\"185.200.116.90\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":0,\"bytes_toserver\":186,\"bytes_toclient\":0,\"start\":\"2025-10-31T20:29:19.111457+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"79e362235e366729632e60d6d35f8904","sha1":"69df1a1691b05442e11e2bc5825fc6297b977a92","sha256":"da82a56eb8524f5d12a2afcf2c5d0cb6184f26995167212a0ccb3bc2ba0def36","sha512":"94ca14ccb12238f547249a07134689257dd97639be34d7f466f52741df7176be982d88c5d294dd42a534a32d908533b5eaae33a13cb47ce0cf065d3098d9383d","ssdeep":"","tlshash":"fe60000000000c30000303000c30c3cc3c3f000030033030030c00000c00c003300c00","size":15,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-01T14:36:47.45823Z","times_seen":23587,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"be6b25353280fac3960e70c9dcb6804f","sha1":"46c69609a3bb697e60644b18dc85d780c44804ea","sha256":"38be2b1c1c886666cd4ac85d71bb8b65e51d95c7c5f40b0c575f7d196a0442cd","sha512":"cfb553df29882616e097d28e643208df6aae0e005e63b7e7d9310a731135e9e33407ec268f12699208db7dd4fe2e8ba8a49de900e8b0a1a4bd83bd522f2ee953","ssdeep":"","tlshash":"10700008e08020a308380002028223222a0c282080822020002b0280288228baa88a80","size":24,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-06T11:55:01.486771Z","times_seen":22174,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7545d1da7159ca66338b4c84b69f8ae4","sha1":"0858800340ee5b8c413a1aabc50fb28d0bdf89db","sha256":"7510742fba4d25113b6124987e97cba40776bc5030a6a3678974dc8ba075bf81","sha512":"dbd944acd2868ed6eb1de313c0efe7590f715129f7ca5a9ae5a3dfb9de0035612a248441d9e6c4c1812d8ec4b3de7cd2a5973c4c71887361a2276de1d73fab94","ssdeep":"","tlshash":"af8000088820202a20be0a0e02a3e232220e3022a0020220000f0280380020bb302880","size":26,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-06T11:55:01.488245Z","times_seen":22614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"41310478a380eaf7e07dbad9b4f81a97","sha1":"1714b6ef86e90b5b23e2aaa1e7728ed9c59f4d34","sha256":"848e5342d9196c0f64861ab926a3c5aecce9294750febbd22e5d8df859bdb144","sha512":"7b93f330547524ce01b8f888a8d56c19cd4432fbee43db16aab33fc1aecd77243762c5e7dd5ce767e38c0fdf9d58bc629caf106d77689c1ef90ebeb09406580e","ssdeep":"","tlshash":"d37000000000000b203c00020a023a003003003000880800820808302ae800b802c0a0","size":23,"data":"","first_seen":"2024-02-12T20:00:21Z","last_seen":"2026-03-06T11:55:01.500018Z","times_seen":19951,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"javascriptURL","is_inline":false,"md5":"68934a3e9455fa72420237eb05902327","sha1":"7cb6efb98ba5972a9b5090dc2e517fe14d12cb04","sha256":"fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa","sha512":"719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d","ssdeep":"","tlshash":"aa3000000000000c000000000000000000000000000000000000000030000000000000","size":5,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-03T22:35:28.343826Z","times_seen":66052,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"879c12264b74d969b0314e9a9cd1f17d","sha1":"714a5d759f4d1b7d41f8c5526451aef114b33d41","sha256":"28be88d787b6e773eaf5d0818a6c62446ce628dd8ec0659c6f78410588838337","sha512":"3547b27de7764e655bc8749fd5c1166599da57d2a76057e66923476fda692917a9e537a934374c77f361359b9fe94d739bc037044bbcf2648feb43f7ff9f1c7f","ssdeep":"","tlshash":"f7700008e0a03032203a020a228222202a0c2020800000a0080a328028882832380880","size":22,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-03-06T11:55:01.507418Z","times_seen":21973,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e362dfc00ec0a626a2af15b0f2bc41e","sha1":"85a0426a6dc937c487a83e88c5af55bd2b8890a7","sha256":"95b4eb886599e2740bab5bd22c9ff1cb9011c73ad31ff4aabdf017af7a64a5c0","sha512":"8674f44d22cdacd63e7849ab4a60f1802e25d6e553f9ac72f8bc726345b077d8c15cfbc56e4bf3522ee2707978fb0d329c7308f423a1ae293652b9b859c74264","ssdeep":"192:HMv6c23RU9ZS9zdolsoNpnGJACQUrP7nbzZStwMEGD8p6cHzWV1:HMv6c23RUTq7nHZmwMjwFzO1","tlshash":"5822d6ca7a8cf168823705f2109b76efa88d6e6d3c845d178314d9a4797c33871a9f86","size":9981,"data":"","first_seen":"2025-10-31T19:30:00.499083Z","last_seen":"2025-10-31T20:30:37.375664Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"premiumvertising.com/fvvsrhoqgsoabxprfxp?OPTgYsIc=BQOCAAAAAAAACZUAAuQEG9tLFyB1svWycAVoqIPnYpnHFDN2vnRaIqd_8BlEUqWzZYKPMT27gpdlYK6IHkJd4-JBtvGj1nMI2vGWSkt1Ky2sNR0dVSU5dtaJh3ZD7M4NSQYE3aCCBD1TqDgG_Qiq0ir1by4pruUFMPcEK10OLO2yB-UXVBEG39XpLypcMjyHw3-efbTgAflS0D6vUUBKT3Qv9ryOp9b43CzSJVDfMaigYVMbLiq6v_YFzD_eizFYp9TS03C4oGdIgf7a0x3lrNA27hI5Uu0x4oYztCTOuB4utr-i7KZUH-LEp3xX3-yhVfdHSzgW8diVhTomJIWLDEDvc6Wcn8x2u8rpNtf4UsxeVRwVsQxlVBbt-31bZUSw_D4POkYXvpEOqqzfhBRJSTC5ZGP8omWBWgx7sQQSCJan6cF_otcgzI33Q3gwGzntllCohQU47JkknXLaBprrnn87XkE-LQWC5FCfk49M4IK2Z7w0IeZLEBs7sZnby8IWkw9b1pKLVA77N8hJE60U1B-7a4zw5-DZCgV7aR-jt9SrJVMJjfUdjHQ46obI64GEePW6GOaGFOT-CGSszMau9TH0fAcrI7u_tlFpBGxUn5fMjcjpoX3Ar6ev37ChlJ4C2WG_09zR-g-oD2ACKo2z44IT8p2XE7XYhzsRbdMeqZ5aNVU1sWiAA0yTzfvaj033XKPUHQA5CipypCg59kIVKE8-IyBUhfKkuFOmwPqdxIG9EChMFaZgVL2h3nkVhBEyvXp7MOjHPSS-WcKVndUUudzbJZKzm7fe1qXUW2_FGrktCj9V5_F2ng6CqCv6xPAaafOoZLWNMyfpqGx-GJaIDs8FEe85GTi-VCc8WvbscpIpajL23HmWNOf6NksKkLIIPfKLK22c1Hg1CTSFsHh8RCmxSnH3t0uzlz9TN43Sk490pwtoMPhFg1GR_nFyaLhTEOSKOG99XWd1xp83rbRM3lZl9sut93KgLrI5LJfoIaXrbM3hVo4SmcNzjuE0t-xJ7TyR4z_O8Lcon98uO_VscZZycARq6BBt-BFBmJWEJJzjkgSqK9FdXQuuZ2F79HyXQDtmU2KAeoWrGdKhiJGnHSemySrHY2-R4PkaLt0CsTk77uHzSMlR_UyxuWT1wISulju--kheQZVPbKoHYBvqbQuYihxHfg91R3eV-mt57DRTahxlzUDznziQENoJ\u0026MLEkXuDe=4\u0026jJEGoUaX=5232866\u0026eboQdnaN=\u0026nymoGMiF=0,0\u0026xLFAUHZQ=\u0026ZEdtCLGf=\u0026aSjOsWNy=1280,1024,1,1280,1024,0","fqdn":"premiumvertising.com","domain":"premiumvertising.com","tld":"com"},"ip":{"addr":"162.252.214.11","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5f0a25e4d3522d56d48ce7bc3e518fb","sha1":"86794caff58f7fee6e684c2ba7195f970a8d6f4c","sha256":"9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5","sha512":"a3a81801f516a4eb11f00d6f56dab0ed4b8a79219e6b4f5436993479f09dae08f14cffbab3327ff66fb39201d8eba1153ae7114f7705a01cc6f0edf840ef1616","ssdeep":"","tlshash":"789002801814116115d1500b8d5159d01259b1a4540801324446ca502dc7883a415774","size":44,"data":"","first_seen":"2023-03-07T01:17:45Z","last_seen":"2026-04-03T22:29:59.430952Z","times_seen":22733,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"fb440b8133f21c3e5d3e39624e7bda94","sha1":"1b46d8568f9bd8a2be944d6a61924a21ec0b6e4f","sha256":"a5e2bc908c3bd3196d273564d073484f9905d13817490eca5aa249e701139cdc","sha512":"f874692932aab2be754d763a3998c5cd3c654a5bcd78c5d839fe0ba506f9a9e563d3cecba0ca71a6b0db35ff94943f6fa8bb0292f10c1aeb7df2704ea6d85fbf","ssdeep":"","tlshash":"047000000000000820200802220322083822223002cc0002220a083022ea00b80282a0","size":20,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-01T14:36:47.456368Z","times_seen":24287,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b96faa728d80b24d3ad26ea63d7a872b","sha1":"03db96cf325b10855373e23149e773370f0cdf23","sha256":"c9e2731000c392c9deece920ecb2464b14d672714c078e0d5e68ec1c727b4800","sha512":"cc03a6dbfa2a0c44f3cacbd063f5012afdaeeb189fcab186468c22036279712ab0ab62c8f53477a7b56c618060ecafde0a9555e8ed02cac02dab9f3c2c90e35c","ssdeep":"","tlshash":"d9e0ecff114a047c11710162edd31aff2a722146cb2e1c91c1d57639bea8a18a113b44","size":300,"data":"","first_seen":"2023-03-26T13:33:57Z","last_seen":"2026-03-29T16:36:52.614226Z","times_seen":116,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.premiumvertising.com/YAe/bstage.web.min.js","fqdn":"www.premiumvertising.com","domain":"premiumvertising.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"d926fdf129ea0e44dcc1b4abc2ec70fd","sha1":"da6fe0a14ab9604e5a535ca00343f157b5178a25","sha256":"6e3f53e1ca7bdfcb1789070ac0c4ed268e2cfbd4ea14329e824221cfe375ee95","sha512":"73a92475d9c7b3c3507266ff76ce2f991af190f535ddcf99d8e8718e6a867e57226670fce920fa4902def15eddc3a760da623ed9d4ca8e0be649ada2361875d2","ssdeep":"768:bt9rqAYKKeZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCIYCntlqofr:bbdZzFQ9JsTgZvfzmMzhYrTscpFZR","tlshash":"a9132aaab286282601e741b9503eb317b23305167912d458fcb9cdf96e3dd86127b7fc","size":41949,"data":"","first_seen":"2025-10-31T20:29:44.002935Z","last_seen":"2025-11-04T09:45:30.80099Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ac7fe824fc01da2eae66c69cde47673","sha1":"12c7d2596939ad5d05162d227907c9bf707559b0","sha256":"c259f617c5131add5a2a6c588f31e278b6c9443eddfa2399888a0d786712f20c","sha512":"ac205048c8287ebdd4ed9d241173dbca2ec4ceca2963d3706bd6b3d824f31fe3f073295f4003bd848d56dc1aa3733bfea5e620e1ce168519bbc03e8ea6d0ebd0","ssdeep":"","tlshash":"899000020c0af08e0038a0ae3a0e3b002a022ba080028203bcca0238b8a8003a828080","size":49,"data":"","first_seen":"2024-05-15T22:21:34Z","last_seen":"2025-11-06T10:54:25.309926Z","times_seen":13689,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/paperlpds.js","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7db0ef1e70d515f7d1ece0da6db78fc4","sha1":"af148313c1bbfb5b6b06d6b66def9fc8819b5752","sha256":"571f543e6fd4ecdf63308df76369821b5e3985dff099cd11d2bbcf3cff3573b6","sha512":"08fc818f8c8835c86e0bd6334ce59357ecb3cae4e2b295fffb31b37832176a7ef858dd503a1dbbe15558b7f63c5b26b7e0e681a46979cfa5dc7e24fb5cc74c0d","ssdeep":"","tlshash":"7211985c7c0cb62571c2263540bac516509201db9f5469ebb8fed4a81729a831c575cc","size":987,"data":"","first_seen":"2025-08-28T11:49:45.798005Z","last_seen":"2026-01-08T13:12:45.777379Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"62080b014488768847ce45c7ce0ca265","sha1":"7788ecd6a5a077fa482ff1a211bb223c233d4f2d","sha256":"a816c72963759c76b9866799f81fb7059ca6a86f4c2d346afc3c8cad77747173","sha512":"34336d47ce38222c43c798f6eb0169f849c2b7f6320dce90eedfdf6feae04bca2997b8fcc7738763ebc0b16d8337a2e55678555d99a169d76723100a73a4c1ae","ssdeep":"","tlshash":"b311c0793b1a5534c6d5818b31bee7a93e3260717a02e184c36cdc299d58e8714efcbe","size":902,"data":"","first_seen":"2025-10-31T20:29:44.012683Z","last_seen":"2025-10-31T20:29:44.012683Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/__blocked/custom_ads.js","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"deba2236774525f10c8d49f36df3fc20","sha1":"ad0f97446e2033a74d1dff7761ea9cf93607a2d1","sha256":"d1c6eee1070cdf17377e67ffe6c6f54564b77201da6750f95388d1af5d0a0991","sha512":"76f9c99f71e1912e181416c32e13135cdb149fc80e723acd5cf3a82aa2a0821c051106bf9e8d72dc761c16ff2e4dce83127041e7e740209041bd42fdc961c7fa","ssdeep":"","tlshash":"057000083ab208c02b3003000e0020802a83a000003283808020800e000e020a0303c2","size":23,"data":"","first_seen":"2025-08-28T07:47:14.103541Z","last_seen":"2026-03-22T17:54:38.525902Z","times_seen":594,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"d720eef71edef78b948a643d5712ec07","sha1":"ea5eb334bd6ddb0f04abafb700dc2ecb30070c76","sha256":"2daa1a91b2430e9867296c9cb26d1483785954a9bdd66f79b2c754bab7092cae","sha512":"63368ff1fef849df7f849af23bc2f24698893bd3d58300282427a76665b2d5c94f097d409f93173ad9c36944b4fffc2e37fa03a91f81e4e04f3737f9b73d2d6f","ssdeep":"","tlshash":"5f6000c00000c00c0000ccc3c00300c030000030c0cc3c0003003c3300cf00ccc00033","size":15,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-03-06T11:55:01.51255Z","times_seen":24260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6a88d4bd5bd93656328a2f38b4378d0b","sha1":"d2afdc9b1693f0cf62ab6e88bbcf4e20fb62844e","sha256":"3b1758c84d9df642c22e7c547795bd40ff0a9610795e44c90109fa7f9b8016ab","sha512":"c64eb8517871a1b996d76fd0d9982a9726515a003cebbbdf1639067607e2f7697c97f79fc176802c7e560f325e3f39f40c9edecb49e7c1626b95ca0cb8349424","ssdeep":"","tlshash":"687000380a2000000230202200020002008282a0c0a2a8c0222a820002020200282002","size":21,"data":"","first_seen":"2023-03-07T12:58:03Z","last_seen":"2026-03-06T11:55:01.48721Z","times_seen":8444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d936f0d3e0535e2fa01aa05c9d1508f","sha1":"d20537b105615348981de83acaa439e771f719de","sha256":"ec4b3c7a9f6ffc2691c526ef4e11982138f47505bf1245a72284d5f2ea3a5139","sha512":"b652ddcaf495c6cbd1b4c6ad40996249f94b67922be2c86f6b265b31c364b60fec7647074f81ad90fc8e21efb5349a74dbd0f827d40b45fb5599b9c432ce45fb","ssdeep":"","tlshash":"3a9002114c06c08a0178608e3a1e3b0076012f5180020102bcc60138b454003a4060a0","size":49,"data":"","first_seen":"2024-05-15T22:21:34Z","last_seen":"2025-11-06T10:54:25.288429Z","times_seen":13737,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"8b5e8699c1b76c14c38283a27772a3e0","sha1":"8e39b41dbcb6877e9b189351a2c90908abdc7754","sha256":"cfab5312f1cfff1e8162225ab27453306ff627f512bcf18225c0a305ca093e1c","sha512":"66ffa0031cc22b4eec8867f36dcf3d887b021a11ea74f51c2a2eff1ec4cf9eeb44c4e1d5a6c197f29d66546c5f42ef283c54261f6157687237e4dabe1715523d","ssdeep":"","tlshash":"cb700000000228a200fe230e8e82230822282223a28820c820220a2820003232380880","size":25,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-03-06T11:55:01.508546Z","times_seen":22393,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"e969e6981adb7ab1cb174994a5c8c627","sha1":"5f534a259a6f3754d1d392028fd4cbb344fb6563","sha256":"5cb18f9c0eebf644c0bc27e5224177984121b4c4a3f8189861a6d797a15a2e7a","sha512":"10bbe815bb6e4ade10d00a42a82dd10b668e95e275161cb0a637b2ea95785f8f7fc72b31bb48ac9c1dfad03d811912c0683941a3c09357525f164915d5b033cf","ssdeep":"","tlshash":"a380000a88a8a0222a30a0228c020200202e822080ee208083f2032020c283c022b802","size":30,"data":"","first_seen":"2024-02-12T20:00:22Z","last_seen":"2026-03-06T11:55:01.514986Z","times_seen":20053,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7a837a4ba8ea13b8193945adf0261e19","sha1":"61428cd720ebc0f01c4c017204c313193c22c101","sha256":"28d9693460ce57dd4e01742e50a1baa10cbed3fa6c20c2a69f02424f80fb9a2e","sha512":"abe0e46d98027527a7d2567c4feaece7ad3c1ec94eed8fea59b9eec596cdd4fa39e7776e9dbc4dd6fe777d9b09300d45ba2a49fc9479e0acbdea92ebf5ef940f","ssdeep":"","tlshash":"516000000003c03300300300030f33000030003000030000000c00303003c03c0030c3","size":14,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-01T14:36:47.441265Z","times_seen":23236,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6587d98a14d8935248bcaea22614a7c7","sha1":"255d2a6d42a6b607f73dc4eb4b4c5c46d4780d56","sha256":"8395a2f7c92e61b47ade7c4b59b5577e4e857d15cd558836ad5d6e6197d1a905","sha512":"52615da8c607bb37f69beefc31ec83dc5a131b8185c6a934391318f9cec92f6da6df305b80cec95167bbd717c522c2319c215e29cd7c873a45e01f22eb656b95","ssdeep":"","tlshash":"33d023a91d75c43161d8024a10f7e3ad777134607761e284c2d9cc1baf11ed304b155c","size":217,"data":"","first_seen":"2025-10-31T20:29:44.017245Z","last_seen":"2025-10-31T20:29:44.017245Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"265fbd04531d9cf5fd767b4e3149a5d1","sha1":"9df7368252b2b411d8472e2a6cc46fd5557ac415","sha256":"1b5a1da3648fc66667a67e766f23683675655e69a2f5186d65e750c7af80fa01","sha512":"c66a183c6e2dcabfedf54ccf42ca70a8cb2f9fde6fdfabfcb8ce20dc684821ce10b7892a940f459cc41c7462c97300aa740eecc1a38638845d159c684c9b036a","ssdeep":"","tlshash":"cb9000020c0ac08a003a208e3a0e3b022a2a2ba080020202bcca023ab8a8003aa28080","size":49,"data":"","first_seen":"2024-05-15T22:21:34Z","last_seen":"2025-11-06T10:54:25.308656Z","times_seen":13860,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9aa3dc35f8ba994aa0f04a42c4da5062","sha1":"a65df79b7b70e8b8d22a2db929f6598428a827e0","sha256":"89e4c05e12e12f5bdf85a4fb89bad572dd85256091add09fdb9c6e42e703e2bb","sha512":"72ec1d5aaa34463f798b2d2c5976a6221f70e51ea2afff582319f4c8b7e31f4a67ef2a2d39427b4d1cc89ca66c4d4374db662c1137380ce0aad2acfcdbed4d6c","ssdeep":"","tlshash":"ec7000080000a0308808a002882ca3803c20a820b022a008080823080000a020008e0e","size":24,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-06T11:55:01.493594Z","times_seen":23251,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"93128c282499b9ac18b63d0170ef3d44","sha1":"20a9c22e9546d49fc54c41ecbfa82880934f45f3","sha256":"f58ab76f9bc7003d1eaa68b8ca01bc723da2137cac1536511da193bd3062f86c","sha512":"7275c7fe7ca0a85191389c0c276f16c73ea59858c6af7268cc1c4a306755a35956ac72c4c8a7ba702c386eaa76ef38e871d50f0b18304dfd9ef1c75430a53f85","ssdeep":"","tlshash":"0d9000020c0ac08a003a208f3a0e3b002a02aba080020202bcea0238b8a8003aa08080","size":49,"data":"","first_seen":"2024-05-15T22:21:34Z","last_seen":"2025-11-06T10:54:25.290898Z","times_seen":13778,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ab3b4884408bb0261d6b56a7d288fe80","sha1":"b0f370141ada9b591302b575434c255db51ae151","sha256":"e5a13721b456c9e090f80944728fc91767f5ae01b01f59160e73ff2c7cacc587","sha512":"e57cb5cdac6519a8a24e85d5d91f2c6492e282308a94d369619e9455cef8f22a2a6abd62023647fbfa0228b6d3e12da22c280d691cd351608aada9c284ca3a66","ssdeep":"","tlshash":"6c80008ea0803232a2fa02038a822200a2af38ea88008820000a0200288030f232ac8a","size":26,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-06T11:55:01.519336Z","times_seen":23027,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"476b43130f4da0758e51a26ea93e733d","sha1":"5eac9c53e9cc1410e58f6f0bdc85528acab30736","sha256":"b19d05a8d492320ab4db4d74ea0e9e90374bed47a18e805f8018ebb00af0c23c","sha512":"d7b6af5bbc8185dfa58fccd8be30e14c79aed4aba53d8824cc066465690837c5f2d173bc3bb78eda33f9ae91ac0434fbb63d4d4c906e1874cc614ecf72ac4291","ssdeep":"","tlshash":"547000088202202a003828028282a220223ca82080028020000a020228002032ba08c8","size":22,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-06T11:55:01.506782Z","times_seen":22784,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dc0afc5aee21e3a2c7ba20fcbbc5502","sha1":"b0b548e52b180b7ac2fbac80962700dcd226b31f","sha256":"97e8f3fb205c8b155c8c6370121edddfad4baf9da50783c9b7efc9ed120bf41b","sha512":"e37b0c0f47dd7f5641a98b80cd68fa04f9b932dedd7d691399e0d04a47e75abc50fe62dee85ca735f2dc3c534869f8f8c1478afc9fcde9b91719665003f21a7b","ssdeep":"","tlshash":"819000022c2ac08a0038208e3b0e3b082a022fa080020202bcca0238f8a8803a808080","size":49,"data":"","first_seen":"2024-05-15T22:21:34Z","last_seen":"2025-11-06T10:54:25.308032Z","times_seen":13933,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"d9f9b0f82813d813afe0d450e9fab4d6","sha1":"cb6ce93dd97adc3649f697ff49681f5aaf8b1671","sha256":"d204422e9d49293ab422bfabae9607635876cb30f77215f133603bac691f6f4b","sha512":"849997b396eb218b8bbc788eeb34ec3eb9ab4c809a07ac707a57a5e13baabb69d2c52795403d032f007276109c7f4476daa8255550fa236873e1eb9ba6dba3ba","ssdeep":"","tlshash":"706000c20008802002c200028820a2802832008a20022000c00800000000a0c0222808","size":17,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-03-12T13:30:56.245454Z","times_seen":23634,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"aaf72876f0d5e8a677a383fd45bf938b","sha1":"d8b2ca3c238c933223f4a6313c5c0561f99e0c1c","sha256":"15eb7e222abfc64660d0f94c04053839498df20ea9ac9a13a201701a56ce3bf6","sha512":"c6bec20224539a5319a753a794c7521e7063e76b3d41bac8d7f0159880eaf3ed07c3fc1b0eb4ec285f1970f270f4b0ab68890d5a0ed01e3b1542102ad707f6d7","ssdeep":"","tlshash":"207000080820000820200802220322283822323022cc0002220a083022ea00b80282e2","size":24,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-03-06T11:55:01.498128Z","times_seen":23956,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7145e6d4dd187b573a13f0240103f6f0","sha1":"f8e7ff7fd488f675f418011ef8ecca4a822933b5","sha256":"02665a4c106fc96e71ef5a17511cf353ec3f5cccb82ec9fce719b23967728897","sha512":"8fb980002683780ece97cb8cc6679fb9c8c97f543b927fe1efbf4073887176b68be02fd0ffbbc4bec0ebce401d04132fe4d1ab1edab9d006be9493f77bcfc736","ssdeep":"","tlshash":"0d700020000082000b2000032f83b280300a033000c8000002028f32a8e802fc020080","size":25,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-06T11:55:01.482966Z","times_seen":21540,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"thpibay.xyz/static/css/main.css","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /static/css/main.css HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: text/css\r\nx-frame-options: SAMEORIGIN\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"60a75c5e-1e59\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uEEi%2FLklvXCjjqEFkMOqOoJuw9da5REpYU5KFP305BQqmeLl2WjkqCVWXxKMK6cpUO2dhm4NKbNpFNL98pBI1ED5nHiLAjnPIp6XexNbXX0mosdl\"}]}\r\ncf-cache-status: HIT\r\nalt-svc: h3=\":443\"; ma=86400\r\nexpires: Fri, 31 Oct 2025 20:31:18 GMT\r\ncache-control: public, max-age=14400, s-maxage=10800\r\nage: 6783\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-ray: 9975e759ad99568f-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7769,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"1a9e37e49a76147f4d800c21346d6bc7","sha1":"0e9401b6fe4f4c930697aa32de62504cd50d51b2","sha256":"2ae2bc7a9e1e741b184bc1f4dd6f6252181c7d8b5390a54276ea0af480cb2b00","sha512":"c11f0ab139f9428e77131c4fcfa32043e721f01bbd6e818eb8d5d647edc0b5144ac0a5576859cc7e272a98cf97bd2bf20ebcfb589f86eb1f6cb42c3c2469e5a3","ssdeep":"192:NcPS/QLMVfPirce0KCTd3gPTaFO/dramrLh:OMHKC905/drRPh","tlshash":"dff1743652d0601cf42be133f8a29bddbd17901be5530abaa42d7778c8c646b5733e89","first_seen":"2023-11-01T21:44:05Z","last_seen":"2026-03-15T20:50:20.706022Z","times_seen":54,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/favicon.ico","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nvary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nexpires: Fri, 31 Oct 2025 18:42:36 GMT\r\ncache-control: public, max-age=14400, s-maxage=10800\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SvtFOf2WKKHv6Z73NtwNVQcAqwO8pzZ9siuSV%2F2yvFTbKmYEfifGBEEXyvAzzMS1D50HiWE1Mbqyw%2BstPo1p%2FComzYQaCn3pXmKB3D4VUaD0EcDpGCTh15uruhqC6lnP\"}]}\r\ncf-cache-status: HIT\r\netag: W/\"60a75c1f-338\"\r\nx-cache-status: HIT\r\nage: 6783\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-ray: 9975e75aedac568f-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":824,"size_decoded":0,"mime_type":"image/x-icon","magic":"PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 19680 x 19680 px/m, cbSize 824, bits offset 54","md5":"b407e86e0a33574c3079d83fe36e1da6","sha1":"fc0e3d17c0d17865a24f3bbb3afd8a1ed0bbea83","sha256":"fab9c76a90a2be44b10dfc214c044b7105fd02ac545b322ae3f1ac3a4c697ac3","sha512":"ad31f356e489007702798dc83c359b6fce8a41a20ac28e73bf6153e38896211036791b14d3f6826c27c8c2ba359e1cd4367907d068e9788697a657939ed41064","ssdeep":"","tlshash":"5f0172c4d362c021da1e36fec93ae3be9428bc986220818f45127886033a4c809b9c8b","first_seen":"2023-05-04T22:41:35Z","last_seen":"2026-03-29T16:36:52.611739Z","times_seen":1967,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"6.adsco.re/","fqdn":"6.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.42.28","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 6.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 31 Oct 2025 20:29:19 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 45\r\ncf-ray: 9975e762097c56c9-OSL\r\naccess-control-allow-origin: https://thpibay.xyz\r\ncache-control: private, max-age=10\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-max-age: 2592000\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":13,"dns":3,"connect":1,"send":0,"wait":18,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mkgaeneg4na3.l4.adsco.re/","fqdn":"mkgaeneg4na3.l4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"185.200.118.62","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.l4.adsco.re","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Sep 2025 09:14:30 GMT","end":"Sun, 14 Dec 2025 09:14:29 GMT"},"fingerprint":{"sha1":"AA:48:1D:E2:C4:73:88:D6:A0:D5:36:32:2B:EE:2F:67:01:C4:3D:23","sha256":"FC:04:34:8C:BD:15:93:CB:47:29:34:FA:05:BA:8C:F8:AE:96:33:7F:42:F2:72:62:C9:07:CC:D2:57:B3:1D:27"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mkgaeneg4na3.l4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 31 Oct 2025 20:29:19 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nlast-modified: Fri, 02 Jun 2023 14:03:32 GMT\r\netag: \"6479f6b4-0\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":305,"timings":{"blocked":134,"dns":61,"connect":24,"send":0,"wait":29,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/static/img/latest.png","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /static/img/latest.png HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/static/css/main.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: image/png\r\nreferrer-policy: strict-origin-when-cross-origin\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"60a75c70-275d\"\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=da5w%2FAxlf0L6SukXMT%2FrxLheDkMBKPGAO%2F3VbUwwK4qBVbn3pByNqJSPbr0migzB1zxgwUDmOYuojinsoQ0vvs9P%2FkMboBE75j%2F1d8BJU1dPOwaHU4dna%2FoZZuV0mhvIL9A%3D\"}]}\r\ncache-control: public, max-age=14400, s-maxage=10800\r\nalt-svc: h3=\":443\"; ma=86400\r\nexpires: Fri, 31 Oct 2025 20:31:59 GMT\r\nage: 6783\r\nx-cache-status: HIT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9975e75a0da1568f-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10077,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 82 x 144, 8-bit/color RGBA, non-interlaced","md5":"2960d47a7c79ebb04071b87f93c1da2b","sha1":"06e4bacdf0d92b3122e033af852af4eab7ade691","sha256":"ff58378ffb6c4489756b54a55a14080c07f26ee414b1ba3506090609c02c3227","sha512":"346cd8ba8991d4be44e8b45e46a721ba2433ee7d86807089bea0936a703c865ba003b9f7c4e3241d576a63b28d1a75a10860d7f6d302ae26c244a3fecde53de1","ssdeep":"192:KStghsVKJnNXnNJWp407EZjixmpVmwLgInwpWg7PgVTwlsLJSYOlSQVgj0:FtghsVKJN/3i2iUpVQWgLiwyOlSQz","tlshash":"2d22ae22a39824abdf7c543879cfa4d8492f4b0b361e3148216a63f16f910c8ad6b15f","first_seen":"2023-07-01T16:33:14Z","last_seen":"2026-03-15T20:50:20.694008Z","times_seen":71,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/static/css/responsive.css","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /static/css/responsive.css HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: text/css\r\nx-frame-options: SAMEORIGIN\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Sat, 08 Feb 2025 05:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K1eSsqXRZCRwte4w1zFcgajB7SZme8cOR%2BbaWPyhPIabInrQ3zZJz9M20b1K%2F13JLiZkBKzMAZhX6GY35QzCniVxA3JBg8vwt%2FXmdG8fxTdG\"}]}\r\nage: 6783\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: \"67a6e91e-663\"\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-ray: 9975e759ad9b568f-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1635,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"799dfe7d04c166fb6cf0a7c6a337a91f","sha1":"c902f6c72d480341e9669b8f0995a753448b8606","sha256":"de0fd6049728d10a92e2057b20efb8c87f16f0f038a96cc46f81f71d6b338d36","sha512":"02db44b8a7bfb9b62a87ac24b8811609acbcf2846ef7e932b3778589fda0b78663d2df8d48a84c8007ec380bb9997f7cab80ddcbf2a659c27bf7de42ac5ecd32","ssdeep":"","tlshash":"2431ae37a311b28cf336d501b6f67b9d2904253a670b48fe4e049832cb87e1f14b1ac4","first_seen":"2023-05-10T00:00:10Z","last_seen":"2026-03-30T14:28:29.541223Z","times_seen":898,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4.adsco.re/","fqdn":"4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 31 Oct 2025 20:29:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type\r\nAccess-Control-Allow-Origin: https://thpibay.xyz\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: private, max-age=5\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":77,"dns":1,"connect":25,"send":0,"wait":28,"receive":1,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/__blocked/custom_ads.js","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /__blocked/custom_ads.js HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ybq8gC6XVKYcXwT7bTJiWlLlDh0O2eQH2JKGD2pMZRSNvLv0Fjrrc%2BKQc8COZy%2FzfKuNt%2BPy0PStehJQQRWnzUcKCd9ALJFiZA%3D%3D\"}]}\r\ncontent-encoding: br\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-frame-options: SAMEORIGIN\r\nage: 6784\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Fri, 31 Oct 2025 18:36:13 GMT\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9975e759ad9c568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"deba2236774525f10c8d49f36df3fc20","sha1":"ad0f97446e2033a74d1dff7761ea9cf93607a2d1","sha256":"d1c6eee1070cdf17377e67ffe6c6f54564b77201da6750f95388d1af5d0a0991","sha512":"76f9c99f71e1912e181416c32e13135cdb149fc80e723acd5cf3a82aa2a0821c051106bf9e8d72dc761c16ff2e4dce83127041e7e740209041bd42fdc961c7fa","ssdeep":"","tlshash":"057000083ab208c02b3003000e0020802a83a000003283808020800e000e020a0303c2","first_seen":"2025-08-28T07:47:14.103541Z","last_seen":"2026-03-22T17:54:38.525902Z","times_seen":594,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:18.001Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":3,"connect":1,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mkgaeneg4na3.n4.adsco.re/","fqdn":"mkgaeneg4na3.n4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"38.132.109.126","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.n4.adsco.re","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Sep 2025 09:14:20 GMT","end":"Sun, 14 Dec 2025 09:14:19 GMT"},"fingerprint":{"sha1":"E1:1C:75:CB:71:36:CE:62:CC:D3:97:20:A3:3E:A2:FA:DB:E6:BA:53","sha256":"71:DD:71:4E:B6:1B:9E:7A:90:D9:9D:D2:2D:76:D2:D4:30:96:42:27:B9:D5:71:B1:13:B4:4E:91:D6:27:1A:8F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mkgaeneg4na3.n4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 31 Oct 2025 20:29:19 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nlast-modified: Fri, 16 Jun 2023 08:37:42 GMT\r\netag: \"648c1f56-0\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":885,"timings":{"blocked":394,"dns":132,"connect":88,"send":0,"wait":88,"receive":0,"ssl":179},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/static/img/icon-https.gif","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /static/img/icon-https.gif HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/static/css/main.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: image/gif\r\nreferrer-policy: strict-origin-when-cross-origin\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"60a75c6e-215\"\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tL9xY2UAAAsw63vkcXqFNxEtTg0F4F5AnnzGbEDBk6MiwGnqIDF1%2BdOLVUFxUBuwqkfy8HHtTWoAD0az7sP4mRcOtPALNOLxcHG0PYEmFEc4RvE7yRe4erUD5yesLizLfsc%3D\"}]}\r\ncache-control: public, max-age=14400, s-maxage=10800\r\nalt-svc: h3=\":443\"; ma=86400\r\nexpires: Fri, 31 Oct 2025 19:13:47 GMT\r\nage: 6783\r\nx-cache-status: HIT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9975e75a0da0568f-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":533,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 14 x 13","md5":"94647057a3487e7891a1ab8bbcdbae6b","sha1":"510f5ff6e88813df7ba8d9e2fea8f5c65bc8bc07","sha256":"56e8784bfd3a800cef9a9f4c23aea069a2fecd18c7490b8721e419842f154f86","sha512":"7fe87b8e9c9611a7e1d5df825603631b96aa82c8a45d3e50061155ca80298d43bbd8f03966cff682a2b69ced38cddf99c76023241fc5a85e7f78197cdb89feea","ssdeep":"","tlshash":"fcf06ac154e0c0c1c401c43094d516107bd487151d3b04551d8973f531c145e7836d95","first_seen":"2023-05-25T10:13:02Z","last_seen":"2026-03-29T16:36:52.583476Z","times_seen":144,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mkgaeneg4na3.s4.adsco.re/","fqdn":"mkgaeneg4na3.s4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.042Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: mkgaeneg4na3.s4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":210,"connect":262,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adsco.re/p","fqdn":"adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"POST /p HTTP/1.1\r\nHost: adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nContent-Length: 2420\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 31 Oct 2025 20:29:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAS-P-1: OK lon123\r\nAS-P-2: OK\r\nAS-P-3: OK\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: no-transform\r\nAccept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR\r\nAccess-Control-Allow-Origin: https://thpibay.xyz\r\nAccess-Control-Allow-Credentials: true\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1212,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with very long lines (1212), with no line terminators","md5":"90f3d9ccb2fc8428193dbee5ecb37ebf","sha1":"00186d7760872395edf061038c37eba31fc2d413","sha256":"3e1966a1e1d61526275c3d3a21b84843cdc6fa61037e0da20daf343bf686583a","sha512":"65db795bd9a42d3dad9421f719abc0f75cd2744f2136f10e1d913f5f233ad46d981bf74978d2f2884d529b15129f1cf144e210663b21fc16b2cf003362535b42","ssdeep":"","tlshash":"54210a33546d939094a20d3bb93158b915dce3804a93a35d23288fa8010c783ef44a5d","first_seen":"2025-10-31T20:29:44.001305Z","last_seen":"2025-10-31T20:29:44.001305Z","times_seen":1,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":82,"dns":1,"connect":25,"send":0,"wait":91,"receive":1,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/paperlpds.js","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /paperlpds.js HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: application/javascript\r\nreferrer-policy: strict-origin-when-cross-origin\r\npriority: u=3,i=?0\r\nlast-modified: Wed, 27 Aug 2025 19:25:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: \"68af5b9e-3db\"\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 6783\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=15552000\r\nx-content-type-options: nosniff, nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1YPFW5fGsml%2BFru3zjXt2JYOzGX3Q8cUl9bTcNrL4NHJlBfktPMSfDUCCQWoZf5HDVJciw2IP6C0Xiah4DiyVKLaWwYVSiBehe9Q5NC5e0KQ5JonfPM%3D\"}]}\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9975e759ad9d568f-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":987,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (959)","md5":"7db0ef1e70d515f7d1ece0da6db78fc4","sha1":"af148313c1bbfb5b6b06d6b66def9fc8819b5752","sha256":"571f543e6fd4ecdf63308df76369821b5e3985dff099cd11d2bbcf3cff3573b6","sha512":"08fc818f8c8835c86e0bd6334ce59357ecb3cae4e2b295fffb31b37832176a7ef858dd503a1dbbe15558b7f63c5b26b7e0e681a46979cfa5dc7e24fb5cc74c0d","ssdeep":"","tlshash":"7211985c7c0cb62571c2263540bac516509201db9f5469ebb8fed4a81729a831c575cc","first_seen":"2025-08-28T11:49:45.798005Z","last_seen":"2026-01-08T13:12:45.777379Z","times_seen":10,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.premiumvertising.com/YAe/bstage.web.min.js","fqdn":"www.premiumvertising.com","domain":"premiumvertising.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1258267123.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Sep 2025 12:32:55 GMT","end":"Tue, 02 Dec 2025 12:32:54 GMT"},"fingerprint":{"sha1":"DD:01:74:3F:EE:84:F4:F3:6B:97:91:0B:AA:52:ED:E8:70:00:80:53","sha256":"55:53:10:09:09:1A:79:69:14:C8:16:BF:CB:E1:61:1A:F0:6F:4D:3B:8E:42:4D:A4:30:49:C8:4D:16:60:F4:FF"}}},"request":{"raw":"GET /YAe/bstage.web.min.js HTTP/1.1\r\nHost: www.premiumvertising.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: application/x-javascript\r\npopads-node: wb9\r\nexpires: Wed, 05 Nov 2025 15:31:26 GMT\r\naccess-control-allow-origin: https://thpibay.xyz\r\nlink: \u003chttps://premiumvertising.com/\u003e;rel=preconnect\r\ncache-control: public, max-age=604800\r\nx-77-nzt: EwgBX63NDQFBDAG5TAoBAfd+fwIADAElE8IxAbdRaQAA\r\nx-77-nzt-ray: 2a494a152366ad00421c056938563032\r\nx-77-cache: HIT\r\nx-77-age: 163710\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":41949,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (1568)","md5":"d926fdf129ea0e44dcc1b4abc2ec70fd","sha1":"da6fe0a14ab9604e5a535ca00343f157b5178a25","sha256":"6e3f53e1ca7bdfcb1789070ac0c4ed268e2cfbd4ea14329e824221cfe375ee95","sha512":"73a92475d9c7b3c3507266ff76ce2f991af190f535ddcf99d8e8718e6a867e57226670fce920fa4902def15eddc3a760da623ed9d4ca8e0be649ada2361875d2","ssdeep":"768:bt9rqAYKKeZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCIYCntlqofr:bbdZzFQ9JsTgZvfzmMzhYrTscpFZR","tlshash":"a9132aaab286282601e741b9503eb317b23305167912d458fcb9cdf96e3dd86127b7fc","first_seen":"2025-10-31T20:29:44.002935Z","last_seen":"2025-11-04T09:45:30.80099Z","times_seen":2,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":95,"dns":78,"connect":1,"send":0,"wait":26,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"www.premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/cdn-cgi/challenge-platform/h/b/jsd/r/0.6409171975023523:1761938207:CUxC9sxny_s-I9AA98EiR_pav6bexTtak4TRVjKHurM/9975e757ec9b7127","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.6409171975023523:1761938207:CUxC9sxny_s-I9AA98EiR_pav6bexTtak4TRVjKHurM/9975e757ec9b7127 HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12074\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://thpibay.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-length: 0\r\nset-cookie: cf_clearance=mfQkKhMTzhz2KbXno7KnVp93XIbBgIceiFzh2o5RP5w-1761942557-1.2.1.1-2QS3.9l8zG4JQKXvQgoV6tkQLibRxtoS2bJwmVne0W714ULEPSoL9kH0.8QkiRE3XnRPBkzHX5qNNexN7Hr4cRCtuOC5seJh_im4C3Z..W_KVhClmxouGIggI..FdwMvsQeffC8KWyrkCzQnnGlb7Gd_Dsi1MceToRYjN8rLPTy.emMBkNjOEaqcUdlt_gYWxUzyc6iloYWDuudM_lVoX13dqCvuG.2JuupFfh9ACr4; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=thpibay.xyz; Expires=Sat, 31 Oct 2026 20:29:17 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-ray: 9975e75b6dad568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4.adsco.re:2087/","fqdn":"4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":2087,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 4.adsco.re:2087\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 31 Oct 2025 20:29:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type\r\nAccess-Control-Allow-Origin: https://thpibay.xyz\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: private, max-age=5\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":79,"dns":1,"connect":28,"send":0,"wait":28,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6.adsco.re:2087/","fqdn":"6.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.42.28","port":2087,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 6.adsco.re:2087\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nOrigin: https://thpibay.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 31 Oct 2025 20:29:19 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 45\r\ncf-ray: 9975e76208e876ef-OSL\r\naccess-control-allow-origin: https://thpibay.xyz\r\ncache-control: private, max-age=10\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-max-age: 2592000\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":2087\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":12,"dns":3,"connect":4,"send":0,"wait":13,"receive":1,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-31T20:29:17.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l%2FHPSOMgly0KwrDLhvJzmUbez2u3SzMS8HhqlJHPs%2FYy0HXZ6evpfjskZU8bgYDK1Ua9C5cpg1bE7uluO8jiUoX3Bqz3ZfSeWDi68v4XAaQVdvOlZOU3G5TB2a6AMo7N\"}]}\r\ncf-cache-status: DYNAMIC\r\nalt-svc: h3=\":443\"; ma=86400\r\nexpires: Fri, 31 Oct 2025 23:29:17 GMT\r\ncache-control: max-age=10800, public, max-age=10800, s-maxage=10800\r\nx-cache-status: HIT\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\ncf-ray: 9975e757ec9b7127-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16810,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1032), with CRLF, LF line terminators","md5":"98e41289b322f1dbe74055d102f3ea15","sha1":"88b52224d8aace07912a8e4be55fbc0b08f39d50","sha256":"0b66fd59004f3e45e188c40d71920db5e8cd18249d9bc9e97a92c9ded8642e8d","sha512":"bd95583b8d5ed99e7e57d6c055d1c453df474ce04209a94bfb2833a8819f66fe8c32f095994ce09f3446ba133f3a59c9b68acb83724016ec967917d9f7de568f","ssdeep":"384:7J9HuhC/gx7fsHvtSRjH5qRLcZe0mDJXRJZLAVrkus/Unx//:7J9HuUuFG1RJZqous/Kx//","tlshash":"ec7222e725428d19167289afb893fbb8e463620f47ca7d16b24c1d3b1b72774802746f","first_seen":"2025-10-31T20:29:44.003867Z","last_seen":"2025-10-31T20:29:44.003867Z","times_seen":1,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":62,"dns":37,"connect":1,"send":0,"wait":117,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/static/img/tpb.jpg","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /static/img/tpb.jpg HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/static/css/main.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-type: image/jpeg\r\nreferrer-policy: strict-origin-when-cross-origin\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"60a75c75-4ae8\"\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EPrHimCSE5RQghsc11hIOBrcYNGlnAUAjKdUUB%2FgDFc62%2BdOXki1ygVJYs5PLllPX02gVAKrwROekWMarOFVvN8XBJoyxyYcDMP%2BGDd0hwVugZCN0ak%3D\"}]}\r\ncache-control: public, max-age=14400, s-maxage=10800\r\nalt-svc: h3=\":443\"; ma=86400\r\nexpires: Fri, 31 Oct 2025 21:34:03 GMT\r\nage: 6783\r\nx-cache-status: HIT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9975e759fd9f568f-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19176,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 275x295, components 3","md5":"6b945b5f5e2b8fc40ba470740ec483f6","sha1":"6449d5cb355eeaa9c50e9a888995ed0f5bbd3f81","sha256":"acecaff92aec4aaf0f1fecb2efaad6cdc3cc91e9d695792ac9d2ee9addefc322","sha512":"1fb114b94d11ea2743edbcfc32d7e26c32021da8e4ef52b7c76a73c1d13068e5c45f5689d6bae737f1d7a2d81174ceff155c7a80b9cb51516cc59c9239135004","ssdeep":"384:J6GPyXcSOquwz0NcJ+NBePYJunaTo/izAqIJ1:3PyXLOxRtBQIoKoP","tlshash":"c182d03db7244bd7e6d61f72d0f2ea42185a1f9890cf1e1c1efa79382e5d5c05421aca","first_seen":"2023-05-25T10:13:02Z","last_seen":"2026-03-29T16:36:52.604723Z","times_seen":220,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/e8e65e95f26d/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\npriority: u=3,i=?0\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-length: 0\r\nserver: cloudflare\r\ncf-ray: 9975e75a2da6568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9981,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thpibay.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/e8e65e95f26d/main.js?","fqdn":"thpibay.xyz","domain":"thpibay.xyz","tld":"xyz"},"ip":{"addr":"104.21.89.167","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:17.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thpibay.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 16:37:23 GMT","end":"Fri, 23 Jan 2026 17:36:01 GMT"},"fingerprint":{"sha1":"39:69:65:46:52:F7:72:74:A8:88:72:F4:90:89:0C:E1:A7:71:97:11","sha256":"57:8E:3B:0A:94:F7:C2:15:3A:5B:EE:37:EF:75:82:FD:D4:53:4C:DD:00:05:8A:B1:C2:AA:67:14:52:B9:D0:3F"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/e8e65e95f26d/main.js? HTTP/1.1\r\nHost: thpibay.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\npriority: u=3,i=?0\r\ndate: Fri, 31 Oct 2025 20:29:17 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9975e75a3da9568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9981,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9981), with no line terminators","md5":"3e362dfc00ec0a626a2af15b0f2bc41e","sha1":"85a0426a6dc937c487a83e88c5af55bd2b8890a7","sha256":"95b4eb886599e2740bab5bd22c9ff1cb9011c73ad31ff4aabdf017af7a64a5c0","sha512":"8674f44d22cdacd63e7849ab4a60f1802e25d6e553f9ac72f8bc726345b077d8c15cfbc56e4bf3522ee2707978fb0d329c7308f423a1ae293652b9b859c74264","ssdeep":"192:HMv6c23RU9ZS9zdolsoNpnGJACQUrP7nbzZStwMEGD8p6cHzWV1:HMv6c23RUTq7nHZmwMjwFzO1","tlshash":"5822d6ca7a8cf168823705f2109b76efa88d6e6d3c845d178314d9a4797c33871a9f86","first_seen":"2025-10-31T19:30:00.499083Z","last_seen":"2025-10-31T20:30:37.375664Z","times_seen":5,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"thpibay.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/#0.15978361942702246","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.42.28","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://thpibay.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 31 Oct 2025 20:29:19 GMT\r\ncontent-type: text/html\r\ncf-ray: 9975e7621ed30daa-OSL\r\ncache-control: public, max-age=2678400\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR\r\npermissions-policy: ch-ua=(self \"https://adsco.re\"),ch-ua-mobile=(self \"https://adsco.re\"),ch-ua-full-version=(self \"https://adsco.re\"),ch-ua-platform=(self \"https://adsco.re\"),ch-ua-platform-version=(self \"https://adsco.re\"),ch-ua-arch=(self \"https://adsco.re\"),ch-ua-model=(self \"https://adsco.re\"),ch-device-memory=(self \"https://adsco.re\"),ch-downlink=(self \"https://adsco.re\"),ch-ect=(self \"https://adsco.re\"),ch-rtt=(self \"https://adsco.re\"),ch-width=(self \"https://adsco.re\"),ch-viewport-width=(self \"https://adsco.re\"),ch-dpr=(self \"https://adsco.re\")\r\nlink: \u003c//adsco.re/\u003e;crossorigin;rel=preconnect,\u003chttps://6.adsco.re/\u003e;rel=prefetch;crossorigin;as=fetch,\u003chttps://4.adsco.re/\u003e;rel=prefetch;crossorigin;as=fetch,\u003chttps://6.adsco.re:2087/\u003e;rel=prefetch;crossorigin;as=fetch,\u003chttps://4.adsco.re:2087/\u003e;rel=prefetch;crossorigin;as=fetch,\u003chttps://0.l.adsco.re/\u003e;rel=preconnect,\u003chttps://0.s.adsco.re/\u003e;rel=preconnect,\u003chttps://0.n.adsco.re/\u003e;rel=preconnect\r\nexpires: Mon, 01 Dec 2025 20:29:19 GMT\r\netag: W/\"Xg4aW2VCL5PajEF5ZQmbtg==\"\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\nage: 9421\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":80535,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (713)","md5":"5e0e1a5b65422f93da8c417965099bb6","sha1":"ea461600315a4012713d8f1263cbf4199374177a","sha256":"cdbcb2f9b25c5d39b551339cb2df19b21ca52038d830e80d1e47fd7c7bcd47df","sha512":"935be0d4ccaa2d6f8a213a2fafb0af5f453d010687ab8d0c949631c2b52bc5db13f05ceb8d8beee5182fa43bb9da0c74d8a23d266ce66b0d16b8dff975065891","ssdeep":"1536:poQ3m4bHIeEkWvd99lw3mKyC1LA255oCFF:GeQvJW9355F","tlshash":"77732aa471a2702943b229d9567f9315b1ba4a902c0680f0d37dc9a43c74edf937fb9e","first_seen":"2025-10-31T02:35:51.613687Z","last_seen":"2025-11-04T21:48:35.861222Z","times_seen":185,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"premiumvertising.com/fvvsrhoqgsoabxprfxp?OPTgYsIc=BQOCAAAAAAAACZUAAuQEG9tLFyB1svWycAVoqIPnYpnHFDN2vnRaIqd_8BlEUqWzZYKPMT27gpdlYK6IHkJd4-JBtvGj1nMI2vGWSkt1Ky2sNR0dVSU5dtaJh3ZD7M4NSQYE3aCCBD1TqDgG_Qiq0ir1by4pruUFMPcEK10OLO2yB-UXVBEG39XpLypcMjyHw3-efbTgAflS0D6vUUBKT3Qv9ryOp9b43CzSJVDfMaigYVMbLiq6v_YFzD_eizFYp9TS03C4oGdIgf7a0x3lrNA27hI5Uu0x4oYztCTOuB4utr-i7KZUH-LEp3xX3-yhVfdHSzgW8diVhTomJIWLDEDvc6Wcn8x2u8rpNtf4UsxeVRwVsQxlVBbt-31bZUSw_D4POkYXvpEOqqzfhBRJSTC5ZGP8omWBWgx7sQQSCJan6cF_otcgzI33Q3gwGzntllCohQU47JkknXLaBprrnn87XkE-LQWC5FCfk49M4IK2Z7w0IeZLEBs7sZnby8IWkw9b1pKLVA77N8hJE60U1B-7a4zw5-DZCgV7aR-jt9SrJVMJjfUdjHQ46obI64GEePW6GOaGFOT-CGSszMau9TH0fAcrI7u_tlFpBGxUn5fMjcjpoX3Ar6ev37ChlJ4C2WG_09zR-g-oD2ACKo2z44IT8p2XE7XYhzsRbdMeqZ5aNVU1sWiAA0yTzfvaj033XKPUHQA5CipypCg59kIVKE8-IyBUhfKkuFOmwPqdxIG9EChMFaZgVL2h3nkVhBEyvXp7MOjHPSS-WcKVndUUudzbJZKzm7fe1qXUW2_FGrktCj9V5_F2ng6CqCv6xPAaafOoZLWNMyfpqGx-GJaIDs8FEe85GTi-VCc8WvbscpIpajL23HmWNOf6NksKkLIIPfKLK22c1Hg1CTSFsHh8RCmxSnH3t0uzlz9TN43Sk490pwtoMPhFg1GR_nFyaLhTEOSKOG99XWd1xp83rbRM3lZl9sut93KgLrI5LJfoIaXrbM3hVo4SmcNzjuE0t-xJ7TyR4z_O8Lcon98uO_VscZZycARq6BBt-BFBmJWEJJzjkgSqK9FdXQuuZ2F79HyXQDtmU2KAeoWrGdKhiJGnHSemySrHY2-R4PkaLt0CsTk77uHzSMlR_UyxuWT1wISulju--kheQZVPbKoHYBvqbQuYihxHfg91R3eV-mt57DRTahxlzUDznziQENoJ\u0026MLEkXuDe=4\u0026jJEGoUaX=5232866\u0026eboQdnaN=\u0026nymoGMiF=0,0\u0026xLFAUHZQ=\u0026ZEdtCLGf=\u0026aSjOsWNy=1280,1024,1,1280,1024,0","fqdn":"premiumvertising.com","domain":"premiumvertising.com","tld":"com"},"ip":{"addr":"162.252.214.11","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://thpibay.xyz/","date":"2025-10-31T20:29:19.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"premiumvertising.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 04 Apr 2025 00:00:00 GMT","end":"Tue, 05 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"14:EB:C5:DD:7B:A9:BB:94:56:6F:8B:B5:46:83:F5:88:15:55:89:93","sha256":"DF:35:9E:6A:F2:AF:40:EC:34:91:5B:C8:79:AB:A5:7A:5E:6D:99:A4:C4:09:0B:87:0B:FE:86:AD:EC:EF:89:93"}}},"request":{"raw":"GET /fvvsrhoqgsoabxprfxp?OPTgYsIc=BQOCAAAAAAAACZUAAuQEG9tLFyB1svWycAVoqIPnYpnHFDN2vnRaIqd_8BlEUqWzZYKPMT27gpdlYK6IHkJd4-JBtvGj1nMI2vGWSkt1Ky2sNR0dVSU5dtaJh3ZD7M4NSQYE3aCCBD1TqDgG_Qiq0ir1by4pruUFMPcEK10OLO2yB-UXVBEG39XpLypcMjyHw3-efbTgAflS0D6vUUBKT3Qv9ryOp9b43CzSJVDfMaigYVMbLiq6v_YFzD_eizFYp9TS03C4oGdIgf7a0x3lrNA27hI5Uu0x4oYztCTOuB4utr-i7KZUH-LEp3xX3-yhVfdHSzgW8diVhTomJIWLDEDvc6Wcn8x2u8rpNtf4UsxeVRwVsQxlVBbt-31bZUSw_D4POkYXvpEOqqzfhBRJSTC5ZGP8omWBWgx7sQQSCJan6cF_otcgzI33Q3gwGzntllCohQU47JkknXLaBprrnn87XkE-LQWC5FCfk49M4IK2Z7w0IeZLEBs7sZnby8IWkw9b1pKLVA77N8hJE60U1B-7a4zw5-DZCgV7aR-jt9SrJVMJjfUdjHQ46obI64GEePW6GOaGFOT-CGSszMau9TH0fAcrI7u_tlFpBGxUn5fMjcjpoX3Ar6ev37ChlJ4C2WG_09zR-g-oD2ACKo2z44IT8p2XE7XYhzsRbdMeqZ5aNVU1sWiAA0yTzfvaj033XKPUHQA5CipypCg59kIVKE8-IyBUhfKkuFOmwPqdxIG9EChMFaZgVL2h3nkVhBEyvXp7MOjHPSS-WcKVndUUudzbJZKzm7fe1qXUW2_FGrktCj9V5_F2ng6CqCv6xPAaafOoZLWNMyfpqGx-GJaIDs8FEe85GTi-VCc8WvbscpIpajL23HmWNOf6NksKkLIIPfKLK22c1Hg1CTSFsHh8RCmxSnH3t0uzlz9TN43Sk490pwtoMPhFg1GR_nFyaLhTEOSKOG99XWd1xp83rbRM3lZl9sut93KgLrI5LJfoIaXrbM3hVo4SmcNzjuE0t-xJ7TyR4z_O8Lcon98uO_VscZZycARq6BBt-BFBmJWEJJzjkgSqK9FdXQuuZ2F79HyXQDtmU2KAeoWrGdKhiJGnHSemySrHY2-R4PkaLt0CsTk77uHzSMlR_UyxuWT1wISulju--kheQZVPbKoHYBvqbQuYihxHfg91R3eV-mt57DRTahxlzUDznziQENoJ\u0026MLEkXuDe=4\u0026jJEGoUaX=5232866\u0026eboQdnaN=\u0026nymoGMiF=0,0\u0026xLFAUHZQ=\u0026ZEdtCLGf=\u0026aSjOsWNy=1280,1024,1,1280,1024,0 HTTP/1.1\r\nHost: premiumvertising.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://thpibay.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\npopads-node: wb11\r\naccess-control-allow-origin: *\r\nasf: 9\r\npopads-ec: ASB\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-length: 44\r\ndate: Fri, 31 Oct 2025 20:29:20 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":44,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"d5f0a25e4d3522d56d48ce7bc3e518fb","sha1":"86794caff58f7fee6e684c2ba7195f970a8d6f4c","sha256":"9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5","sha512":"a3a81801f516a4eb11f00d6f56dab0ed4b8a79219e6b4f5436993479f09dae08f14cffbab3327ff66fb39201d8eba1153ae7114f7705a01cc6f0edf840ef1616","ssdeep":"","tlshash":"789002801814116115d1500b8d5159d01259b1a4540801324446ca502dc7883a415774","first_seen":"2023-03-07T01:17:45Z","last_seen":"2026-04-03T22:29:59.430952Z","times_seen":22733,"resource_available":true,"data":null}},"time_used":380,"timings":{"blocked":132,"dns":35,"connect":25,"send":0,"wait":115,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}