{"report_id":"bb8b91b1-f83e-4531-87ad-f5df52806c11","version":6,"status":"done","tags":[],"date":"2025-10-12T15:55:34Z","url":{"schema":"http","addr":"public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"89.222.119.81","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"title":"Bet Details"},"submit":{"url":{"schema":"http","addr":"public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"89.222.119.81","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-16T15:55:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T15:55:13Z","timestamp":1760284513,"ip_dst":{"addr":"172.18.0.9","port":54618,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"170.33.96.189","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-10-12T15:55:13.215894+0000\",\"flow_id\":249974870870113,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"170.33.96.189\",\"src_port\":443,\"dest_ip\":\"172.18.0.9\",\"dest_port\":54618,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=8lyyu1vb4.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"2A:9E:4A:72:70:8C:03:53:95:B9:74:4A:C3:56:D6:40\",\"fingerprint\":\"71:67:06:2b:eb:eb:46:52:1d:dd:95:ec:c5:86:63:ea:47:6c:72:c3\",\"sni\":\"public-api.8lyyu1vb4.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-09-15T00:00:00\",\"notafter\":\"2025-12-14T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1062,\"bytes_toclient\":6592,\"start\":\"2025-10-12T15:55:13.165985+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public-api.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"public.8lyyu1vb4.com","ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"domain_registered":"2025-09-15","domain_rank":0,"first_seen":"2025-10-12T15:55:35.497313Z","last_seen":"2025-10-12T15:55:35.497313Z","alert_count":13,"request_count":13,"received_data":1165026,"sent_data":8902,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"dc.js","description":"A multi-dimensional charting library built to work natively with crossfilter and rendered using d3.js","website":"https://dc-js.github.io/dc.js/","common_platform_enumeration":"","icon":"dc.js.png","categories":["JavaScript graphics","JavaScript libraries"]}]},{"fqdn":"public-api.8lyyu1vb4.com","ip":{"addr":"170.33.96.189","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2025-09-15","domain_rank":0,"first_seen":"2025-10-12T15:55:35.49431Z","last_seen":"2025-10-12T15:55:35.49431Z","alert_count":1,"request_count":1,"received_data":1524,"sent_data":637,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T15:55:13Z","timestamp":1760284513,"ip_dst":{"addr":"172.18.0.9","port":54618,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"170.33.96.189","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-10-12T15:55:13.215894+0000\",\"flow_id\":249974870870113,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"170.33.96.189\",\"src_port\":443,\"dest_ip\":\"172.18.0.9\",\"dest_port\":54618,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=8lyyu1vb4.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"2A:9E:4A:72:70:8C:03:53:95:B9:74:4A:C3:56:D6:40\",\"fingerprint\":\"71:67:06:2b:eb:eb:46:52:1d:dd:95:ec:c5:86:63:ea:47:6c:72:c3\",\"sni\":\"public-api.8lyyu1vb4.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-09-15T00:00:00\",\"notafter\":\"2025-12-14T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1062,\"bytes_toclient\":6592,\"start\":\"2025-10-12T15:55:13.165985+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/manifest.1c04a309dc7ab730981b.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4261d0c50be41ed74bf48abe2ff27430","sha1":"52eb96d0c236f4fa7798f183054f4cb4623a46cb","sha256":"b8f1a9ae48e9b8852f28a2ba680665106dfb3bdfe746b80856bb603b2a3d20f9","sha512":"fc49b0a65b1cf5fb8f96ab65ad658c184cb876feab70684383248bc8add73364b8e13769c35d6f00bf7605521ca5a79b7170ac66b734767da05506e2d1a4fea8","ssdeep":"","tlshash":"3401ced736e1fcc30362687c093f6089f2796914562eb886c749a16a3d7149680adfd6","size":800,"data":"","first_seen":"2025-10-09T17:41:26.81243Z","last_seen":"2025-11-09T03:26:57.398213Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"fcaea4b8885ca5c1fb3ddd5c490da5c6","sha1":"35745f87b37210d992a9ed534a593ae500b7adaa","sha256":"934c2008743c36db746a9d6ebd9f1b84ff11477edc55fbf7b599bbfa687f7272","sha512":"65e3bda5b8bd909b2fed0a25e3d6d3d7d2984601de4a906783c783097fcd8902ea1c2fa05d33619126415bc5000a72e8459eb81c971a85e2ddb374f9fd9231aa","ssdeep":"","tlshash":"889002c520d965518ad321a061261a46615a04f914a48c5091589c56287303092695bc","size":54,"data":"","first_seen":"2023-04-12T08:25:39Z","last_seen":"2026-06-01T18:08:52.075122Z","times_seen":22487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/redirect/redirect.084fcc4cbe4f1969c2a5.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"74582bb127cf9b74b86318291514119a","sha1":"e0ea503340a5637f1541467532ec2efc8c896ff3","sha256":"affbae8f6f3e063a3e94d9093efd211ca9a695bca9501d83ee54e7c8e5fdf384","sha512":"96592c62ef47042ce3c960d2f92aad8496ea89fa8f82c6855722db3b931ec28d243f672a94a5f7772c1a1574b5b7dd97c8dca3ca1d018a9866473e79854f4925","ssdeep":"768:9Dr/LRCfaTFjba/PT/u0GtEPTBgFOO5lOO5W:9/WaTh4zGiPTiFlW","tlshash":"ff13d78ebddaa98e092372f56d4fb49870ee4d2e140f8214fa40d85536ed86c173bb74","size":43628,"data":"","first_seen":"2025-10-09T17:41:26.815118Z","last_seen":"2025-11-09T03:26:57.403676Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/vendor.cfd2b4e5e063699b4bdc.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2973d39bf0484e4a22d1dd85d8c5abd9","sha1":"6a47c94d7d2251ce0a851495cc83e100e0e00f02","sha256":"f38f9044e5a5e7de18aaa3cb52b4dd3bbf8d1ba2c1793236995706b2eac10d8b","sha512":"4aa54e3a958b278bed53e10f62a58dffbbbfb75e3b1ef8761eeee3d4ca63c878d5be369d7ede2c87d5ea023fa119d031671d38c70e1ab73cc0537f42caaa0ca7","ssdeep":"3072:VWs/eqXUqE6Ybjy0f5tz0bg9Qfw+pxU0Mhb8I/28TeihXfx3MN5HaY5xdjie:VWe3E6M5tz0k+f9u/28Ci8/aYH9ie","tlshash":"0754f78db29170b113eb20b5417f560ff23b6815b84e85d0f222e8e96d7898e9127f7d","size":297520,"data":"","first_seen":"2025-10-09T17:41:26.813729Z","last_seen":"2025-11-09T03:26:57.399403Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/manifest.1c04a309dc7ab730981b.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4261d0c50be41ed74bf48abe2ff27430","sha1":"52eb96d0c236f4fa7798f183054f4cb4623a46cb","sha256":"b8f1a9ae48e9b8852f28a2ba680665106dfb3bdfe746b80856bb603b2a3d20f9","sha512":"fc49b0a65b1cf5fb8f96ab65ad658c184cb876feab70684383248bc8add73364b8e13769c35d6f00bf7605521ca5a79b7170ac66b734767da05506e2d1a4fea8","ssdeep":"","tlshash":"3401ced736e1fcc30362687c093f6089f2796914562eb886c749a16a3d7149680adfd6","size":800,"data":"","first_seen":"2025-10-09T17:41:26.81243Z","last_seen":"2025-11-09T03:26:57.398213Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/vendor.cfd2b4e5e063699b4bdc.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2973d39bf0484e4a22d1dd85d8c5abd9","sha1":"6a47c94d7d2251ce0a851495cc83e100e0e00f02","sha256":"f38f9044e5a5e7de18aaa3cb52b4dd3bbf8d1ba2c1793236995706b2eac10d8b","sha512":"4aa54e3a958b278bed53e10f62a58dffbbbfb75e3b1ef8761eeee3d4ca63c878d5be369d7ede2c87d5ea023fa119d031671d38c70e1ab73cc0537f42caaa0ca7","ssdeep":"3072:VWs/eqXUqE6Ybjy0f5tz0bg9Qfw+pxU0Mhb8I/28TeihXfx3MN5HaY5xdjie:VWe3E6M5tz0k+f9u/28Ci8/aYH9ie","tlshash":"0754f78db29170b113eb20b5417f560ff23b6815b84e85d0f222e8e96d7898e9127f7d","size":297520,"data":"","first_seen":"2025-10-09T17:41:26.813729Z","last_seen":"2025-11-09T03:26:57.399403Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"fcaea4b8885ca5c1fb3ddd5c490da5c6","sha1":"35745f87b37210d992a9ed534a593ae500b7adaa","sha256":"934c2008743c36db746a9d6ebd9f1b84ff11477edc55fbf7b599bbfa687f7272","sha512":"65e3bda5b8bd909b2fed0a25e3d6d3d7d2984601de4a906783c783097fcd8902ea1c2fa05d33619126415bc5000a72e8459eb81c971a85e2ddb374f9fd9231aa","ssdeep":"","tlshash":"889002c520d965518ad321a061261a46615a04f914a48c5091589c56287303092695bc","size":54,"data":"","first_seen":"2023-04-12T08:25:39Z","last_seen":"2026-06-01T18:08:52.075122Z","times_seen":22487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/135/135.c249b5eb61766a8d350b.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"03cfa5ffac7c15ab7babac41c27b0d1d","sha1":"4295ada023de0bbf9e0a1fb9225d5e97fef4555c","sha256":"92e105f4fec612f9a1aba455b4900d84c007b41e3a56a94a34d80aa6bcdcd508","sha512":"70a8caede642e15c9f277a5166a3436c5e83b36d3dead0972f250a1f4685f1c36baf2a4c0c8f1dc57662583da9981b5d9e9afc1b6ee9f15505b4e07bb46af76d","ssdeep":"3072:lnE+Uct5ImGBCx9GnIkIoMS5P0Vh6Tmmj:Jpt5ImGBa9GRKthemmj","tlshash":"7164f70e55f9b16852a725e2e02e9951b4640e48ef0507e4f9ece86027f8d6e273f73c","size":324435,"data":"","first_seen":"2025-10-12T15:55:38.239175Z","last_seen":"2025-10-25T12:57:36.120953Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T15:55:16.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 890\r\naccept-ranges: bytes\r\nage: 195024\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: public, max-age=600, s-maxage=604800\r\netag: \"68e8d46c-37a\"\r\nlast-modified: Fri, 10 Oct 2025 09:39:56 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 6849d4e25b9da19a0e4baccf3436e136\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:16 GMT\r\nvia: cache06.oversea-US-ORD2\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"dc.js","description":"A multi-dimensional charting library built to work natively with crossfilter and rendered using d3.js","website":"https://dc-js.github.io/dc.js/","common_platform_enumeration":"","icon":"dc.js.png","categories":["JavaScript graphics","JavaScript libraries"]}],"data":{"size":890,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (343)","md5":"2e4c2409ff5f6ede2f0b59db18ff04b0","sha1":"fbc94da9b2af3951c2c519f5434ba73a5180a7de","sha256":"be00436c178e3688c7db5c05bb5eece88edb1ff565e68e27a3b632413dcefbe5","sha512":"067680d4481b0db68e1c474107cb5964837536def2e25f5f7d533c6e0ab418ce8d2df4f4e1063b54b38877b302a6587c850cab023cd5e297018e381b4ed6c4a9","ssdeep":"","tlshash":"1311124a4c65c454857080c6d8e1f626c08df93ee725cc4055c8a0ed7ac0bcc48ef68a","first_seen":"2025-10-12T15:55:38.236274Z","last_seen":"2025-10-25T12:57:36.129278Z","times_seen":2,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/135/135.c249b5eb61766a8d350b.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","date":"2025-10-12T15:55:16.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/135/135.c249b5eb61766a8d350b.js?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 104275\r\nage: 47322\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e8d46b-4f353\"\r\nexpires: Mon, 12 Oct 2026 02:46:35 GMT\r\nlast-modified: Fri, 10 Oct 2025 09:39:55 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: f6a57e597fa6bcbf0e5ffb805cf6209e\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:16 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":324435,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"03cfa5ffac7c15ab7babac41c27b0d1d","sha1":"4295ada023de0bbf9e0a1fb9225d5e97fef4555c","sha256":"92e105f4fec612f9a1aba455b4900d84c007b41e3a56a94a34d80aa6bcdcd508","sha512":"70a8caede642e15c9f277a5166a3436c5e83b36d3dead0972f250a1f4685f1c36baf2a4c0c8f1dc57662583da9981b5d9e9afc1b6ee9f15505b4e07bb46af76d","ssdeep":"3072:lnE+Uct5ImGBCx9GnIkIoMS5P0Vh6Tmmj:Jpt5ImGBa9GRKthemmj","tlshash":"7164f70e55f9b16852a725e2e02e9951b4640e48ef0507e4f9ece86027f8d6e273f73c","first_seen":"2025-10-12T15:55:38.239175Z","last_seen":"2025-10-25T12:57:36.120953Z","times_seen":2,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":104,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/135/135.d93827e03db528ec4f87ea7318700294.css?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","date":"2025-10-12T15:55:16.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/135/135.d93827e03db528ec4f87ea7318700294.css?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: text/css\r\ncontent-length: 12603\r\nage: 17\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e8d46b-f8c9\"\r\nexpires: Mon, 12 Oct 2026 15:55:01 GMT\r\nlast-modified: Fri, 10 Oct 2025 09:39:55 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 65006712711bb381e680b72c0bf625c7\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:16 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (63689), with no line terminators","md5":"bb2cd3f17365c8493ad7edc1eace1783","sha1":"3e6af29f2fb5bb55e7cc9043769deadd1b0e7f38","sha256":"7f544aead9861061ebc1887fdbb3bfb775614865acb945df4fefbcc848b95c18","sha512":"cc36299e75b8e1792666823327417f4fdebac7091f1565af5cc31e628ec2b5a12f5c1d7bcc5e65b16c1c186b73aa1b29a1abd245bcb1f07b1a8ba6ff5a9fa34f","ssdeep":"768:L+gPIiEfisk2dZuvKYwdgN/g2e0It2dkVzJ:R2KFe0It2dkVzJ","tlshash":"ec53b6334118221ce02bfe35d7f455aa6224e133f87606ecb692bb19c7d7bc4757628a","first_seen":"2025-10-12T15:55:38.244114Z","last_seen":"2025-10-25T12:57:36.117694Z","times_seen":2,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/favicon.ico","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","date":"2025-10-12T15:55:17.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/favicon.ico HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: image/x-icon\r\ncontent-length: 74\r\nage: 161964\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e8d46a-57e\"\r\nexpires: Sat, 10 Oct 2026 18:55:53 GMT\r\nlast-modified: Fri, 10 Oct 2025 09:39:54 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 5e59d4733d54a13d3041706e751d89c2\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:17 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-06-01T19:13:01.80354Z","times_seen":21051,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/redirect/redirect.12264bdb824b65500dc08e6235efcbef.css?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","date":"2025-10-12T15:55:12.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/redirect/redirect.12264bdb824b65500dc08e6235efcbef.css?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: text/css\r\ncontent-length: 1257\r\nage: 194593\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e8d46b-c6d\"\r\nexpires: Sat, 10 Oct 2026 09:51:59 GMT\r\nlast-modified: Fri, 10 Oct 2025 09:39:55 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 72e109e2cd93c5d4b16e2bed0a4852a6\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:12 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3181,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3181), with no line terminators","md5":"12264bdb824b65500dc08e6235efcbef","sha1":"fc271c6d7e870e0e57578aff77675add6e38ec4b","sha256":"3527bc20d87ca0c50fdfa58af439fdfe3c3f3d4dfc9cbed69ba9ec4199a259bf","sha512":"d5735062232bb9adf6fc8a8fc2d898a05f04179ceec3559b6a09aea1b30d04a2b3afab14edbdc9edfa3c6d8720de94e24557ace2fbfac91eb05f1cb5ecb80293","ssdeep":"","tlshash":"2d61b921412621aca11befb4b3e48568b138e033d47a12edf5537927c3d768564733c5","first_seen":"2025-09-14T11:34:10.182605Z","last_seen":"2025-11-09T03:26:57.40559Z","times_seen":19,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public-api.8lyyu1vb4.com/web-api/operator-proxy/v1/History/GetBetHistory?t=C86C078B-CD18-4815-94E1-B73597A80325","fqdn":"public-api.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"170.33.96.189","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","date":"2025-10-12T15:55:12.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"POST /web-api/operator-proxy/v1/History/GetBetHistory?t=C86C078B-CD18-4815-94E1-B73597A80325 HTTP/1.1\r\nHost: public-api.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 23\r\nOrigin: https://public.8lyyu1vb4.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 15:55:16 GMT\r\ncontent-type: application/json; charset=utf-8\r\nset-cookie: aliyungf_tc=84f687c6cace16c7fb9b08688a05ddcc310e5324fe979e073f9bb2fa9d852686; Path=/; HttpOnly\r\nserver: istio-envoy\r\naccess-control-allow-origin: https://public.8lyyu1vb4.com\r\ncache-control: no-cache, no-store, must-revalidate\r\nx-envoy-upstream-service-time: 2841\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":1039,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"021b6ae7bebcaf970fd151ee01df0f93","sha1":"7faf4e199a9fc1e98c2972efb06b4412e127a304","sha256":"777fee5424c9e994cd2b2cbedad5d17609adfa03ac2815fbfa946faa76cf522b","sha512":"8923a0b9c0b13e2907e8986c32a8753f7dea1a085b2d8d463053d6af9c0efaffbb4cfe430fba7a95a559e4996d257c45a87ff8cff5d59d89d982a850f211c2b5","ssdeep":"","tlshash":"0c1178f30bc80ad5220d12e1a98fba8b09ddd11f6eb05c70c6b98e8c53e669c0272664","first_seen":"2025-10-12T15:55:38.252268Z","last_seen":"2025-10-12T15:55:38.252268Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4208,"timings":{"blocked":436,"dns":366,"connect":19,"send":0,"wait":3335,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public-api.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/favicon.ico","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","date":"2025-10-12T15:55:12.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/favicon.ico HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: image/x-icon\r\ncontent-length: 74\r\nage: 161959\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e8d46a-57e\"\r\nexpires: Sat, 10 Oct 2026 18:55:53 GMT\r\nlast-modified: Fri, 10 Oct 2025 09:39:54 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 5bb6bf6a80b4087fc23f90e704922917\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:12 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-06-01T19:13:01.80354Z","times_seen":21051,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/manifest.1c04a309dc7ab730981b.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","date":"2025-10-12T15:55:16.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/_global/manifest.1c04a309dc7ab730981b.js?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 800\r\naccept-ranges: bytes\r\nage: 360272\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\netag: \"68e64106-320\"\r\nexpires: Thu, 08 Oct 2026 11:50:44 GMT\r\nlast-modified: Wed, 08 Oct 2025 10:46:30 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 3f834c94cbd44bc45ad219ce4ffa4eb9\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:16 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":800,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (800), with no line terminators","md5":"4261d0c50be41ed74bf48abe2ff27430","sha1":"52eb96d0c236f4fa7798f183054f4cb4623a46cb","sha256":"b8f1a9ae48e9b8852f28a2ba680665106dfb3bdfe746b80856bb603b2a3d20f9","sha512":"fc49b0a65b1cf5fb8f96ab65ad658c184cb876feab70684383248bc8add73364b8e13769c35d6f00bf7605521ca5a79b7170ac66b734767da05506e2d1a4fea8","ssdeep":"","tlshash":"3401ced736e1fcc30362687c093f6089f2796914562eb886c749a16a3d7149680adfd6","first_seen":"2025-10-09T17:41:26.81243Z","last_seen":"2025-11-09T03:26:57.398213Z","times_seen":14,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/vendor.cfd2b4e5e063699b4bdc.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","date":"2025-10-12T15:55:16.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/_global/vendor.cfd2b4e5e063699b4bdc.js?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 115065\r\nage: 360272\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e64106-48a30\"\r\nexpires: Thu, 08 Oct 2026 11:50:44 GMT\r\nlast-modified: Wed, 08 Oct 2025 10:46:30 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: ebc5c32fb1218d6b7545d85c35eece88\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:16 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":297520,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (46740)","md5":"2973d39bf0484e4a22d1dd85d8c5abd9","sha1":"6a47c94d7d2251ce0a851495cc83e100e0e00f02","sha256":"f38f9044e5a5e7de18aaa3cb52b4dd3bbf8d1ba2c1793236995706b2eac10d8b","sha512":"4aa54e3a958b278bed53e10f62a58dffbbbfb75e3b1ef8761eeee3d4ca63c878d5be369d7ede2c87d5ea023fa119d031671d38c70e1ab73cc0537f42caaa0ca7","ssdeep":"3072:VWs/eqXUqE6Ybjy0f5tz0bg9Qfw+pxU0Mhb8I/28TeihXfx3MN5HaY5xdjie:VWe3E6M5tz0k+f9u/28Ci8/aYH9ie","tlshash":"0754f78db29170b113eb20b5417f560ff23b6815b84e85d0f222e8e96d7898e9127f7d","first_seen":"2025-10-09T17:41:26.813729Z","last_seen":"2025-11-09T03:26:57.399403Z","times_seen":14,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/135/8bf3840.png","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://public.8lyyu1vb4.com/history/135.html?psid=1977380592739722243\u0026sid=1977380592739722243\u0026api=public-api.8lyyu1vb4.com%252Fweb-api%252Foperator-proxy%252Fv1%252FHistory%252FGetBetHistory\u0026lang=en\u0026t=C86C078B-CD18-4815-94E1-B73597A80325","date":"2025-10-12T15:55:17.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/135/8bf3840.png HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/static/135/135.d93827e03db528ec4f87ea7318700294.css?0cf899f2d83f449d7ac0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: image/png\r\ncontent-length: 118424\r\naccept-ranges: bytes\r\nage: 16\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\netag: \"68e8d46b-1ce98\"\r\nexpires: Mon, 12 Oct 2026 15:55:01 GMT\r\nlast-modified: Fri, 10 Oct 2025 09:39:55 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 251d9f5767d2f29a7ab90f1d1b9284d0\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:17 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118424,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 864 x 292, 8-bit/color RGBA, non-interlaced","md5":"8bf38404a9d2d6902b0af923d4c09767","sha1":"6a078dad9dbceca78c42f0649b7088bc2fb334d1","sha256":"63967b84bf17254a6944927b211902b7bca1508da0d0dbf15a4221007e260923","sha512":"8d67222738cc9fad34d5232ea5ca82420e4d9e9b698502675ac6e17f4a18e6f65fb3b1800710942e996ffa3818426d1a2a07e0b948d7b459856ab7586708bd5f","ssdeep":"3072:zlkRCA2HQYj9Yun3ta8TftyEQLVDFgso51PnVnit:zlkRCTY+tZSZ6so51PndS","tlshash":"81c313d49b33621b8c0e3c776cb9603e28c42a539b33e45e1fe5312b8bd5f6d19a4691","first_seen":"2025-01-19T20:56:45.476819Z","last_seen":"2025-10-25T12:57:36.128298Z","times_seen":3,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":106,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T15:55:11.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 910\r\naccept-ranges: bytes\r\nage: 194852\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: public, max-age=600, s-maxage=604800\r\netag: \"68e8d46c-38e\"\r\nlast-modified: Fri, 10 Oct 2025 09:39:56 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: e5ba799792f7adb0f4e68e46716eb2ed\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:12 GMT\r\nvia: cache06.oversea-US-ORD2\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"dc.js","description":"A multi-dimensional charting library built to work natively with crossfilter and rendered using d3.js","website":"https://dc-js.github.io/dc.js/","common_platform_enumeration":"","icon":"dc.js.png","categories":["JavaScript graphics","JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":910,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (353)","md5":"b03df6cacd2e1adac40e988b395d7d4d","sha1":"a55f17b5ade5d8afdc1d6ce1a4d46b1620330f5f","sha256":"43f14627b8402268a0f417f5b8413d966dc3e730fbf772f9a50b38b3ead09a6f","sha512":"bf18fb3752d4f241c9e1705b3aec179d1fe4d9235b857419f9ff951d37f39688def0df4af2ea3af2a04f9baf00ef8a1479369e5cac414ddc90e2ce6d75108734","ssdeep":"","tlshash":"cf11ef465ca0e518917085dde8e1f226c08ef93ea71c8c44a4d894ed7ed1bcc44ef69a","first_seen":"2025-10-11T18:21:31.32583Z","last_seen":"2025-11-09T03:26:57.402657Z","times_seen":13,"resource_available":false,"data":null}},"time_used":989,"timings":{"blocked":440,"dns":114,"connect":104,"send":0,"wait":105,"receive":4,"ssl":219},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/manifest.1c04a309dc7ab730981b.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","date":"2025-10-12T15:55:12.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/_global/manifest.1c04a309dc7ab730981b.js?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 800\r\naccept-ranges: bytes\r\nage: 360268\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\netag: \"68e64106-320\"\r\nexpires: Thu, 08 Oct 2026 11:50:44 GMT\r\nlast-modified: Wed, 08 Oct 2025 10:46:30 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: fce32eacc808de81a384e01104777b55\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:12 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":800,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (800), with no line terminators","md5":"4261d0c50be41ed74bf48abe2ff27430","sha1":"52eb96d0c236f4fa7798f183054f4cb4623a46cb","sha256":"b8f1a9ae48e9b8852f28a2ba680665106dfb3bdfe746b80856bb603b2a3d20f9","sha512":"fc49b0a65b1cf5fb8f96ab65ad658c184cb876feab70684383248bc8add73364b8e13769c35d6f00bf7605521ca5a79b7170ac66b734767da05506e2d1a4fea8","ssdeep":"","tlshash":"3401ced736e1fcc30362687c093f6089f2796914562eb886c749a16a3d7149680adfd6","first_seen":"2025-10-09T17:41:26.81243Z","last_seen":"2025-11-09T03:26:57.398213Z","times_seen":14,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/_global/vendor.cfd2b4e5e063699b4bdc.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","date":"2025-10-12T15:55:12.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/_global/vendor.cfd2b4e5e063699b4bdc.js?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 115065\r\nage: 360268\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e64106-48a30\"\r\nexpires: Thu, 08 Oct 2026 11:50:44 GMT\r\nlast-modified: Wed, 08 Oct 2025 10:46:30 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: 2dc47811ca7b2f138fdc48fc1781953a\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:12 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":297520,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (46740)","md5":"2973d39bf0484e4a22d1dd85d8c5abd9","sha1":"6a47c94d7d2251ce0a851495cc83e100e0e00f02","sha256":"f38f9044e5a5e7de18aaa3cb52b4dd3bbf8d1ba2c1793236995706b2eac10d8b","sha512":"4aa54e3a958b278bed53e10f62a58dffbbbfb75e3b1ef8761eeee3d4ca63c878d5be369d7ede2c87d5ea023fa119d031671d38c70e1ab73cc0537f42caaa0ca7","ssdeep":"3072:VWs/eqXUqE6Ybjy0f5tz0bg9Qfw+pxU0Mhb8I/28TeihXfx3MN5HaY5xdjie:VWe3E6M5tz0k+f9u/28Ci8/aYH9ie","tlshash":"0754f78db29170b113eb20b5417f560ff23b6815b84e85d0f222e8e96d7898e9127f7d","first_seen":"2025-10-09T17:41:26.813729Z","last_seen":"2025-11-09T03:26:57.399403Z","times_seen":14,"resource_available":true,"data":null}},"time_used":416,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":211,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"public.8lyyu1vb4.com/history/static/redirect/redirect.084fcc4cbe4f1969c2a5.js?0cf899f2d83f449d7ac0","fqdn":"public.8lyyu1vb4.com","domain":"8lyyu1vb4.com","tld":"com"},"ip":{"addr":"128.14.219.130","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator","date":"2025-10-12T15:55:12.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8lyyu1vb4.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Sun, 14 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:67:06:2B:EB:EB:46:52:1D:DD:95:EC:C5:86:63:EA:47:6C:72:C3","sha256":"CD:C7:7A:9F:7B:55:18:F4:01:24:DF:ED:72:1C:29:E1:A2:AA:0A:36:ED:E1:D3:4D:37:66:A8:E7:85:1A:CD:63"}}},"request":{"raw":"GET /history/static/redirect/redirect.084fcc4cbe4f1969c2a5.js?0cf899f2d83f449d7ac0 HTTP/1.1\r\nHost: public.8lyyu1vb4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://public.8lyyu1vb4.com/history/redirect.html?ot=\u0026psid=1977380592739722243\u0026sid=1977380592739722243\u0026t=C86C078B-CD18-4815-94E1-B73597A80325\u0026trace_id=000fe3e0-9d47-4cd1-b2f6-b10c90a8cc03\u0026type=operator\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Byte-nginx\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 15423\r\nage: 194593\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\netag: W/\"68e8d46b-aa6c\"\r\nexpires: Sat, 10 Oct 2026 09:51:59 GMT\r\nlast-modified: Fri, 10 Oct 2025 09:39:55 GMT\r\nstrict-transport-security: max-age=5184000; includeSubDomains\r\nvary: Accept-Encoding\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-request-id: c5c809f96ff5459fa2697cce0fe59049\r\nx-request-ip: 91.90.42.154\r\nx-response-cache: edge_hit\r\nx-response-cinfo: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\ndate: Sun, 12 Oct 2025 15:55:12 GMT\r\nvia: cache06.oversea-US-ORD2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43628,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (41446), with no line terminators","md5":"74582bb127cf9b74b86318291514119a","sha1":"e0ea503340a5637f1541467532ec2efc8c896ff3","sha256":"affbae8f6f3e063a3e94d9093efd211ca9a695bca9501d83ee54e7c8e5fdf384","sha512":"96592c62ef47042ce3c960d2f92aad8496ea89fa8f82c6855722db3b931ec28d243f672a94a5f7772c1a1574b5b7dd97c8dca3ca1d018a9866473e79854f4925","ssdeep":"768:9Dr/LRCfaTFjba/PT/u0GtEPTBgFOO5lOO5W:9/WaTh4zGiPTiFlW","tlshash":"ff13d78ebddaa98e092372f56d4fb49870ee4d2e140f8214fa40d85536ed86c173bb74","first_seen":"2025-10-09T17:41:26.815118Z","last_seen":"2025-11-09T03:26:57.403676Z","times_seen":14,"resource_available":true,"data":null}},"time_used":415,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":414,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"public.8lyyu1vb4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}