{"report_id":"bbe07c72-edd7-4e1b-8d79-33c3dd9a85d4","version":6,"status":"done","tags":[],"date":"2025-12-23T11:57:35Z","url":{"schema":"http","addr":"hi.okxxx2.com/video/489078","fqdn":"hi.okxxx2.com","domain":"okxxx2.com","tld":"com"},"ip":{"addr":"104.26.4.76","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"title":"OK.XXX -🌶️ free porn tube!","dom":{"size":3771,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3771), with no line terminators","md5":"36733121705d13a43ddaf98664d032a6","sha1":"b79898dfda65a28c2cf066ed8996329a758b7fab","sha256":"d5b25c744d496fe290db85e85973034dc79f4783eac3265b4584854c624f9ee7","sha512":"0803d50e08869873a3a4a9b6143e8b51fab429efc9a2a5521fa4c83f238e0f7ab47c397970bc4871655ee8624ac828e6a9694af7c6455db0e0c54329e90b81e1","ssdeep":"","tlshash":"897197b21c0abc5de16260e3ae2b596ca37a148910c1c1d37bdeca9bcb20cf6491c197","dom_hash":"domhash17ad49a54c91fe7f8103e709c816aa8c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"hi.okxxx2.com/video/489078","fqdn":"hi.okxxx2.com","domain":"okxxx2.com","tld":"com"},"ip":{"addr":"104.26.4.76","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-27T11:57:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"s.pemsrv.com","ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-08-01","domain_rank":104334,"first_seen":"2023-08-04T13:10:46Z","last_seen":"2025-12-23T08:06:35.362015Z","alert_count":0,"request_count":3,"received_data":5324,"sent_data":1385,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-12-21T22:19:25.211281Z","alert_count":0,"request_count":1,"received_data":20344,"sent_data":498,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"hw-cdn2.adtng.com","ip":{"addr":"151.101.195.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2018-07-20","domain_rank":157324,"first_seen":"2020-02-20T16:50:17Z","last_seen":"2025-12-17T18:54:11.453137Z","alert_count":0,"request_count":2,"received_data":34964,"sent_data":910,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"hw-cdn2.ang-content.com","ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2018-11-15","domain_rank":4721082,"first_seen":"2019-03-25T22:41:04Z","last_seen":"2025-12-19T06:39:42.443608Z","alert_count":0,"request_count":4,"received_data":379621,"sent_data":1860,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-21T22:20:20.869237Z","alert_count":0,"request_count":1,"received_data":39963,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"a.magsrv.com","ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2023-08-01","domain_rank":51490,"first_seen":"2023-08-04T16:18:00Z","last_seen":"2025-12-23T08:19:37.589566Z","alert_count":42,"request_count":14,"received_data":2602670,"sent_data":5740,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"a.pemsrv.com","ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2023-08-01","domain_rank":181476,"first_seen":"2023-08-05T12:08:36Z","last_seen":"2025-12-18T21:03:42.56693Z","alert_count":0,"request_count":3,"received_data":494633,"sent_data":1231,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"s3t3d2y1.afcdn.net","ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2022-06-27","domain_rank":0,"first_seen":"2025-11-21T12:51:16.33547Z","last_seen":"2025-12-19T20:11:08.59778Z","alert_count":19,"request_count":19,"received_data":905959,"sent_data":9541,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"okxxx1.com","ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-03-17","domain_rank":2078,"first_seen":"2020-04-02T20:25:49Z","last_seen":"2025-07-13T06:00:56.13003Z","alert_count":0,"request_count":6,"received_data":429473,"sent_data":2865,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"mobile-detect.js","description":"Mobile-detect.js is a compact JavaScript library designed to detect devices by comparing patterns against a given User-Agent string.","website":"https://hgoebl.github.io/mobile-detect.js/doc/MobileDetect.html","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Liveinternet","description":"","website":"https://liveinternet.ru/rating/","common_platform_enumeration":"","icon":"Liveinternet.png","categories":["Analytics"]}]},{"fqdn":"hi.okxxx2.com","ip":{"addr":"172.67.68.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":409321,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"a.adtng.com","ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"domain_registered":"2018-07-20","domain_rank":79851,"first_seen":"2018-07-26T19:17:41Z","last_seen":"2025-12-20T18:28:28.528152Z","alert_count":0,"request_count":3,"received_data":9194,"sent_data":2110,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"verifycdn.agego.com","ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2000-05-13","domain_rank":1396881,"first_seen":"2025-08-08T02:54:34.994916Z","last_seen":"2025-12-19T03:38:27.136988Z","alert_count":0,"request_count":1,"received_data":269663,"sent_data":415,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-21T22:17:33.83847Z","alert_count":0,"request_count":1,"received_data":411131,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"s.magsrv.com","ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-08-01","domain_rank":47665,"first_seen":"2023-08-04T12:48:00Z","last_seen":"2025-12-23T10:08:35.766135Z","alert_count":22,"request_count":22,"received_data":48292,"sent_data":17931,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static.okxxx1.com","ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"domain_registered":"2020-03-17","domain_rank":3065528,"first_seen":"2025-06-01T17:00:51.666286Z","last_seen":"2025-08-02T22:54:37.971278Z","alert_count":0,"request_count":26,"received_data":900662,"sent_data":12100,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.3.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5a3b4702c0c9a4b833b6f7e46884895","sha1":"835ba616614e72768e1d75e255a5e8d664f50031","sha256":"e3c7c8530f232b07a6c5a10e0d91a0e4d6ff1623c84fe4ab2b4a814682887fc3","sha512":"770202c7f3ddf27e3cd6e31d015909d212b2c1ae43584b08adaa45d79a8d088f1b2a1c5a6948df6baf8db2768968463c3aaff67a45a8d08f1260ad250ef53820","ssdeep":"384:/edd80fQZmdq304vZAFboCiOB+K/3PnQLYoxRLHLCozOEu02y2Ybm6iEISeC1MME:H4da04v9CikxKHLCcOEu0ddeC1Mp","tlshash":"0f921ad9368170722bb674e9857f810bb135a86b454ec450b15cccf42efce86a173faa","size":19825,"data":"","first_seen":"2024-12-20T20:24:35.26918Z","last_seen":"2026-03-14T06:30:05.026665Z","times_seen":29,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.pemsrv.com/popunder1000.js","fqdn":"a.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"58eeac519be6ceb7f233b62fedfdf016","sha1":"a8b5185c6e336f90988c17b6ae0d3baf33019177","sha256":"b0d0cb74d537af4c1b83a9d78074cd9bca9b9f3bde3aad75ec4d55b3f1095190","sha512":"9ebaefaf8755f013dd4039606d27392cd58e3b0abe895b4a5dcbdcdcb9e9473667f27387090c9eb50cd8d234baa8a52e3ae24d488ccc424e27eef4ad4d9382a5","ssdeep":"3072:drCqGR9VdpPtCgzTNiQ4n8701l21bMpSmu:XGjVdhdQQOe+p5u","tlshash":"66c35140210748e921e2d67e956fb0993c24a823f5e9cda76c05e7c1f8dec99069bdf3","size":122357,"data":"","first_seen":"2025-12-09T14:42:47.636044Z","last_seen":"2026-01-07T12:59:27.51417Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"41eece0da217398b6f4d4ee2f01b6245","sha1":"72f2098b0520b07dd3c6874646c920a3d367a4e2","sha256":"62bba8c2295a14bb2d007a3f7f8730fd10cef7348a6474f3f832c99ca6795d35","sha512":"1009ef0076bfb735c9b40fa3b106c8de414943b27fd74cfd315265ad768592a9d3eaf408c2392269659fb5af26c32f454d8f8a86fe0044d5a0c46ef424ebe207","ssdeep":"","tlshash":"dec09b3d110413fedfd5359ddc05667d1811b1b1d1918cb04715d527605de144cf3801","size":134,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.712524Z","times_seen":11591,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T21:31:02.061029Z","times_seen":291487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"bd624f983bad13487640244c57e3272a","sha1":"721b4ee1ce712169524afadfc687926029d374f8","sha256":"a75a2e96c077981a8f00f4ecc3d2bff3b5cc7ae91e66675a58e24626325bc444","sha512":"57d6ba6cf1ad6b20c2b62fa864c2581a348752c1272f35ecc591eaed8e250dbcc90c5b5c3bfd99a64a28d803718be8162b23d34261ebcacc66ae89024ad98bc0","ssdeep":"","tlshash":"ecc02bcc321b0c7082f76b008b3fb600f002321894d16e3249092304ce30e03d784850","size":153,"data":"","first_seen":"2023-03-13T11:38:34Z","last_seen":"2026-02-25T00:18:48.333858Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.4.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"42ea793f5b9774638bb9942e1e76df26","sha1":"fdf19f8ced0de3f98ef9cd78cc0a5387af6ff7fd","sha256":"a6f7b74f8d0d71fc120185e4d0ec53f1fa98d8f2b0052656692ca8157280b176","sha512":"85539578955cfa9b8df761db62596a5cc8b75d944ce95948fbea3ac7d80048b0dbdc483b6c7213dec990bb6792dd866a68427480284478330f8ec12c6b835e61","ssdeep":"1536:BrSXNoLtHmjF5hY95OC5uSFx9FGUMqXJNnzzDJ8LprwIto:Brd+F5Q5OIG9gbzJMwIto","tlshash":"f663b64872a078a251f735b7141f640631325933e606c8a5b56ee5f19ef8ecc2633fae","size":68580,"data":"","first_seen":"2024-12-20T20:24:35.309699Z","last_seen":"2026-03-14T04:47:23.939647Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ebe7e4dbf2bbf490424640a958559f08","sha1":"77eb41fa4c0e29ff370ea04419768385a5776bb0","sha256":"d145e7c12843254a51eb2142827b53ae687f1e97d4117035c075ba04d3086873","sha512":"23be55d233fbbdfbd42d2bf8ece61aec1fafe6f65491bee26f7e260dafe20608bcb3c2a610ea8a55a56914c70b0fa1673497d07d483f82392fee162957eea7cc","ssdeep":"","tlshash":"54900298d6042225ee164b55278530155e4034701f69903670a8509c40c55164461864","size":54,"data":"","first_seen":"2023-03-13T11:38:34Z","last_seen":"2026-03-06T20:07:37.877765Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10012989?time=1636664872070","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9b5e83600552b1e8f42fbaab307f7696","sha1":"e7cff1d348ef7f0f3bb264d0a9049e9f938db6fb","sha256":"cd394ff3a3f23dfb255d44928d372b4227355a77d42179d53ebe3079f8640129","sha512":"145c627575c516ca7c33fcf3ceb99ea5fe73571b1eabf4ed0fb7033eba32033b8ff5b776cca607fc7134c0150e0cb8e6e54caafb8afaf165a0f77f430c076311","ssdeep":"","tlshash":"2b2100b58c0abc9ae69520c16f4b199cb3be25991188c3933bcdc796cb58cd15e2c046","size":1233,"data":"","first_seen":"2025-12-23T11:57:49.675168Z","last_seen":"2025-12-23T11:57:49.675168Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a0e9834df6510c2645db85ff36d71029","sha1":"8e8f87634014c92ef7441e41765e6b9a07f092f0","sha256":"555303e0da042b3f48d7ac5344f7c1b407dcf5d9605d1d0fbdaf918d62cb2aa0","sha512":"1e1cb6bf450c3c9ba73b5363cd647bad142e4a461ca5bfe5bdf05fe360f9cf7256d1ccd51dcc6b7c0217aab956e3d3ce3039a83fb4aac769c133724729be3709","ssdeep":"","tlshash":"ee116d4385a988f60872116eac63d446f9a7c0834104ae55f9cfc7d4cf5104e8f979ed","size":1097,"data":"","first_seen":"2024-12-20T20:24:35.291481Z","last_seen":"2026-03-06T20:07:37.880591Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/jquery.easy-autocomplete.min.okx.v4.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2665d38930da43a018e407bf3e675f3","sha1":"001e97ed4cc4c5d629ace24cc72dc1e5670a003e","sha256":"3a05fd0ac6d969742738d6df57996f73fc14fa0776827580a5d358be6db36674","sha512":"560ad8eb8145f263b39bae69ecdd6f04355353f9413f2e92b76246aafbce17f78e856451b34de9bea2084eb67428f61393f75ef2b3ac98b2842f3a648c453339","ssdeep":"384:VDPgWFxQKIM5KlmYVwYpYUTlmNpiMCMVl/qnBJ3GLxp2GoLFbK6TICc5E:VjTFxQKIM5KlmYVDYUTlmNpiMCMVMBSm","tlshash":"aa72855c7295710a03f7717692ff010bb13aa8e999054ca0b96c81e06fb4eaf5267f2d","size":17017,"data":"","first_seen":"2023-04-16T07:34:59Z","last_seen":"2026-03-06T20:07:37.872729Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"340ef56e439d31b3ce7dfb2245ef4870","sha1":"ce5c9f1ce340914f518fac6b93f2fb995bda0515","sha256":"9fa2a02e10e791d3e1bab8c9e4d5c845ed319f158cb5fea171f7a3360930a87d","sha512":"220c2d81a66a5b004f065c0f1c6a09f6c2221814740911ed3f70473eb54a7b6cb62d3973531cac61008e0b79c0ce64cb7b5b177f132c2dd10da8b6fe1c7a3b22","ssdeep":"","tlshash":"f81112da20c42035be9ba464e90fb7447b038017f44eea36361f13562f1425a81269ed","size":887,"data":"","first_seen":"2025-12-01T15:49:38.884264Z","last_seen":"2025-12-23T11:57:58.011548Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"82586eb38ff2505b693a5a26d4535e3c","sha1":"c38b173985cf99a0a083485ab1408ad855ce1395","sha256":"30bbdc19f299805a3ada6b70764d3d3d588af644a6bc84382927d41d74df28fb","sha512":"9a6916554a5f4cdc89a16d3fa49be7143a3de3ff9b99ff2d9f3b0bd46d9a49832c49b7e1149274d1faa33b16c247417438db7e8a43c8649103610bb9b7994268","ssdeep":"","tlshash":"00e07df0081380ddd5434cb2386442a52838e8a13e107326708e363834c0f70367e638","size":297,"data":"","first_seen":"2023-03-07T01:17:01Z","last_seen":"2026-04-03T19:55:24.692736Z","times_seen":1035,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"869dfcf92cf977c2365c67def397c642","sha1":"6afb9f692dfddc7a155ed73749e1b9efa25c4736","sha256":"5faba8dc42da99fb332dba45b6d4ed0788c09fb4760b7caf8d90b3c9289f456f","sha512":"db98c9c104dc9f5e22812dae5bcba7c4ba3e043a8ec0ad39e50b3f62c1f982fd493d5199c0a0be8cfb90838b481d1cb2c6ec8d4dcdb22bcfa970c87aef4b4c72","ssdeep":"","tlshash":"2421ba1c7a97103d06632c894eeb86c938742e435097e006fcacf611ef90ad658faef5","size":1265,"data":"","first_seen":"2024-08-20T08:06:38.410902Z","last_seen":"2026-02-25T17:32:37.741037Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10012990?time=1636664874192","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a424529ba64a7d5021a5c88309935fb","sha1":"c413982bdc7af473052617c1bd0c0c09b7d8c347","sha256":"7e2d0a2a81e0327b86465b85c498506a7c51f37fcc4f5029868f2f438f4611a2","sha512":"bafcd0694a7f28595bdd22688ed535102a1f17f6d0efa9c98b8ae81d3f44c030916046cc60e13ea6297631561d194aeed4c3db8972f995234330a873ff7bc598","ssdeep":"","tlshash":"132142f58c09bc9ae6d520c26b5b188cb7be319d1188c3933bcec782cb28cd15e2c445","size":1232,"data":"","first_seen":"2025-12-23T11:57:49.686696Z","last_seen":"2025-12-23T11:57:49.686696Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.195.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","size":16885,"data":"","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-03T20:19:15.186426Z","times_seen":2324,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.pemsrv.com/ad-provider.js","fqdn":"a.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b6a035a8d534745768f430968527ddc","sha1":"9aadc21458924cf509e9e4cd443e12dd21c1a24d","sha256":"fa1550d32fff4d3ae5d6e1061002ce4b162cf5d8602828d8537edf417fb19d3d","sha512":"fc3e8f5e9b0b7a862cce263a82a12a31bcf9e310f3931861c90376815e30d7aedfb38ddf18fc91689083c1acea845bbb7cc8f51a843688d622be1b9c6c1d9c74","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMzpo:U+28VOk262lElwnRjfs4sXJpo","tlshash":"3b045d993792307441d3a11da9ff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185361,"data":"","first_seen":"2025-12-11T18:04:56.436466Z","last_seen":"2026-01-14T02:16:11.491697Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10012989?time=1636664872070","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e8d34961271ba4b55e6c9cce2467a95a","sha1":"1003d144823da6faf807d51e13ebea677c90ea9d","sha256":"4de90dc561ddec65375f283e812150f7a319d64890d03ce3835154b7abbd5c58","sha512":"9cd135013e3566366b40d3c6cc9e9795727336114f2d25b11c434fc22f2bb4df959fd4a72ec807309626f8901966c97c877bcb4af9f8c30c97315b361fa79437","ssdeep":"","tlshash":"6c113282394a253cb17326736d1d4bb847520a9718c384e56ad7dd8f0c304fbd4947b7","size":1042,"data":"","first_seen":"2025-12-23T11:57:49.691256Z","last_seen":"2025-12-23T11:57:49.691256Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","size":5027,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-03T20:19:15.151308Z","times_seen":2306,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10012990?time=1636664874192","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"534edfb33e0453fd4026b3ef6702c6a1","sha1":"9c44964aa27f21f26014c3a665b8f6f576b4a0b2","sha256":"bc63a62ab708482466e092f307adb7363e2ecfbe17782b6aacdd9075c4b9aa7b","sha512":"4ae5a1c6e2ed63b6fcd3aec73b765f3d90dd0aa18aef734282410aa5903f42b064216f533a45ea2f5a4fc16582b0a7e7c152b517e8b87053926a63fb194793c4","ssdeep":"","tlshash":"d1117541311a5a7df0137bb36e1e8f9407660aa328c300e2a3eb4d8f4c700bf54586ba","size":1046,"data":"","first_seen":"2025-12-23T11:57:49.694659Z","last_seen":"2025-12-23T11:57:49.694659Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/lang_redirect.okx.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb5b8796c6ac54b5c2ea7dda3d56b936","sha1":"c29bf0f593eda39d258cf2678aa8769edb4abf70","sha256":"c8f1b27e2b26bb4941ddcc74c029d8569d308cdce5f70bb8822b3f6bcc79a367","sha512":"e65b7edfe74d0e69201f273343ffdcc951eb8fb38d691400ba922370517371699b1d317732f3aefc7879ddb5f14a03e624db0e705839aab45c758ab8d5eb693e","ssdeep":"","tlshash":"b7f0558e20a51642a6317385b8433124b02004e0ba0ae884cb8863b12a96e6bce37c8e","size":439,"data":"","first_seen":"2023-03-13T11:38:34Z","last_seen":"2026-02-25T00:18:48.325857Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/functions.okx.v19.min.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"83ddc5a714708835cedaa44f9133bf68","sha1":"a37fb40f9f1df143ace1a1bd59ce002a691f1a53","sha256":"4d551d0598c3a716175e063d74f1fb259441db42f6a0fedb83c9cbc87fcc9a72","sha512":"3734218b196ae37d669f1bc33d5725ee053228542fb5760b316471ad46153eeebf3f51f676f1426e41c443b6baed3087ca419c42c01b30b28731d558fd4e5dd3","ssdeep":"384:/smzAi0buXPW6L1rLXqcilw8VByyMSWscG6uZHXpK+GE2UAzCe4pf3jXIYb3KrFY:B+buXRLtLXqcilw8zyyMSWscGj1X0+GG","tlshash":"6aa2b648f340a5f412bb31b52c5fe900703ba971c6198516e62be2b5997cc8c7a33b6f","size":21618,"data":"","first_seen":"2025-07-04T12:53:42.408753Z","last_seen":"2026-02-25T00:18:48.267221Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-03T21:28:55.574834Z","times_seen":330047,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.pemsrv.com/ad-provider.js","fqdn":"a.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b6a035a8d534745768f430968527ddc","sha1":"9aadc21458924cf509e9e4cd443e12dd21c1a24d","sha256":"fa1550d32fff4d3ae5d6e1061002ce4b162cf5d8602828d8537edf417fb19d3d","sha512":"fc3e8f5e9b0b7a862cce263a82a12a31bcf9e310f3931861c90376815e30d7aedfb38ddf18fc91689083c1acea845bbb7cc8f51a843688d622be1b9c6c1d9c74","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMzpo:U+28VOk262lElwnRjfs4sXJpo","tlshash":"3b045d993792307441d3a11da9ff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185361,"data":"","first_seen":"2025-12-11T18:04:56.436466Z","last_seen":"2026-01-14T02:16:11.491697Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"dff932eb62b0ddaac2211366b4b01ebc","sha1":"9dab4d6ec387b84659b55330837eb7377f8d4f90","sha256":"6a95709e3e4f44a0dc86ff470f0d2bb12eb97af1cbd52c67542c43e693392bb6","sha512":"b60004f4b5caf487000de2d2f7ad7844afe6153f3d487d0ad001e009daf990122e3bcdce29b9cc80502df28d3429f0d3fab8fa22923f9f37efdef6cba77f1c54","ssdeep":"","tlshash":"1a9002da71c371009653326c407f188d613988e5288c4940915094922c6503491269ac","size":53,"data":"","first_seen":"2025-01-25T20:39:32.065702Z","last_seen":"2026-04-03T03:15:29.473427Z","times_seen":1321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-HH9W20VKS6","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e71c1d8a70f79bf41c74ce2e8a2250e6","sha1":"7bb60b4af131741619f872bff7041e813aed6f8f","sha256":"67fbdfeef9617640b654946da28bd9226b24b8a1b569e5581fa33eaa1a760314","sha512":"19181025038f46bb5c3f1a1c6415db69e6a7f12ea70b5a3c53f5ba15267e3d3080a4b8849213e5cb9ebd9e3eb5f8cde3ea395f7ec78ee1d22b94655767e7d63b","ssdeep":"6144:XIe7mZ2bulKY/1u99xHDmHYmyBFzvnsNu6JWoNPad4FpC1PF:4Cpbu7/1mbrnsRWbMpA","tlshash":"bb9419ce73c674668396e078503f118ba57b29e2b44cc895f189cce42e746aa4277f7c","size":410527,"data":"","first_seen":"2025-12-23T11:57:49.549426Z","last_seen":"2025-12-23T11:57:57.997159Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verifycdn.agego.com/v1/verify.js","fqdn":"verifycdn.agego.com","domain":"agego.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"27c6c10f025028c7f70bc16717c392b0","sha1":"8971a3c2c256b2067e8ac937e8f971da9e786799","sha256":"42d042148b944c5cf1e230e3fa7e61af33440e9e9fbbf2756dcf0eede187a4e8","sha512":"b65f3e0844087b28b3ab847ae89a6e80255279733660257d046e4249ff38e49183227d327e954e7d1253469d1e3fcd0564044666634929dc163672f897cc6d3d","ssdeep":"3072:9m/p4yqxGb0UdZ0T6PPT1DBxFDpk43M3cw/etJ7Cx5ttRqH2711xI:ImFxGbDdS8dDP3UlQcq","tlshash":"e644189db3d6b06183d776a5502f200bf23b5a54a84d8050f22ad6d17cb9a4fc23bf79","size":269098,"data":"","first_seen":"2025-12-01T15:49:38.789557Z","last_seen":"2026-01-10T10:37:39.801283Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/enter_pop.okx.v1.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"7cbc9d50dbb2536e63a2de22c2c3d604","sha1":"ae62a6c764073e2183965322bf4fc2652db1a698","sha256":"a61f0f4268764eb21ba630e8ef6d113d636ae59c135a9d9a7dee9fdacade8833","sha512":"58dc589e572e433938b44a27ad1dcd34d15fcec684f037c6da20c2e14dc83296c889c67d618265d1a610d2c052eb70d3345feb4fbe91a1deaf89abfa7ab7cdb9","ssdeep":"","tlshash":"ac111fadb8aa753c1337731c261d2116760654468208ce05f36c21f4bf6063bae7b4ef","size":1053,"data":"","first_seen":"2023-09-23T23:54:41Z","last_seen":"2026-02-25T00:18:48.231307Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"055df38627c30abbaba99c3464a8c6ae","sha1":"cb43f1d40b96033d5134bdac602e6c94cde91318","sha256":"380f22ac8b5f61fec306bf17608cc8b19f340f6c18f5bdfd433077b462af0794","sha512":"098bd5a113284710a5c43e26e2e25a56f016570a22d832d3e286681220d829ea9b189084736e6712111a5bf054a914399e53a91840f56d2da25d73c691678ef9","ssdeep":"","tlshash":"92a0041535d35c44c071711d155143d017710f4f40407cc071ccc15d5f345d14000703","size":61,"data":"","first_seen":"2023-03-13T11:38:34Z","last_seen":"2026-02-25T00:18:48.347416Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0bea9ab0e24ed5ead0a86a7b0f225c84","sha1":"cfebc42b92f16109cc3d910a0d724413f680c5b9","sha256":"2669bb53926eba45e51771f34a630ccf11a4ee10715b7ed2a1ee68afbeccc8c2","sha512":"6c91da05e5d28a10e0a809bf29d14512005bbd6ca07de6acce60bfef50cf4b8fa77efe29cde6af798fbda2f5eb869bd8955459aef673f70ca2a18943b973c32e","ssdeep":"","tlshash":"6ef0d818b376ae20602b7cad4bb74150672d811743098b00bfad04c49f0caea710009d","size":447,"data":"","first_seen":"2023-04-27T01:27:26Z","last_seen":"2026-02-25T00:18:48.34809Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-03T20:43:05.711922Z","times_seen":11345,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"924959c48999c5c6d9fcfe7d7301cfb3","sha1":"fff1b785015278c75188eca684667fbad4c18251","sha256":"8ff0f4b42ad560bbee4496573d1cc2b771d56fe7424cc87273f6acd172368c77","sha512":"c010c9492ffebd108edb466c7541f22525c9da50ba02ead051eb50ee07ef964606c82488ffe3bcf808ccffcde913d7478114948481e5b745b894b4a7d40d4e18","ssdeep":"","tlshash":"b241573d7473a176087f24e96bbb664d37d5206b4c05d901388dcca8af78d462de5dc4","size":2418,"data":"","first_seen":"2025-07-05T21:25:24.49366Z","last_seen":"2026-02-25T00:18:48.348716Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","size":5027,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-03T20:19:15.151308Z","times_seen":2306,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.1.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-03T21:26:27.221555Z","times_seen":60481,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.2.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"a580dbd3914cdfaf1da3184199444c5b","sha1":"b1d1d77e8acb8a9858b30d6e9bafcd6604508b28","sha256":"3218ea66e7c46750f96d8e93d447180bc123525355556f05acbbff80da7bb20c","sha512":"cfc5a2c061ab77ce7fa646f924fd53517aafada17d3414fa12a7d25cf2848b6429a18434e665a3c0ac8cf876b033975e38c21151f455d02b16f900f41b55e3fb","ssdeep":"192:BV7+EqleaEzTb7mgPTFQCZvN7oNrf4nIaiB6Cw59T7TMcPvHKEr:BV7+HoHT7xrFQ6vN72f4GB6CwHf4cPD","tlshash":"6922ea6830e3605b50b7b1547cfbf38eb2b16638588794d1d0ace46939bcd7a1636f28","size":10543,"data":"","first_seen":"2025-07-04T12:53:42.454947Z","last_seen":"2026-03-06T20:07:37.840229Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.4/mobile-detect.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7bc0490ab1b85274bd5422aa273bf6c","sha1":"2f401f539bd0c4713ea6c3812dfc853260c49822","sha256":"ebd21fd785e33300ae6571194031810c2e87373fb139b681888b2423d78a562b","sha512":"8525721ae5c11e6672f80f8fdb50d1500b9ced44df72a73481e89e6ff1f5666aa2240a034dfcc560838100c4dc154594fcfc0b3c4a111181bfefb7243c1ea84b","ssdeep":"768:WzfO0UVJMIR56pR/Bdg4LWZtFN22979GxV/w72158h1NEac4JXJ8XnLhkxgg6oTH:WzfO0UVWIv635y4LWZtFN2297aoKC1Nr","tlshash":"29030ad2af31ee065d2f8465f06f2183b6f7d223a7ed4473e019498a6f8550350dbea8","size":38942,"data":"","first_seen":"2023-03-07T01:10:18Z","last_seen":"2026-04-03T15:42:24.901293Z","times_seen":972,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.195.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","size":16885,"data":"","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-03T20:19:15.186426Z","times_seen":2324,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185387,"data":"","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/functions.okx.v19.min.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/functions.okx.v19.min.js HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Dec 2024 12:05:41 GMT\r\netag: W/\"67582e95-5475\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21621,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21536), with no line terminators","md5":"83ddc5a714708835cedaa44f9133bf68","sha1":"a37fb40f9f1df143ace1a1bd59ce002a691f1a53","sha256":"4d551d0598c3a716175e063d74f1fb259441db42f6a0fedb83c9cbc87fcc9a72","sha512":"3734218b196ae37d669f1bc33d5725ee053228542fb5760b316471ad46153eeebf3f51f676f1426e41c443b6baed3087ca419c42c01b30b28731d558fd4e5dd3","ssdeep":"384:/smzAi0buXPW6L1rLXqcilw8VByyMSWscG6uZHXpK+GE2UAzCe4pf3jXIYb3KrFY:B+buXRLtLXqcilw8zyyMSWscGj1X0+GG","tlshash":"6aa2b648f340a5f412bb31b52c5fe900703ba971c6198516e62be2b5997cc8c7a33b6f","first_seen":"2025-07-04T12:53:42.408753Z","last_seen":"2026-02-25T00:18:48.267221Z","times_seen":6,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-HH9W20VKS6","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=G-HH9W20VKS6 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\nexpires: Tue, 23 Dec 2025 11:57:11 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 138433\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":410527,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"e71c1d8a70f79bf41c74ce2e8a2250e6","sha1":"7bb60b4af131741619f872bff7041e813aed6f8f","sha256":"67fbdfeef9617640b654946da28bd9226b24b8a1b569e5581fa33eaa1a760314","sha512":"19181025038f46bb5c3f1a1c6415db69e6a7f12ea70b5a3c53f5ba15267e3d3080a4b8849213e5cb9ebd9e3eb5f8cde3ea395f7ec78ee1d22b94655767e7d63b","ssdeep":"6144:XIe7mZ2bulKY/1u99xHDmHYmyBFzvnsNu6JWoNPad4FpC1PF:4Cpbu7/1mbrnsRWbMpA","tlshash":"bb9419ce73c674668396e078503f118ba57b29e2b44cc895f189cce42e746aa4277f7c","first_seen":"2025-12-23T11:57:49.549426Z","last_seen":"2025-12-23T11:57:57.997159Z","times_seen":2,"resource_available":true,"data":null}},"time_used":584,"timings":{"blocked":241,"dns":1,"connect":20,"send":0,"wait":34,"receive":57,"ssl":227},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/676000/676376/640x360/2.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/676000/676376/640x360/2.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 33852\r\nlast-modified: Fri, 05 Dec 2025 17:42:37 GMT\r\netag: \"6933198d-843c\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33852,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"fc39fbb14f876c26ad658fcb78af59a3","sha1":"569fd454547f4bcc2cdf09df7cfc707e80f14ec4","sha256":"5efc7abbc3cfe58cb050f342eab681321eb78db132d487a76a6eb9d268570ce1","sha512":"493baf53850263fbf31bfce92dec0e7595f9191dce5f0f87791bcdbb481ad858c2b5d4ab418f5061d5e824364adcacdeea1a0e3524071cb74ff9fadcc6635b24","ssdeep":"768:1Gsm7GW8mO+XwQpGoy1e2636QXjup33KXNT+ozaRLj0QjrqrR:1Pm7GWfMoMWzEetlzaRL3jrqrR","tlshash":"a5e2f1297ac7a7954f72cc396165f93536436a7b2adb366c0cad63e18ce80133bda005","first_seen":"2025-12-23T11:57:49.550682Z","last_seen":"2025-12-23T11:57:57.907287Z","times_seen":3,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":84,"dns":0,"connect":0,"send":0,"wait":63,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW24DIQy8Si8Q5BcG8t3vVmrVA7CvKqqSlbJVtJV8+BpSVWEEGDOMxxBQPCAdiJ9AjzEdkaxgKBCEAkaxl9c3E7T1K+z7bhkcYlELUvaTZi0Wo4CSWoRsmhFE1RBYiwiICRgbOCiySI8y2Mf7c5/oIDBfW6EWtoyLw45AjT4MmGtVxAWXMTMtWfK8YKpTHmaNs9PB7bk7DON69kNyc64jmnyDQFRMjHrlOw7tCaMwuSEfYD1dt5/LaPZA7J1xj3oT1FTabCSOD8w70n+Efd3CuX5u11s3hvanjehy6J9jt3o91e/TeumX7c4GzhMLpziNRbjIvBRJi2AZJ8+W+RccDKfssQEAAA==\u0026cb=e2e_694a83985f5f57.79028945","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW24DIQy8Si8Q5BcG8t3vVmrVA7CvKqqSlbJVtJV8+BpSVWEEGDOMxxBQPCAdiJ9AjzEdkaxgKBCEAkaxl9c3E7T1K+z7bhkcYlELUvaTZi0Wo4CSWoRsmhFE1RBYiwiICRgbOCiySI8y2Mf7c5/oIDBfW6EWtoyLw45AjT4MmGtVxAWXMTMtWfK8YKpTHmaNs9PB7bk7DON69kNyc64jmnyDQFRMjHrlOw7tCaMwuSEfYD1dt5/LaPZA7J1xj3oT1FTabCSOD8w70n+Efd3CuX5u11s3hvanjehy6J9jt3o91e/TeumX7c4GzhMLpziNRbjIvBRJi2AZJ8+W+RccDKfssQEAAA==\u0026cb=e2e_694a83985f5f57.79028945 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.3.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/main.min.okx.v2.3.js?v=1 HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Dec 2024 12:09:05 GMT\r\netag: W/\"67582f61-4d71\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19825,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14520)","md5":"f5a3b4702c0c9a4b833b6f7e46884895","sha1":"835ba616614e72768e1d75e255a5e8d664f50031","sha256":"e3c7c8530f232b07a6c5a10e0d91a0e4d6ff1623c84fe4ab2b4a814682887fc3","sha512":"770202c7f3ddf27e3cd6e31d015909d212b2c1ae43584b08adaa45d79a8d088f1b2a1c5a6948df6baf8db2768968463c3aaff67a45a8d08f1260ad250ef53820","ssdeep":"384:/edd80fQZmdq304vZAFboCiOB+K/3PnQLYoxRLHLCozOEu02y2Ybm6iEISeC1MME:H4da04v9CikxKHLCcOEu0ddeC1Mp","tlshash":"0f921ad9368170722bb674e9857f810bb135a86b454ec450b15cccf42efce86a173faa","first_seen":"2024-12-20T20:24:35.26918Z","last_seen":"2026-03-14T06:30:05.026665Z","times_seen":29,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":83,"dns":0,"connect":18,"send":0,"wait":57,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/677000/677669/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/677000/677669/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 44511\r\nlast-modified: Tue, 02 Dec 2025 22:00:57 GMT\r\netag: \"692f6199-addf\"\r\nexpires: Tue, 30 Dec 2025 11:57:12 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44511,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3","md5":"55ae9cdc95f704878b87d7ad75ed8d81","sha1":"a54750dca347fb6a3bd5aae7a58a29521fa468ee","sha256":"ae0a34f4a88c193db8219cfe070fa02e5cd6fc8a4990457c14ebf4e88996606f","sha512":"1379a8478c1f5951cfddc0cd77b3eb8d52ff5f01f3b52df803873332d9116492535b4e89f8cd0c8f32370f5c10592cd70abc9f9ee293df8fd557eadc2a1c2f35","ssdeep":"768:Ppth6Fo+QlXJeyWZh6xaD+3sOJgi3q/tX/gUeTJkeuFfS0k1WuDTQe6RvT2zmgj+:vh6FeXIVZh6xaD+cOF6mUeTJk31kQugF","tlshash":"f413014e8d81f260f36e1219a1047a38e9d48ab4e16329bd28d122d84fb7707f59a377","first_seen":"2025-12-23T11:57:49.553115Z","last_seen":"2025-12-23T11:57:57.924379Z","times_seen":3,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a69ce3ee605\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":34,"connect":9,"send":0,"wait":14,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a698179df21\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.195.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10012990?time=1636664874192","date":"2025-12-23T11:57:11.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:67:8C:D2:F3:88:16:3D:99:D4:20:FD:1B:49:11:66:D1:6A:9F:43","sha256":"1A:A3:49:5D:8F:EA:EA:8E:F5:2F:82:5F:FF:33:C6:FF:50:0C:CF:FF:CA:65:5C:0A:74:2F:DB:27:1B:12:CF:EA"}}},"request":{"raw":"GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1\r\nHost: hw-cdn2.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 05 Apr 2022 20:54:54 GMT\r\netag: \"41f5-5dbee74f4a3c8\"\r\nexpires: Fri, 25 Apr 2025 21:03:14 GMT\r\ncache-control: max-age=10646761, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\nage: 2693146\r\nx-served-by: cache-ams21065-AMS, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 70, 66707\r\nx-timer: S1766491032.891493,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 16885\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":16885,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16885), with no line terminators","md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-03T20:19:15.186426Z","times_seen":2324,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":67,"dns":21,"connect":15,"send":0,"wait":15,"receive":2,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/676000/676573/640x360/2.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/676000/676573/640x360/2.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 42379\r\nlast-modified: Wed, 03 Dec 2025 21:45:32 GMT\r\netag: \"6930af7c-a58b\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42379,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"36947176d70c3ce1fbda26cad5351589","sha1":"6bb0ff0820ae92073efc89ad9d0c223abcab02cf","sha256":"a8f7493ca1f15877dac1832645d6d4402251fec02bf943beb5383fea66d6352b","sha512":"fa87fb1afb8bb65e5accd05108ab3e1792a897993db6281478280d9ff26f469594c30d949af0b343c008b05aed1367783f527b3047e3057bf323e85f435dd2fe","ssdeep":"768:tigmlNkfBdtOw1rasRUVpZfzJGqIBM8QenRKRie0x+a9wjJnR5NvkeNq:8gmlNkntTks+pZfz9IQGqie1awFR5hX0","tlshash":"611301043160e09086a5f132e26e5fac623526860cbfc2fce2a75b379dc5ed4d34b5ca","first_seen":"2025-12-23T11:57:49.5554Z","last_seen":"2025-12-23T11:57:57.930155Z","times_seen":3,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678262/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678262/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23159\r\nlast-modified: Wed, 03 Dec 2025 03:33:13 GMT\r\netag: \"692faf79-5a77\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23159,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"ecbbb986595b4602e4a5f090ea6fedb3","sha1":"3117ec64c65a33c42ce20690ce7d752471fa4074","sha256":"d783c4a5a24f082d85577fd77892f773dbb044d311f24a481cfac4271969a8d9","sha512":"472173d364b423af3fa6bbba206022f3c784679ec54898b19067d2f474e2679dbe35f1903e7dc98bbefd9bdeccebf739409e287729874640aeedc77c1bf36c8e","ssdeep":"384:CNxbKXVSP262D5fsfPs29BQjnBeFiJrMECVNKYkocrJc5qvJAsVeTL/6hNGTO:CDKFSuZD5fv29ijBJJnCVAYkogcqSg7N","tlshash":"2fa2e03abb548637b441eb391c612227fe0bd137b9737d2de0b20099a12dd9bf948902","first_seen":"2025-12-23T11:57:49.556533Z","last_seen":"2025-12-23T11:57:57.883204Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 611\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":611,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://okxxx1.com/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540630,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540630,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540630,\"extra_params\":{\"first_request\":true,\"zone_type\":38}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B; expires=Thu, 23 Dec 2027 11:57:12 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16791,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f0a62e80e23c3744ad51758e1e48b45c","sha1":"42d66f84639d1aec878ab8044bcc2f32a57bb689","sha256":"a2f74b1e6beab1fab60c5f9feda26d5806d7206ba9fcf1a18dce308d9918c716","sha512":"9f7a23e281a4189d5aa7668bce17512e555a096aa82f39e5da812a8405883f117c3e82ff35350f1d5d66c33b7b7b4da2103f291e915ff351c370f0395525035c","ssdeep":"384:4amPhKm+BAVRKQCKxLrCO0UbOFdYBNuF9/QQgNAF5dI3bNsFBFEWDAAN+:/mPhK/uLKQCkLGwg3FEWDAAN+","tlshash":"99725bbbbf8548da3bd617861adf7c587c2d351fda81ce758149d91082bc2b80a533a4","first_seen":"2025-12-23T11:57:49.557549Z","last_seen":"2025-12-23T11:57:49.557549Z","times_seen":1,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":95,"dns":4,"connect":29,"send":0,"wait":158,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PW2oDMQy8Si8Qo5ElP/Ld7xZaegDvblxCSRaSEragw9c2aYmFZWHNaEZMrDvwjv0Thb3GPdgyXCYn7KBiL69vJrD1y23bZiJJFKYhg5MlCilkUxUKPphSMkWMicjAAgqU2YTMG7Vg9SK9ckRoXPt4fx4XLdg80cbamEPSmEx6hxNtIO7EaUIqJQAVdU6ea5J0qIhlSdMh6KHBqRltPuHm9TREuxy85iFB/7HrUA/x3Cy1Qza+y/XnPJs9AMduMqr7GjQGdYzXB+C99bcgAf0dyWM4I7u6U/m8Xm7DHYauQx4To0GazK1cjuX7uJ5Hu3MsFil1QZjyEqNfQkAOOs1JM88L1/oLnIxbNcIBAAA=\u0026cb=e2e_694a83985736f7.30660225","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PW2oDMQy8Si8Qo5ElP/Ld7xZaegDvblxCSRaSEragw9c2aYmFZWHNaEZMrDvwjv0Thb3GPdgyXCYn7KBiL69vJrD1y23bZiJJFKYhg5MlCilkUxUKPphSMkWMicjAAgqU2YTMG7Vg9SK9ckRoXPt4fx4XLdg80cbamEPSmEx6hxNtIO7EaUIqJQAVdU6ea5J0qIhlSdMh6KHBqRltPuHm9TREuxy85iFB/7HrUA/x3Cy1Qza+y/XnPJs9AMduMqr7GjQGdYzXB+C99bcgAf0dyWM4I7u6U/m8Xm7DHYauQx4To0GazK1cjuX7uJ5Hu3MsFil1QZjyEqNfQkAOOs1JM88L1/oLnIxbNcIBAAA=\u0026cb=e2e_694a83985736f7.30660225 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a6983b25021\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a6999e78926\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwHXjhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a6985fcd626\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.pemsrv.com/popunder1000.js","fqdn":"a.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pemsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:38:47 GMT","end":"Sat, 17 Jan 2026 14:38:46 GMT"},"fingerprint":{"sha1":"16:DB:C0:84:B9:67:99:32:B2:65:B9:B4:19:A3:A4:E7:78:E9:46:B2","sha256":"C4:03:5E:C5:AB:57:86:05:02:9F:9E:F3:BD:1B:01:5E:C2:F0:0F:F0:14:40:3E:FF:68:BC:99:E6:3B:D1:2A:F5"}}},"request":{"raw":"GET /popunder1000.js HTTP/1.1\r\nHost: a.pemsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"a8b5185c6e336f90988c17b6ae0\"\r\nexpires: Wed, 17 Dec 2025 13:23:59 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJCgHXqBUAAAwBuUwKCQH3JwAAAAwBJRPCVwG3mQAAAA\r\nx-77-nzt-ray: e2f754204a9ecd4097834a695494612c\r\nx-77-cache: HIT\r\nx-77-age: 5544\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":122357,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"58eeac519be6ceb7f233b62fedfdf016","sha1":"a8b5185c6e336f90988c17b6ae0d3baf33019177","sha256":"b0d0cb74d537af4c1b83a9d78074cd9bca9b9f3bde3aad75ec4d55b3f1095190","sha512":"9ebaefaf8755f013dd4039606d27392cd58e3b0abe895b4a5dcbdcdcb9e9473667f27387090c9eb50cd8d234baa8a52e3ae24d488ccc424e27eef4ad4d9382a5","ssdeep":"3072:drCqGR9VdpPtCgzTNiQ4n8701l21bMpSmu:XGjVdhdQQOe+p5u","tlshash":"66c35140210748e921e2d67e956fb0993c24a823f5e9cda76c05e7c1f8dec99069bdf3","first_seen":"2025-12-09T14:42:47.636044Z","last_seen":"2026-01-07T12:59:27.51417Z","times_seen":212,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10012990?time=1636664874192","date":"2025-12-23T11:57:11.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 02 Nov 2018 14:17:11 GMT\r\netag: \"13a3-579af30f7688b\"\r\nexpires: Thu, 24 Apr 2025 01:07:43 GMT\r\ncache-control: max-age=10488628, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\nage: 3084227\r\nx-served-by: cache-ams2100110-AMS, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 55, 7247\r\nx-timer: S1766491032.891240,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 5027\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":5027,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5027), with no line terminators","md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-03T20:19:15.151308Z","times_seen":2306,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":69,"dns":15,"connect":13,"send":0,"wait":41,"receive":1,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/676000/676268/640x360/2.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/676000/676268/640x360/2.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 29448\r\nlast-modified: Tue, 02 Dec 2025 18:00:48 GMT\r\netag: \"692f2950-7308\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29448,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"d47d4313ba5e4caa3ab1efe1b8f8c310","sha1":"7dee8061afdebeef82e640db35eb09551b4e9d41","sha256":"3456a78057bea6e5ebbc41d5a563e840d4ee5e2cd22271adb0cec8fc5ecde16b","sha512":"6fe4d139f9529ceac7dedb44170f7daccd45a8a182e296153234d23b235e1f5a6b3e2bce738b0c2f3c5e1298c2e8f28982886fd3e7d33eed837125bf0c328e45","ssdeep":"768:WZEzyjIvWMT9OWl2CGp9q6fOA+5EzDAZLBxd6KaFqzch:Wizyja1LwZzqe9+LB6lqzG","tlshash":"bed2e0c9775ca95491bac4bc06b0d628e3c2c24b4d41292cff1e86c953e26f1cbb7a14","first_seen":"2025-12-23T11:57:49.560374Z","last_seen":"2025-12-23T11:57:57.92321Z","times_seen":3,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":83,"dns":0,"connect":0,"send":0,"wait":50,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/jquery.easy-autocomplete.min.okx.v4.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/jquery.easy-autocomplete.min.okx.v4.js HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 30 May 2023 06:22:12 GMT\r\netag: W/\"64759614-427e\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17022,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (15648), with CRLF line terminators","md5":"d2665d38930da43a018e407bf3e675f3","sha1":"001e97ed4cc4c5d629ace24cc72dc1e5670a003e","sha256":"3a05fd0ac6d969742738d6df57996f73fc14fa0776827580a5d358be6db36674","sha512":"560ad8eb8145f263b39bae69ecdd6f04355353f9413f2e92b76246aafbce17f78e856451b34de9bea2084eb67428f61393f75ef2b3ac98b2842f3a648c453339","ssdeep":"384:VDPgWFxQKIM5KlmYVwYpYUTlmNpiMCMVl/qnBJ3GLxp2GoLFbK6TICc5E:VjTFxQKIM5KlmYVDYUTlmNpiMCMVMBSm","tlshash":"aa72855c7295710a03f7717692ff010bb13aa8e999054ca0b96c81e06fb4eaf5267f2d","first_seen":"2023-04-16T07:34:59Z","last_seen":"2026-03-06T20:07:37.872729Z","times_seen":15,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":91,"dns":15,"connect":30,"send":0,"wait":50,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a69f23c8221\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/font/fonts/fontawesome-webfont.woff2?v=4.6.1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/font/fonts/fontawesome-webfont.woff2?v=4.6.1 HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 70728\r\nlast-modified: Mon, 03 Jun 2019 07:04:00 GMT\r\netag: \"5cf4c660-11448\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70728,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 70728, version 4.393","md5":"926c93d201fe51c8f351e858468980c3","sha1":"977357f82830f57fbdac2492dd421e5dcce44a1a","sha256":"d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d","sha512":"3097fc028f8637abfbc75c95180e3f3b5af9c74cd925ffbeee9e409497d387f76c769781ca1f08ad7b39ae437adda32f6e8de61f5578ebfe8da16cba41a9e23b","ssdeep":"1536:k9chxme4Zu0LDIrvALIlSgXHBJvTvyuaGPm0lxyu:kSYDIrtwgGHGPm0x","tlshash":"ed6302bef2337102d2a016bc59769566cc387d16617f8eee1f7a6ab41c4032d90d134e","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-04-03T21:07:24.814814Z","times_seen":4310,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 510\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":510,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://okxxx1.com/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540630,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540630,\"extra_params\":{\"first_request\":true,\"zone_type\":38}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%225c358bec2a222406b7a4158a17fca45a%22%3B; expires=Thu, 23 Dec 2027 11:57:12 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4280,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e90f4aea576ba1b450b4736963614188","sha1":"39cbf9d09812e9b235288f8b5f49deab314d86df","sha256":"2ed77717d5fb6c36c4e69cfb0b5045432d00ed3ef8650961f6fa53ea39ed7078","sha512":"986908a400cd75e8441e33e46bf4599228477a6938d26c9323fa30ec9892877e00e0c3ab7533864f66a20f3dd1dcb5836ab243fdd8b63af30d3846227483e2ac","ssdeep":"96:4To3DAURROlMPtG5E9eBB5kJoP6cyeLA7tp6tGt4h5E9eq1HtotQPt:4U3DAURMlpKmByoCc1LktpkhKDttotQt","tlshash":"4d913abdba405e7d8ab1d5dc1eb334a47d19320f9e8b4cd9400ae989d27e0701441fb9","first_seen":"2025-12-23T11:57:49.563068Z","last_seen":"2025-12-23T11:57:49.563068Z","times_seen":1,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":4,"connect":29,"send":0,"wait":108,"receive":1,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW2oDMQy8Si+wRk9bzne/W2jpAbybdQklCSQlbEGHr+0+iAfbwhppRiYgnZAm4geIO007JM8YMgShgCr+9Pzign7+CNu2uYiJomvMSOYG0WJ2VYFI4grmiikZgCNxpkTJXMDZoYGURXoUAFBJYqv3t9fHsbGBnAE20lY9ZJ3ApWfIYEOgXjzPaKVExIp1MaZqYmvFVPY2r1HXRodmtnnFsJyPQ7hLIgkNCfjH1KmMwtRstQU+nsv167S43xHHfDyi31FgNOoc1jviD1L+G5Jiv7EfjMMZ+DUcy/v1chvucOgGwtExOUr7rVu5HMrn4Xwa6V7j1maUSjXNe2IjXee9JmThXGudOX8DAQm8T8YBAAA=\u0026cb=e2e_694a83985278c5.57783154","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW2oDMQy8Si+wRk9bzne/W2jpAbybdQklCSQlbEGHr+0+iAfbwhppRiYgnZAm4geIO007JM8YMgShgCr+9Pzign7+CNu2uYiJomvMSOYG0WJ2VYFI4grmiikZgCNxpkTJXMDZoYGURXoUAFBJYqv3t9fHsbGBnAE20lY9ZJ3ApWfIYEOgXjzPaKVExIp1MaZqYmvFVPY2r1HXRodmtnnFsJyPQ7hLIgkNCfjH1KmMwtRstQU+nsv167S43xHHfDyi31FgNOoc1jviD1L+G5Jiv7EfjMMZ+DUcy/v1chvucOgGwtExOUr7rVu5HMrn4Xwa6V7j1maUSjXNe2IjXee9JmThXGudOX8DAQm8T8YBAAA=\u0026cb=e2e_694a83985278c5.57783154 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a690f6ab321\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a691a468b26\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678247/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678247/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 35915\r\nlast-modified: Wed, 03 Dec 2025 03:19:02 GMT\r\netag: \"692fac26-8c4b\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35915,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"05271971dad8e7c1baf32f2f5c244b47","sha1":"b4e37ff3531765d2208c7a859b0907b73ed2cd5b","sha256":"1095ea3b374a4c128fb9fbf249672088eda0373838f5cd6020c3f3ff6c8d60fa","sha512":"63dabf9b1f04859db98666fcb70abf89f728971ce33ec6c864d46c4d494cbe553c069c68f29a005d21adcb6b5f2d7e4799a7b74072f0482ac3db61c859481a25","ssdeep":"768:4i4ktQWf6OPu7A9TTX20AiXiX8vpFQfTbr/wuRUbJamerjmb6:4J7g6OPRXG0ADX8vwb6bEO6","tlshash":"7cf2f14cf13a15cc410ec53685ae133ccd4f6f02ecc6ec8c249b140afde6466a8abb69","first_seen":"2025-12-23T11:57:49.564346Z","last_seen":"2025-12-23T11:57:57.898908Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QUWrDMAy9yi4QI8mSrfR73xts7ABOGo8y2kAzSgY6/GytjFrYFtZ7fk8iIBmQBopPkA6SD0g2YhghMAUUtpfXN2O09Svs+27MyoImaURSU0iaRhNhSMQmoCaYswIYEiMkUDUGiwYtSCJzzwIAcsLU+Pbx/uwbW5BFgJ2ksV3WCIx7hRR2BOrkaUItJSFWrLNGqsq6VMzlqNOSZGlwaGabVwzzenZhl+QsLgH/MXRoRI7UbLUF5s9l+7nMZg9A7y96dm8F/KOOifIA/IvW2L1JSv3GfkR0Z2BbOJfP7Xpzd+i6wRlk2ZDbtG7leirfp/Xi5c4xmmiJKrGOOeOcS6oytkkQylznaTr+ApSgN/vGAQAA\u0026cb=e2e_694a83985ebc83.24155828","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QUWrDMAy9yi4QI8mSrfR73xts7ABOGo8y2kAzSgY6/GytjFrYFtZ7fk8iIBmQBopPkA6SD0g2YhghMAUUtpfXN2O09Svs+27MyoImaURSU0iaRhNhSMQmoCaYswIYEiMkUDUGiwYtSCJzzwIAcsLU+Pbx/uwbW5BFgJ2ksV3WCIx7hRR2BOrkaUItJSFWrLNGqsq6VMzlqNOSZGlwaGabVwzzenZhl+QsLgH/MXRoRI7UbLUF5s9l+7nMZg9A7y96dm8F/KOOifIA/IvW2L1JSv3GfkR0Z2BbOJfP7Xpzd+i6wRlk2ZDbtG7leirfp/Xi5c4xmmiJKrGOOeOcS6oytkkQylznaTr+ApSgN/vGAQAA\u0026cb=e2e_694a83985ebc83.24155828 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a6913037e26\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/adf5321d0cf949799de03d25902df185c9f4f0ee.mp4","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/adf5321d0cf949799de03d25902df185c9f4f0ee.mp4 HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 31787\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-7c2b\"\r\nexpires: Fri, 27 Nov 2026 09:56:16 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec02-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3QP8HAAwBuUwKDAH36QAAAAwBw7WvFwG3L2MaAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a694085d232\r\nx-77-cache: HIT\r\nx-77-age: 524096\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\ncontent-range: bytes 0-31786/31787\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":31787,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"0a49ef82b5682957344cfca85af81a41","sha1":"adf5321d0cf949799de03d25902df185c9f4f0ee","sha256":"4a58d3c010d924164a004f7a8da134c2ffe9337d81859bca44424e94f9557e7e","sha512":"43befa53ac74e817b66b866689c6b2f90bf2fdccc4b7cf19fe6742f65ba3065eeb8c57660606ae959d98501fb3b589e63c70f20154e5964c7896eff491893a07","ssdeep":"768:RzxtxaOgrZD/e4IZPhYcVsOeux1ZiVmIBotumBnX+UT37OnIE:1DeZD/e5pYcjx1k7B8umBnX+tIE","tlshash":"3ce2e105274e3684da698d3303ac82b66e294004d1df1336d99b46feeae1b44dcdd6cf","first_seen":"2025-10-22T00:34:07.424879Z","last_seen":"2025-12-25T19:36:28.575764Z","times_seen":169,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.pemsrv.com/ad-provider.js","fqdn":"a.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pemsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:38:47 GMT","end":"Sat, 17 Jan 2026 14:38:46 GMT"},"fingerprint":{"sha1":"16:DB:C0:84:B9:67:99:32:B2:65:B9:B4:19:A3:A4:E7:78:E9:46:B2","sha256":"C4:03:5E:C5:AB:57:86:05:02:9F:9E:F3:BD:1B:01:5E:C2:F0:0F:F0:14:40:3E:FF:68:BC:99:E6:3B:D1:2A:F5"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.pemsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9aadc21458924cf509e9e4cd443\"\r\nexpires: Wed, 17 Dec 2025 13:23:54 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJCgH3rRUAAAwBuUwKAQH3MAAAAAwBw7WvAgG3ogAAAA\r\nx-77-nzt-ray: e2f754204a9ecd4097834a6900b6dc06\r\nx-77-cache: HIT\r\nx-77-age: 5549\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185361,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6b6a035a8d534745768f430968527ddc","sha1":"9aadc21458924cf509e9e4cd443e12dd21c1a24d","sha256":"fa1550d32fff4d3ae5d6e1061002ce4b162cf5d8602828d8537edf417fb19d3d","sha512":"fc3e8f5e9b0b7a862cce263a82a12a31bcf9e310f3931861c90376815e30d7aedfb38ddf18fc91689083c1acea845bbb7cc8f51a843688d622be1b9c6c1d9c74","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMzpo:U+28VOk262lElwnRjfs4sXJpo","tlshash":"3b045d993792307441d3a11da9ff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T18:04:56.436466Z","last_seen":"2026-01-14T02:16:11.491697Z","times_seen":88,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":96,"dns":40,"connect":15,"send":0,"wait":14,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10012989?time=1636664872070","date":"2025-12-23T11:57:11.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 02 Nov 2018 14:17:11 GMT\r\netag: \"13a3-579af30f7688b\"\r\nexpires: Thu, 24 Apr 2025 01:07:43 GMT\r\ncache-control: max-age=10488628, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\nage: 3084227\r\nx-served-by: cache-ams2100110-AMS, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 55, 7246\r\nx-timer: S1766491032.889649,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 5027\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":5027,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5027), with no line terminators","md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-03T20:19:15.151308Z","times_seen":2306,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":63,"dns":14,"connect":13,"send":0,"wait":13,"receive":3,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/677000/677706/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/677000/677706/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 51658\r\nlast-modified: Tue, 02 Dec 2025 22:27:29 GMT\r\netag: \"692f67d1-c9ca\"\r\nexpires: Tue, 30 Dec 2025 11:57:12 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51658,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3","md5":"cb886fa945c4afa7cda1d29e62465e93","sha1":"9934f0b8e6a847d1107f22693b1123d10d5a222c","sha256":"c496b9efc3dabfc4442489b976f7bc52164fb4bd2e0965ecc47eef47ba36bda3","sha512":"46049cf76293b8acc530f9e2ad6b0400b80fdddeef2ae653e15e925c6d9cdfd73be07b304121746d168ea3ce7a0eb61c760b72152e5d2dbedd3300f81f64af3f","ssdeep":"768:RJcyfOuNk5PC8KxNPpy+rfnwEFOgQOyg9IKebL/8SvKtKFiuzKccEfVMPBbt:RJJ85q8KIOfnhFXQOR0bFFiZuVMpx","tlshash":"3d33f22a3f78b6a8fc8e092025e88f742789af1c7cd56a1f9cef117dc644305b5984b5","first_seen":"2025-12-23T11:57:49.568997Z","last_seen":"2025-12-23T11:57:57.978685Z","times_seen":3,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.pemsrv.com/v1/api.php","fqdn":"s.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pemsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:38:47 GMT","end":"Sat, 17 Jan 2026 14:38:46 GMT"},"fingerprint":{"sha1":"16:DB:C0:84:B9:67:99:32:B2:65:B9:B4:19:A3:A4:E7:78:E9:46:B2","sha256":"C4:03:5E:C5:AB:57:86:05:02:9F:9E:F3:BD:1B:01:5E:C2:F0:0F:F0:14:40:3E:FF:68:BC:99:E6:3B:D1:2A:F5"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.pemsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 409\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":409,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://okxxx1.com/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5538852,\"extra_params\":{\"first_request\":true,\"zone_type\":33}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22389e239ac7692cbfbe51dbcbb7069ed7%22%3B; expires=Thu, 23 Dec 2027 11:57:12 GMT; Max-Age=63072000; path=/; domain=pemsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1975,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c0016c84da1ff18723886dedcf498a5b","sha1":"0b0e36fb54ff5ba46f96ab4c5e8ecc3e22739d88","sha256":"462902840cf3401f7d65b5e1239f7e719d191eda3d77f4bf90357813a22539e4","sha512":"077cb7678180c3ca6de362d08ff075ae1517fd80b0dcc0f3aef3f449cc8ad956dea92bd151c3756e15384dc7b83f8f339b2ac3ba69bab603763d0a7bc8b5c1df","ssdeep":"","tlshash":"22410a74f18488acd604de8cbcaa78375c95792bdfc498ea41694878b5af11c0308f72","first_seen":"2025-12-23T11:57:49.572712Z","last_seen":"2025-12-23T11:57:49.572712Z","times_seen":1,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":93,"dns":1,"connect":30,"send":0,"wait":39,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PW2oDMQy8Si8Qo6ct57vfLbT0AN7NuoSSLCQlbEGHr+2GEg82QhrPjAhId0g74ieIe017JM8YMgShgCr+8vrmgr5+hW3bXMRE0TVmJHODaDG7qkDk6ArmiikZgCNxpkRJXMDZoYGURXoVABCQE+eYDaQpGPjH+/O42EDOABtpkxn+TuDSJ2SwIVBXmSa0UiJixTobUzWxpWIqB5uWqEujQ0vdQmOY19NIMLwFeVjAP3adyihMLV874KNdrj/n2f2BOBaVUd13giHUOawPxD8w37cFUzQjyBlzBuk97A/jSAl+Dafyeb3cRlIcGQLmoZ4cpVneyuVYvo/reYz7H5/rYSalRTRaSfkwSU3IQkviiJzrL5i0cGTbAQAA\u0026cb=e2e_694a8398582190.24835900","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PW2oDMQy8Si8Qo6ct57vfLbT0AN7NuoSSLCQlbEGHr+2GEg82QhrPjAhId0g74ieIe017JM8YMgShgCr+8vrmgr5+hW3bXMRE0TVmJHODaDG7qkDk6ArmiikZgCNxpkRJXMDZoYGURXoVABCQE+eYDaQpGPjH+/O42EDOABtpkxn+TuDSJ2SwIVBXmSa0UiJixTobUzWxpWIqB5uWqEujQ0vdQmOY19NIMLwFeVjAP3adyihMLV874KNdrj/n2f2BOBaVUd13giHUOawPxD8w37cFUzQjyBlzBuk97A/jSAl+Dafyeb3cRlIcGQLmoZ4cpVneyuVYvo/reYz7H5/rYSalRTRaSfkwSU3IQkviiJzrL5i0cGTbAQAA\u0026cb=e2e_694a8398582190.24835900 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PW2oDMQy8Si8QM5IlW5vvfrfQ0gN4k90SShJIStiCDl+vGko8+IE10swwWDfEG85PKFutW2IfKA1IwolU/OX1zYX8/JWWZXEREyXXMhCbG4qVwVUFJRdXmCvVaoATC6HAzAWeHR2sWWR9JYB6r3+8P8emDvYMLKy9MySd4bJW2LAQeG0cR7LWCtFM884yzyY2zVTb3sap6NTp6Ea7T0q78zFEVzmqrCGBf2xWaibJ3C31BY/vdv057dwfiJFN4nWPgRi0crI+EP9A5R6wJ+xXHJnCGPyaju3zermFOQrZRBYDq5N0lVu7HNr34XyKMsLWVOs41j2Nohj24zDOOvNkzAwt3H4B9NpGK8EBAAA=\u0026cb=e2e_694a8398587508.40740425","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PW2oDMQy8Si8QM5IlW5vvfrfQ0gN4k90SShJIStiCDl+vGko8+IE10swwWDfEG85PKFutW2IfKA1IwolU/OX1zYX8/JWWZXEREyXXMhCbG4qVwVUFJRdXmCvVaoATC6HAzAWeHR2sWWR9JYB6r3+8P8emDvYMLKy9MySd4bJW2LAQeG0cR7LWCtFM884yzyY2zVTb3sap6NTp6Ea7T0q78zFEVzmqrCGBf2xWaibJ3C31BY/vdv057dwfiJFN4nWPgRi0crI+EP9A5R6wJ+xXHJnCGPyaju3zermFOQrZRBYDq5N0lVu7HNr34XyKMsLWVOs41j2Nohj24zDOOvNkzAwt3H4B9NpGK8EBAAA=\u0026cb=e2e_694a8398587508.40740425 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.4/mobile-detect.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/mobile-detect/1.4.4/mobile-detect.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 13867\r\ncf-ray: 9b27ae1029ea56aa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03f25-981e\"\r\nlast-modified: Mon, 04 May 2020 16:13:25 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 309886\r\nexpires: Sun, 13 Dec 2026 11:57:11 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=E1NsH23BglGz05auWt%2Bo5%2FYs5z1kvxZCXPeHEFrAFcVCIHgxw96E%2F20UiAuPPpvBTwO5tJZhQuoKL%2FQK%2FYHpEUUT0zAk13ujjkqUYaJnlPc5GF01y7fjqz90cL7chp0cOa3OaDMg\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38942,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (33237)","md5":"c7bc0490ab1b85274bd5422aa273bf6c","sha1":"2f401f539bd0c4713ea6c3812dfc853260c49822","sha256":"ebd21fd785e33300ae6571194031810c2e87373fb139b681888b2423d78a562b","sha512":"8525721ae5c11e6672f80f8fdb50d1500b9ced44df72a73481e89e6ff1f5666aa2240a034dfcc560838100c4dc154594fcfc0b3c4a111181bfefb7243c1ea84b","ssdeep":"768:WzfO0UVJMIR56pR/Bdg4LWZtFN22979GxV/w72158h1NEac4JXJ8XnLhkxgg6oTH:WzfO0UVWIv635y4LWZtFN2297aoKC1Nr","tlshash":"29030ad2af31ee065d2f8465f06f2183b6f7d223a7ed4473e019498a6f8550350dbea8","first_seen":"2023-03-07T01:10:18Z","last_seen":"2026-04-03T15:42:24.901293Z","times_seen":972,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":49,"dns":1,"connect":1,"send":0,"wait":16,"receive":1,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/8107cc82aa1ad379499aea72ba549b7e5b2e9e47.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:13.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/8107cc82aa1ad379499aea72ba549b7e5b2e9e47.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 193392\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-2f370\"\r\nexpires: Fri, 11 Dec 2026 15:11:23 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec02-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3Bf4HAAwBuUwKDAH3VAIAAAwBJRPCVwG3JaQHAA\r\nx-77-nzt-ray: e2f754205aa1896f99834a69bbc3050a\r\nx-77-cache: HIT\r\nx-77-age: 523781\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":193392,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"ed460e0ab40e30aa9b90d1a269a8187d","sha1":"8107cc82aa1ad379499aea72ba549b7e5b2e9e47","sha256":"33bab9495a93de15a862e7e189c10977fdd809e93ed9735ea434d5a40313f513","sha512":"53d936990299434249bd24da9fddb43e09d3ca9abb7f082b4b8577df00eb3d26e5772fc42476d373fad4db09c52cf33de8bd8f36994a105c8ce0e0fa47cd9db1","ssdeep":"3072:J0x6MKnWdXE0nQpqhWy/GqegLGt/r3dQ0rWIYuv4q1k+gsp7JCcKvzKJ8Pvugs5x:JVMKnWdXE0Qpry/NPLm3dQ0rWIb4Q1bZ","tlshash":"ff141229ac990989d22ca6391804bed207f30ce2c5531d738f7f665f8b765496f318ba","first_seen":"2025-10-22T16:51:38.724449Z","last_seen":"2026-04-03T16:50:22.521158Z","times_seen":234,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/437080dc4aabae1f7511560c159c11389da0454d.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:13.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/437080dc4aabae1f7511560c159c11389da0454d.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 35001\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-88b9\"\r\nexpires: Fri, 27 Nov 2026 09:53:05 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec02-prg1-1\r\nx-77-nzt: EwwBuUwJCgH31P0HAAwBuUwKAQH3ZwIAAAwBJRPCLgG33WMaAA\r\nx-77-nzt-ray: e2f754205aa1896f99834a69e12a200b\r\nx-77-cache: HIT\r\nx-77-age: 523732\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":35001,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"44645e48a0a1cffe8ca724d077a7fa5e","sha1":"437080dc4aabae1f7511560c159c11389da0454d","sha256":"ed657f32f3084fcf1131c4685088da565ff1a0e95b838bf8c16b76dc8c6b1ff0","sha512":"f6f9e46ef76e7422a1ecd9294bf60f033816b3da1f9868f7a8a5e78cf7cce7b5482171c57fd6ba5fd7f038be18a6a94f2b309b02e6f8fc780fd9036c953394d5","ssdeep":"768:vSzBxpINwHdJ7ecafSnS7Ves0yNSPB+22yf8NQfGDjKlIA7k4:KzBxpuw9yaNsbaftoKG34I43","tlshash":"d7f2e1e2fa6162eee9031ab18d4f67c6876688291c9db8183951c9fb36e0104ddd3f53","first_seen":"2025-11-15T18:26:14.476843Z","last_seen":"2026-04-03T22:13:11.930946Z","times_seen":362,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/fonts/abel.woff2","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/fonts/abel.woff2 HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 9584\r\nlast-modified: Tue, 10 May 2022 15:53:00 GMT\r\netag: \"627a8a5c-2570\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9584,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 9584, version 1.0","md5":"8a3120a94e363ce8867bee0f08d89510","sha1":"1873aa68685b8437ba1d9bbaf9c7379b991ec7db","sha256":"42c19752ec1d9d93821198bfebce02c7ece58b7a908c42e308dab2a41c726e00","sha512":"5a4d32e3fa2549e137b900cd663c46ac16dc6bd53f0de968234456131f4a602dacac49e46df2d7a33621fd4f97d0893e2f0ef943206758dee6936790891270b8","ssdeep":"192:+XDsFJGyXONF79e1EQOl83L1b9NqJBDClz2SV7+qqrJfAROIDG:+XDsfXwF79eqledO2lC27+RrJf8G","tlshash":"7c12b0317688239afd618c71fddffbadc1a45885c81e211c8b55cb7674a4ac0e00fe24","first_seen":"2023-04-16T07:34:59Z","last_seen":"2026-03-29T23:10:09.102865Z","times_seen":109,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwHXjhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a69b87ca626\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.pemsrv.com/ad-provider.js","fqdn":"a.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pemsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:38:47 GMT","end":"Sat, 17 Jan 2026 14:38:46 GMT"},"fingerprint":{"sha1":"16:DB:C0:84:B9:67:99:32:B2:65:B9:B4:19:A3:A4:E7:78:E9:46:B2","sha256":"C4:03:5E:C5:AB:57:86:05:02:9F:9E:F3:BD:1B:01:5E:C2:F0:0F:F0:14:40:3E:FF:68:BC:99:E6:3B:D1:2A:F5"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.pemsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9aadc21458924cf509e9e4cd443\"\r\nexpires: Wed, 17 Dec 2025 13:23:54 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJCgH3rRUAAAwBuUwKAQH3MAAAAAwBw7WvAgG3ogAAAA\r\nx-77-nzt-ray: e2f754204a9ecd4097834a6972145b2c\r\nx-77-cache: HIT\r\nx-77-age: 5549\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185361,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6b6a035a8d534745768f430968527ddc","sha1":"9aadc21458924cf509e9e4cd443e12dd21c1a24d","sha256":"fa1550d32fff4d3ae5d6e1061002ce4b162cf5d8602828d8537edf417fb19d3d","sha512":"fc3e8f5e9b0b7a862cce263a82a12a31bcf9e310f3931861c90376815e30d7aedfb38ddf18fc91689083c1acea845bbb7cc8f51a843688d622be1b9c6c1d9c74","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMzpo:U+28VOk262lElwnRjfs4sXJpo","tlshash":"3b045d993792307441d3a11da9ff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T18:04:56.436466Z","last_seen":"2026-01-14T02:16:11.491697Z","times_seen":88,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678365/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678365/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 42109\r\nlast-modified: Wed, 03 Dec 2025 05:35:32 GMT\r\netag: \"692fcc24-a47d\"\r\nexpires: Tue, 30 Dec 2025 11:57:12 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42109,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3","md5":"6152c4399a0f3d2edcd279205b1dbf39","sha1":"c66897d8c663d692de646bcf84cb6de0572176cf","sha256":"eaca25208d70a0c0e95559f96d4fc8b7d2b2d2569a9d3807c223a133b49a81af","sha512":"ff7bc79e94479ccdd552ea12075ce0acb775aaf5686dbfd1c086628e75c9b5a4b55d57465bee58f916456ff4d3232c5ec800fef020b139a37f5d1c8dbeca59e1","ssdeep":"768:ZJEoCmkVBdr4+oIQD0XL/BpuA300Suc9RPGg0wpmOtGGmR17YrJ29zvY:ZJrGBdk+oIqqL2oSxPnp7mRhISs","tlshash":"ec13f17d7e9ee181f61535603f904e6363e28f827b93225e698f578371420e3ad86744","first_seen":"2025-12-23T11:57:49.578661Z","last_seen":"2025-12-23T11:57:57.977519Z","times_seen":3,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/cdn-cgi/rum?","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"okxxx1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 03:25:24 GMT","end":"Wed, 04 Mar 2026 04:25:21 GMT"},"fingerprint":{"sha1":"D5:FA:EC:FF:09:24:A6:12:FF:3A:52:E1:F0:71:4C:E2:3E:71:E5:8A","sha256":"A5:BE:13:2E:FC:EF:CD:01:4D:1B:70:D0:A1:FE:BA:0C:83:45:0D:4E:A9:0F:DC:65:74:1C:9F:F5:61:28:28:AD"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 1017\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: kt_tcookie=1; __suvt=cfc62647b84877edd61db83a40a79278; _ga_HH9W20VKS6=GS2.1.s1766491032$o1$g0$t1766491032$j60$l0$h0; _ga=GA1.1.732867693.1766491033\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1017,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1206,\"startTime\":1766491030516,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":2},\"pageloadId\":\"221b44fe-9bac-4527-9bd1-a5a56b5bed23\",\"location\":\"https://okxxx1.com/\",\"nt\":\"navigate\",\"timingsV2\":{\"unloadEventStart\":0,\"unloadEventEnd\":0,\"domInteractive\":1183,\"domContentLoadedEventStart\":1313,\"domContentLoadedEventEnd\":1386,\"domComplete\":1948,\"loadEventStart\":1948,\"loadEventEnd\":2009,\"type\":\"navigate\",\"redirectCount\":0,\"initiatorType\":\"navigation\",\"nextHopProtocol\":\"h2\",\"workerStart\":0,\"redirectStart\":0,\"redirectEnd\":0,\"fetchStart\":147,\"domainLookupStart\":150,\"domainLookupEnd\":158,\"connectStart\":158,\"connectEnd\":186,\"secureConnectionStart\":164,\"requestStart\":187,\"responseStart\":291,\"responseEnd\":331,\"transferSize\":70200,\"encodedBodySize\":69540,\"decodedBodySize\":408700,\"name\":\"https://okxxx1.com/\",\"entryType\":\"navigation\",\"startTime\":0,\"duration\":2009},\"siteToken\":\"8274a3833a98441c9863847f9fb96595\",\"st\":2}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: text/plain\r\naccess-control-allow-origin: https://okxxx1.com\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VG0syF%2Fyyd38neb6%2F5qxdwyjmojsE4aImEKYxlG4wj%2FQhhu7R3pBlKE%2BxkbxXNzbhitIRLcc1%2B5c7eihAitz89TB7Np2Gd8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b27ae1b594356b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/3d6d49cf152cb59a50740dd027fe62665410bc14.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/3d6d49cf152cb59a50740dd027fe62665410bc14.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 16674\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-4122\"\r\nexpires: Fri, 27 Nov 2026 09:53:06 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3tmEiAAwBuUwKEwH3VQIAAAwBJRPCNAG3CwAAAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69741e422b\r\nx-77-cache: HIT\r\nx-77-age: 2253238\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":16674,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"264bdb54ef7c09af9a0fdd720079b46b","sha1":"3d6d49cf152cb59a50740dd027fe62665410bc14","sha256":"457a3fcabac4af327c2fab657f617b9b09a021c2b8b094af3c067125fbe62405","sha512":"4c994b430c023b03f445d1ab1530f4cd13e4aff03bda75ba80e7863f3b4272c1ae9598b6edde74c3cbadb5b9728893e86c997252182865cf13e8e165930a169b","ssdeep":"384:oJnOOs2AMBk1IFRc45JDghKBiQTRnsPJzI3z/hGdkuw:oJOOrbTJDgSiQ5sP+3dGM","tlshash":"9e72b0ff6d164b1a637e172ad6181d3742400cec10bbfce4259721fb9786d3eb1a50a6","first_seen":"2025-10-22T00:34:07.773467Z","last_seen":"2026-02-15T16:32:10.904883Z","times_seen":332,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/676000/676702/640x360/2.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/676000/676702/640x360/2.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22908\r\nlast-modified: Tue, 02 Dec 2025 22:05:06 GMT\r\netag: \"692f6292-597c\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22908,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"1e15d431934ec0955489ff13b49e4e28","sha1":"e3f9a1560b0e82026c49b39cb5c88eaa0269a6e3","sha256":"9f66e06fe0d64ee158d5997a4718bafbbc38cd44f834b872629cd49d600a16d1","sha512":"a5b1a0d531b92c95ec248c1ba04f95bde14d1fad8338687eff2c5c234cf0d74061543d09878e41969bd3cfe71ebfa4c3cf5eed0a95c28a8ef4e82b75d7d554a3","ssdeep":"384:hRTKK5nCO1i8Ih/9TOpeSXLPG8OI0BbuxonxuDMp4n8Y/96v:hR2yCvD8lOW0BaxonYD4O/a","tlshash":"ffa2d02bf149ac5018f2eef21d08b607d558d5eae4ea1c1f6049048f63f829b8679f0b","first_seen":"2025-12-23T11:57:49.582165Z","last_seen":"2025-12-23T11:57:57.935605Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/fef90767905183c5e3ef4ed489d88353c32380c3.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/fef90767905183c5e3ef4ed489d88353c32380c3.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 14111\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-371f\"\r\nexpires: Fri, 27 Nov 2026 09:53:28 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3Hf8HAAwBuUwKEwH3DwEAAAwBWd59LgG31GMaAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a6942362727\r\nx-77-cache: HIT\r\nx-77-age: 524061\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":14111,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"32146c16576b373d4bc17840712ae8fd","sha1":"fef90767905183c5e3ef4ed489d88353c32380c3","sha256":"9f4ba0cc677680812cdf564cd4d5fd692c5e3684fe1ad3abd79536caf337bddf","sha512":"d87d0f6c3fa2fa709ee1b1c3a639f23730e72a90f520dfaeb5f154a1af699f3eff524abbf8550a82d0486dd94b84415bd9629247db8612e26c09245e1faa3439","ssdeep":"384:CRZ9XY6mNd4rSiRBL121ORcmNRugoO0GDOOev9:CG6mb4rSiRb2XmDuTeDg9","tlshash":"2852c089b998d609e9e94d720841a3039771ac52d073355f72b6b139306f3396fdc1b7","first_seen":"2025-10-22T16:51:38.388282Z","last_seen":"2026-02-15T17:11:03.310878Z","times_seen":329,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":61,"dns":33,"connect":8,"send":0,"wait":14,"receive":2,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/808084/7c86faebec3a66480f498d74ce70b66a3310dc74.webp","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/808084/7c86faebec3a66480f498d74ce70b66a3310dc74.webp HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7108\r\nlast-modified: Thu, 15 Aug 2024 21:07:29 GMT\r\netag: \"66be6e11-1bc4\"\r\nexpires: Sun, 17 Aug 2025 09:23:09 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-77-nzt: EwwBuUwJCgH3GuSoAAwBuUwKEwH3LgAAAAwBJRPCNAG3lcF6AA\r\nx-77-nzt-ray: e2f754205aa1896f98834a697b50ab2d\r\nx-77-cache: HIT\r\nx-77-age: 11068442\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":7108,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0a3d70a82bde1c43c3ae727b24b2d48b","sha1":"7c86faebec3a66480f498d74ce70b66a3310dc74","sha256":"c70909b67aa4f086433d1ad785a99d269c7c3379b752cfc601e9abf15d11b941","sha512":"c7dc9ffe4af484d7df836eb69d91fe5bf33659c0d17f26a775d6fb2ae4058b3518be3c7aecc8c09aa474eff0e8e52aaa3942953339c1f1be13205ae1282d06bb","ssdeep":"192:qskg9i26kI6JSS2Tn0oSO/ryaCNlQOROV:qskg9i6FMS2ooSOzyaC5Rq","tlshash":"1ee1ae4ade7d1fe417c7bc54597f38932b8285c9a89602be89197f8a096882d3209849","first_seen":"2024-08-19T20:55:02Z","last_seen":"2026-04-01T19:40:43.399613Z","times_seen":174,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QUWoEIQy9Si+wksSocb/73UJLD+A4Y1nK7sBOWaaQwze6ha4PY9Tny4sEFA5IB/JPEI8hHZE0o8vgmBwG1pfXN2XU9cvt+64CBtYQM5LYLkrMGgJDpKgBRGNiyQSKQOIDJVEG9QoGCp55ZAL68f48JhqMbrEX6mk/MXHYTaLTpwmllIjYsFXx1IRlaZjKLNMSw2J0MHvmDl1dz7ZJZs50OCZbwBFlc0Cj8h2H/sQjezJDNkDHcdl+LlX1gTg68yMbTVBX6bOTfHhg3oHyn464uXP53K634Qz1TxzR9JDtZ27leirfp/UyLvud5io4LwUxVw81+ebnsvipzksrlBr/Ag+b0sSyAQAA\u0026cb=e2e_694a83985f43f5.11549161","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QUWoEIQy9Si+wksSocb/73UJLD+A4Y1nK7sBOWaaQwze6ha4PY9Tny4sEFA5IB/JPEI8hHZE0o8vgmBwG1pfXN2XU9cvt+64CBtYQM5LYLkrMGgJDpKgBRGNiyQSKQOIDJVEG9QoGCp55ZAL68f48JhqMbrEX6mk/MXHYTaLTpwmllIjYsFXx1IRlaZjKLNMSw2J0MHvmDl1dz7ZJZs50OCZbwBFlc0Cj8h2H/sQjezJDNkDHcdl+LlX1gTg68yMbTVBX6bOTfHhg3oHyn464uXP53K634Qz1TxzR9JDtZ27leirfp/UyLvud5io4LwUxVw81+ebnsvipzksrlBr/Ag+b0sSyAQAA\u0026cb=e2e_694a83985f43f5.11549161 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":37,"dns":0,"connect":25,"send":0,"wait":30,"receive":1,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/17c309ab2564853ac13dfb33608ca674b2d4177b.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:13.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/17c309ab2564853ac13dfb33608ca674b2d4177b.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 78394\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-1323a\"\r\nexpires: Fri, 27 Nov 2026 09:52:28 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3NV8iAAwBuUwKEwH31wQAAAwBT3/Y+AG3MQAAAA\r\nx-77-nzt-ray: e2f754205aa1896f99834a6985ec240b\r\nx-77-cache: HIT\r\nx-77-age: 2252597\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":78394,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"dc19ec05b700d700c792f9d46e019685","sha1":"17c309ab2564853ac13dfb33608ca674b2d4177b","sha256":"f5139425a567b502ecaf2b01a77c3228dd743c496a687f006da622264c426956","sha512":"5216b777f01d8f47e9ff657e5309437da911ae878e9d44a24ae51dbfe6029798594ffd1efcd0078d168efd1f24ef586a330c25728aa0a779d39fef171ec21553","ssdeep":"1536:r1vGu6zpGM6RrUKiHaY8qsEW+/6+WJn9fCNQPU/H6YJKPh:r1qerU9X8q36+FUCVkh","tlshash":"f073020d61940fd0a47911d7b06ac7f7a403b9b3b0f8924d06b7b845de6f64bafd241a","first_seen":"2025-11-15T18:26:14.477707Z","last_seen":"2025-12-25T19:36:28.46732Z","times_seen":84,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hi.okxxx2.com/video/489078","fqdn":"hi.okxxx2.com","domain":"okxxx2.com","tld":"com"},"ip":{"addr":"172.67.68.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T11:57:10.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"okxxx2.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:31:43 GMT","end":"Tue, 17 Mar 2026 19:30:15 GMT"},"fingerprint":{"sha1":"AF:AC:43:05:89:16:AB:D6:1C:91:95:D0:D4:DC:4D:30:1E:F9:97:50","sha256":"73:2A:03:23:F2:78:03:72:95:C4:75:2F:AB:AC:25:2D:8C:97:41:E1:FA:40:EF:60:A5:D7:B4:20:01:27:30:80"}}},"request":{"raw":"GET /video/489078 HTTP/1.1\r\nHost: hi.okxxx2.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Tue, 23 Dec 2025 11:57:10 GMT\r\ncontent-type: text/html\r\nlocation: https://okxxx1.com/\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=7,cfOrigin;dur=71\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BcWWu6aQ3EDA4Ut1bZKnh%2F2vZEnq4SY4AqWSY0J2OWZMu8EM3dGXyLIWKkiYLubrnS%2FjArU8bXbwU9DmjmKtNQHbx1qSxmEIZHD4UBQ%3D\"}]}\r\ncf-ray: 9b27ae0d18990daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":408700,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":125,"timings":{"blocked":21,"dns":1,"connect":1,"send":0,"wait":82,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/images/logo-ok.svg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/images/logo-ok.svg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 3669\r\nlast-modified: Sun, 15 Mar 2020 16:49:14 GMT\r\netag: \"5e6e5c8a-e55\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3669,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b6ed0f424026dd7941284b2d4a996f63","sha1":"d3611c78bfd9ebf2698f337ec6178ed928ced226","sha256":"cd3eb590a4df4d25a4d95d6f8e3f7977beee25015e5ebf820cd76fa5c904048f","sha512":"41ebb6e87b55edd1b102af81b1aec7e9ce443cbdb8733e710e14091016c6125646bcc3de5858aed62980e752f8922458b383b96fdc16525774e4e9bd48d310ba","ssdeep":"","tlshash":"0f716b1b4304c79aeead046caa59118a71e0d8dfc860e5c0eb6f7412e49d4e4ba4dbfd","first_seen":"2023-05-25T17:24:26Z","last_seen":"2026-02-25T00:18:48.212018Z","times_seen":8,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":73,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01P0WrDMAz8lf1AzUmWbKXPe95gYx/gZMkoow20o2Sgj5/tllEftoV18t0xWHfEO45PSHvNe2IfKAwIwoFU/OX1zYV8/Q7btrmIiZJrGojNDcnS4KqCFJMrzJVyNsCzmSBzcoFHRwVrFGlVAKiO+sf7c99UwR6BjRW1borOcGkdNmwEboPjSFZKIlpomSzyYmLzQrl82jgnnSsd1We1SWFaj120yVHKQ5fAP3aNGkkiV0t1wftzufyeJvcHYo8mvbrHQP+ocaI+EG8g3APWhPXqR6RuDH4Jx/J1OV+7OeqygXL/MDtJVbmW86H8HNZTb7cZn+UWbhjzMhYdSo6QBbNZzJR5+gMgrzp7wAEAAA==\u0026cb=e2e_694a83985752d6.44720076","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01P0WrDMAz8lf1AzUmWbKXPe95gYx/gZMkoow20o2Sgj5/tllEftoV18t0xWHfEO45PSHvNe2IfKAwIwoFU/OX1zYV8/Q7btrmIiZJrGojNDcnS4KqCFJMrzJVyNsCzmSBzcoFHRwVrFGlVAKiO+sf7c99UwR6BjRW1borOcGkdNmwEboPjSFZKIlpomSzyYmLzQrl82jgnnSsd1We1SWFaj120yVHKQ5fAP3aNGkkiV0t1wftzufyeJvcHYo8mvbrHQP+ocaI+EG8g3APWhPXqR6RuDH4Jx/J1OV+7OeqygXL/MDtJVbmW86H8HNZTb7cZn+UWbhjzMhYdSo6QBbNZzJR5+gMgrzp7wAEAAA==\u0026cb=e2e_694a83985752d6.44720076 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/36941cc9ce431bf82f031a07c3541d6d2e513e69.mp4","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/36941cc9ce431bf82f031a07c3541d6d2e513e69.mp4 HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 81355\r\nlast-modified: Fri, 17 Oct 2025 22:47:51 GMT\r\netag: \"68f2c797-13dcb\"\r\nexpires: Fri, 27 Nov 2026 09:53:42 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3e2EiAAwBuUwKCQH3+AEAAAwBw7WvFwG3fwAAAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69f7087f32\r\nx-77-cache: HIT\r\nx-77-age: 2253179\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\ncontent-range: bytes 0-81354/81355\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":81355,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"b3e16355c7a783d15afcdac16ac5909d","sha1":"36941cc9ce431bf82f031a07c3541d6d2e513e69","sha256":"3e91298e6982996319d1e4dfcc1627fcc93e1dd4db2166ad719216da9cdeb213","sha512":"0f812a81509d5966bf6d16e80c0e7e2069ff4be6b2ea8b9d7322f1fa58449bff780de62d2f641355b69aeb0dd9553dbdc0127d460e5c83904a9ccca1df185e2b","ssdeep":"1536:xid/p8ZHQHQtsnZFyYaLLB0dMza11MIchIheADQj3kG/d:xi/pJHZn/FaLLB2M3KXcYwd","tlshash":"798301ddef114dbef410493bfca78a205619367666bf43aec2d8a4f3483bd95a11201a","first_seen":"2025-10-17T23:47:55.497563Z","last_seen":"2025-12-24T15:25:58.37351Z","times_seen":163,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/24e71bfa55d5a8de099ac18a0c8b235be02b215d.mp4","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/24e71bfa55d5a8de099ac18a0c8b235be02b215d.mp4 HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 24780\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-60cc\"\r\nexpires: Fri, 27 Nov 2026 09:56:45 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec02-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3AmIiAAwBuUwKDAH3BQEAAAwBT3/Y+AG3NAAAAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69c2f9a732\r\nx-77-cache: HIT\r\nx-77-age: 2253314\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\ncontent-range: bytes 0-24779/24780\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":24780,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"01933e536028bf3c6d6bc3f96f1e42d7","sha1":"24e71bfa55d5a8de099ac18a0c8b235be02b215d","sha256":"23a856178a03cdcdebc21613461032abf4d4303a2850e282d5c6457a3e282147","sha512":"80f0383afb3359484bcf3a6fa8b49acd6d4086d0c6f19b9f9ecbcc717ead8de6eff23d1d9e1f6bc7a967f2beddd7c224accbc17cabb1cca39d0615c66103e0d3","ssdeep":"384:4xCXKH0edX3Xb6HOT+XzOmaD8hf/iIldpLIB6loY72B1EdOj8zJxhEku67:4xCcfdX3kzVtfpoY7AOdEuR","tlshash":"90b2e0afeaa14456f379823932d84b423613f1353a9fe2369e23b950e519870cc8361f","first_seen":"2025-10-22T00:34:07.170017Z","last_seen":"2026-02-15T16:32:05.740065Z","times_seen":299,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678382/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678382/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 42043\r\nlast-modified: Wed, 03 Dec 2025 05:49:02 GMT\r\netag: \"692fcf4e-a43b\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42043,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3","md5":"1b6d625680cd1129d3775cf7d6dbc6b9","sha1":"0500ff1291aa311e3a106831b07d7b608d9a5987","sha256":"febc44ba7b7387122eb1dfc84a86d35fe8f9d343fe8dbc077be2722c7253d3a2","sha512":"0e6b4d38d164e2f9d0a856be84f649c440592d34f151943f130d954ce6dd26a7dd107e35f227606f116a32d26e754df1792ddf17d00ef6c520a047a14fe094e7","ssdeep":"768:+KU0qg7J9FhlPR8KqAu+YFALtjF+qmkozT/Lrqxo7JHaVMmVfRDS:+KU0qgrlPIAkFANmkozjLsOHAV52","tlshash":"771302bc07012c32f2568e71b9a81d22a2e57dce6ae04b5133e5fc3417562ee4536b7e","first_seen":"2025-12-23T11:57:49.5955Z","last_seen":"2025-12-23T11:57:57.931016Z","times_seen":3,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":85,"dns":0,"connect":0,"send":0,"wait":63,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a69e94f8826\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 611\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":611,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://okxxx1.com/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22ea9dde5e166d5941cfbe59ef17f9e804%22%3B; expires=Thu, 23 Dec 2027 11:57:12 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6323,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4508ed7219d6733cb4a00f5fbafc0d26","sha1":"9966de9ebc2466cf3f6a710dbc506f25bcb215c3","sha256":"744fd41638106750a575fe2124c6cd5f80b4614d854d306e20aa133ba01f74f2","sha512":"f614f6cfc93a9b90f9af1ba568240df96c16b9467e2a8c93d263ae78d913f77aaaf3521a7db9aa20cb85495c307fc4c20ba3b8554dfb5368dd7e662562bcb9af","ssdeep":"192:zgo4iw0KBzKyzltEj6TKgcHIZKSsHIoIoIQ9:rLw0KBzjAcKcKSE9","tlshash":"68d12c7cb0c08cbf9fa06a9a7aab30182d797d5bee458e9dc049e405db7413416437f5","first_seen":"2025-12-23T11:57:49.597144Z","last_seen":"2025-12-23T11:57:49.597144Z","times_seen":1,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":94,"dns":4,"connect":29,"send":0,"wait":125,"receive":1,"ssl":66},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/0f1ce12e3d6f65230c6fe4cd38b1427423c2ec5e.mp4","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/0f1ce12e3d6f65230c6fe4cd38b1427423c2ec5e.mp4 HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 23521\r\nlast-modified: Tue, 21 Nov 2023 20:33:06 GMT\r\netag: \"655d1402-5be1\"\r\nexpires: Fri, 27 Nov 2026 09:56:07 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3Mf8HAAwBuUwKAQH36wAAAAwBJRPCNAG3RWMaAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69a301d432\r\nx-77-cache: HIT\r\nx-77-age: 524081\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\ncontent-range: bytes 0-23520/23521\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":23521,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"97dff82d98efcdfd29ba0df7d2541d0c","sha1":"0f1ce12e3d6f65230c6fe4cd38b1427423c2ec5e","sha256":"a302ee7a39be5036db2da913b0b9eea754862ac2ae82a5777c76dc804ba78927","sha512":"fdffe8133d300e5555fe447dea3ef55a132294e4cedbbcbf2e42e4e2a84e81add03be0e54e74e010cbdcca59c23885774a11d94d5d97ed690fc258edf1e66834","ssdeep":"384:z/ZnOs3ZGXzfnFK9ajBU2txHr3gSdophPdM98e74C1xpCrMSPoWE169dW:z5738DfFK0VUKwSOhP8V4O3CboWE3","tlshash":"81b2df288a48ff77d418c57b749a132a330473aad4909067e253c89f5e682e57d398fd","first_seen":"2024-01-16T21:48:00Z","last_seen":"2026-04-03T21:53:02.048138Z","times_seen":621,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.1.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/main.min.okx.v2.1.js?v=1 HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Dec 2024 12:08:19 GMT\r\netag: W/\"67582f33-169d5\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-03T21:26:27.221555Z","times_seen":60481,"resource_available":true,"data":null}},"time_used":168,"timings":{"blocked":62,"dns":0,"connect":18,"send":0,"wait":19,"receive":0,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678377/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678377/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 40640\r\nlast-modified: Wed, 03 Dec 2025 05:47:24 GMT\r\netag: \"692fceec-9ec0\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40640,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3","md5":"d25a8b7e406e7f135311a41f319b5b34","sha1":"82323f2c6c33ef5acd5ea5acf65b5cd04c16c9a4","sha256":"0e38a6f3626cde8bb680bf8cc8860da0e344805ba651afd8d6b71bc7debcc151","sha512":"936a6397d3b4f49cc8c8e8d5ebd47eb92bb717892ed11a47225db5ec461babb21f42388424ffbbf5e11efb05d22a752e2f97bf49a53ed899adc1e33b56e38fe7","ssdeep":"768:pCxv0TBjFSxtwGqxbhRfgFZ8YajxAQ9TN4P2IEjIu1/suZLr1zX07ZWK/yo9HgVg:MxvOjFSI/AFONWQ9TOBE1kCLhX0UYyYp","tlshash":"7e03f10ad98116a1763edb3dc5bade587dda1c06c0b1823b06ea0f25b3368e9799031d","first_seen":"2025-12-23T11:57:49.599958Z","last_seen":"2025-12-23T11:57:57.9982Z","times_seen":3,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.pemsrv.com/venor.php","fqdn":"s.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pemsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:38:47 GMT","end":"Sat, 17 Jan 2026 14:38:46 GMT"},"fingerprint":{"sha1":"16:DB:C0:84:B9:67:99:32:B2:65:B9:B4:19:A3:A4:E7:78:E9:46:B2","sha256":"C4:03:5E:C5:AB:57:86:05:02:9F:9E:F3:BD:1B:01:5E:C2:F0:0F:F0:14:40:3E:FF:68:BC:99:E6:3B:D1:2A:F5"}}},"request":{"raw":"GET /venor.php HTTP/1.1\r\nHost: s.pemsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-03T20:56:19.381079Z","times_seen":104719,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":81,"dns":1,"connect":37,"send":0,"wait":26,"receive":0,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PQWoDMQz8Sj8Qo5FlW8655xRa+gDvZl1CSQJJCVvQ42s7bYkHGyGPZkZMHDbgDfsnituQtmDLcJmcsEMQ2728msDOn25dVxNRCbAQM1hNKWrMFoJQ9NECqQWkpEQGFlAkFRMyb9TAwYv0yhGhzdr72/O4aGDzRCuHNjksjcmk/7DSCuI+OE3QUiJQUWf1XFV0qUhlr9MSw9Lo1IK2nHDz+ThMh52kuwX9Y9OpHuK5RWqHbLTL9fs0mz0Qx24yqt81aAh1jg8PxDvwtyBpgCpTzsiZpPfQH4+RkuzqjuXjermNpBgZHOJQT02mWd7K5VC+DufT+O4zhtl7v0eT1GWZYoKXVKXGCUvNcZp/AGzEGbfOAQAA\u0026cb=e2e_694a83985718d6.05795747","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PQWoDMQz8Sj8Qo5FlW8655xRa+gDvZl1CSQJJCVvQ42s7bYkHGyGPZkZMHDbgDfsnituQtmDLcJmcsEMQ2728msDOn25dVxNRCbAQM1hNKWrMFoJQ9NECqQWkpEQGFlAkFRMyb9TAwYv0yhGhzdr72/O4aGDzRCuHNjksjcmk/7DSCuI+OE3QUiJQUWf1XFV0qUhlr9MSw9Lo1IK2nHDz+ThMh52kuwX9Y9OpHuK5RWqHbLTL9fs0mz0Qx24yqt81aAh1jg8PxDvwtyBpgCpTzsiZpPfQH4+RkuzqjuXjermNpBgZHOJQT02mWd7K5VC+DufT+O4zhtl7v0eT1GWZYoKXVKXGCUvNcZp/AGzEGbfOAQAA\u0026cb=e2e_694a83985718d6.05795747 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/808084/bfa0857d15be1f4fe3863364d3ce788ac6497624.webp","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/808084/bfa0857d15be1f4fe3863364d3ce788ac6497624.webp HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 18820\r\nlast-modified: Wed, 26 Jun 2024 22:34:00 GMT\r\netag: \"667c9758-4984\"\r\nexpires: Sun, 29 Jun 2025 11:12:29 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-77-nzt: EwwBuUwJCgH3+WPpAAwBuUwKCQH3XwAAAAwBJRPCNAG3VEG7AA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69c4e19f2d\r\nx-77-cache: HIT\r\nx-77-age: 15295481\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":18820,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b5e2edc6644c6a0f6a575a4bb6437c0b","sha1":"bfa0857d15be1f4fe3863364d3ce788ac6497624","sha256":"463277f06cbf76f36317cfc44e73b788a6a75615f4191c14a6c68c42c7bdebf8","sha512":"d919f06103b70ed1a4bc0b0d4f44ce27b8c8383495414c51c2c41782705e88bd498febe50ba8bb55ecdfd9e4d67c5943823d6ba33aeeb4a908250eec207770c6","ssdeep":"384:IKKB54MX0rj+nMGxV6T3JHlrfDjOxPOjry+DZNmZ115qkrildEDLUfYZVNQ8pcjJ:ItBDXS+nza3JF7HAWjry+jmZX0WidWJm","tlshash":"ca82d00716ba80ee41cdad4290a4d5d63fc2c1ecfe818e95a472418327bb89776a8f60","first_seen":"2024-07-14T12:01:41Z","last_seen":"2026-04-01T19:40:43.345352Z","times_seen":171,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/lang_redirect.okx.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/lang_redirect.okx.js HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 14 Dec 2022 10:37:15 GMT\r\netag: W/\"6399a75b-1b7\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":439,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"fb5b8796c6ac54b5c2ea7dda3d56b936","sha1":"c29bf0f593eda39d258cf2678aa8769edb4abf70","sha256":"c8f1b27e2b26bb4941ddcc74c029d8569d308cdce5f70bb8822b3f6bcc79a367","sha512":"e65b7edfe74d0e69201f273343ffdcc951eb8fb38d691400ba922370517371699b1d317732f3aefc7879ddb5f14a03e624db0e705839aab45c758ab8d5eb693e","ssdeep":"","tlshash":"b7f0558e20a51642a6317385b8433124b02004e0ba0ae884cb8863b12a96e6bce37c8e","first_seen":"2023-03-13T11:38:34Z","last_seen":"2026-02-25T00:18:48.325857Z","times_seen":8,"resource_available":true,"data":null}},"time_used":284,"timings":{"blocked":113,"dns":1,"connect":17,"send":0,"wait":53,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwH3jhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a6974c08226\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.195.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10012989?time=1636664872070","date":"2025-12-23T11:57:11.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:67:8C:D2:F3:88:16:3D:99:D4:20:FD:1B:49:11:66:D1:6A:9F:43","sha256":"1A:A3:49:5D:8F:EA:EA:8E:F5:2F:82:5F:FF:33:C6:FF:50:0C:CF:FF:CA:65:5C:0A:74:2F:DB:27:1B:12:CF:EA"}}},"request":{"raw":"GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1\r\nHost: hw-cdn2.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 05 Apr 2022 20:54:54 GMT\r\netag: \"41f5-5dbee74f4a3c8\"\r\nexpires: Fri, 25 Apr 2025 21:03:14 GMT\r\ncache-control: max-age=10646761, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\nage: 2693146\r\nx-served-by: cache-ams21065-AMS, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 70, 66708\r\nx-timer: S1766491032.916501,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 16885\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":16885,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16885), with no line terminators","md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-03T20:19:15.186426Z","times_seen":2324,"resource_available":true,"data":null}},"time_used":200,"timings":{"blocked":88,"dns":17,"connect":43,"send":0,"wait":17,"receive":1,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/19e50e0fb4d0a3ab37cd6c417b424fa12312b487.webp","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/19e50e0fb4d0a3ab37cd6c417b424fa12312b487.webp HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10080\r\nlast-modified: Tue, 09 Aug 2022 11:10:25 GMT\r\netag: \"62f240a1-2760\"\r\nexpires: Thu, 17 Dec 2026 10:17:30 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3B/8HAAwBuUwKAQH3FQEAAAwBJRPCNAG3QgAAAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a695ff0fa27\r\nx-77-cache: HIT\r\nx-77-age: 524039\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":10080,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0e06150789b63a1b3481343fc88e3cd4","sha1":"19e50e0fb4d0a3ab37cd6c417b424fa12312b487","sha256":"c55ca475e359fc82ba20e32e5868eb81e446bc0a41dde3aba44e1e14ef2d2b20","sha512":"475e5da0518877efdfa158c047654a8e60ea7f7a06aee509b96b266eec0f411ae4ff10a5e60b48beb5147b8d0c9ec4d08e0d6bd0656363890068401e607470a9","ssdeep":"192:3Cmatrk5m0LrFPoduKlSB/x1aU51siKLo5QgdtRbQ76JoMPFx7uolJT7eGkwm:ctrkA0LuSB/x8cJA7UNPBJAX","tlshash":"2722b015c3cbbe7d204b35285ab580b7bdd7001bb96dcba28d9b34d774304a50dc76a9","first_seen":"2023-04-13T22:41:38Z","last_seen":"2026-03-31T15:56:18.129517Z","times_seen":931,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QQWoDMQz8Sj8QM5IlW8655xZa+oDNZl1CSQJJCVvQ42u7ocSDjZDHMyMzWDfEG45PSFvNW2IvFAqCcCAVf3l9cyE/f4V1XV3ERMk1FWJzQ7JUXFWQYnKFuVLOBjixEBIsucCjo4E1ivQqAAQoMyxnqJQm5B/vz2NTA3sEVtYmM/yd4dJv2LASuKvsdmTTlIgq1dkiVxNbKuVpb7sl6dLoaKlbaArz+TgSDG9pft0C/9h0aiSJ3PK1BR/t6fpzmt0fiGNQGdV9Jgyhzon6QPwDpfu0MCUzRilUCqT3qB+RRkr4NRynz+vlNpLSyBDIhnp2kmZ5my6H6ftwPo3r/sYXKXlR0wir81zrHEtUrtx+w/aZyy8GTpmj2wEAAA==\u0026cb=e2e_694a83985da487.21495307","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QQWoDMQz8Sj8QM5IlW8655xZa+oDNZl1CSQJJCVvQ42u7ocSDjZDHMyMzWDfEG45PSFvNW2IvFAqCcCAVf3l9cyE/f4V1XV3ERMk1FWJzQ7JUXFWQYnKFuVLOBjixEBIsucCjo4E1ivQqAAQoMyxnqJQm5B/vz2NTA3sEVtYmM/yd4dJv2LASuKvsdmTTlIgq1dkiVxNbKuVpb7sl6dLoaKlbaArz+TgSDG9pft0C/9h0aiSJ3PK1BR/t6fpzmt0fiGNQGdV9Jgyhzon6QPwDpfu0MCUzRilUCqT3qB+RRkr4NRynz+vlNpLSyBDIhnp2kmZ5my6H6ftwPo3r/sYXKXlR0wir81zrHEtUrtx+w/aZyy8GTpmj2wEAAA==\u0026cb=e2e_694a83985da487.21495307 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/73e22d6d1fc5168f6092b30ae82c8eff5bd94dba.mp4","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/73e22d6d1fc5168f6092b30ae82c8eff5bd94dba.mp4 HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 33686\r\nlast-modified: Fri, 17 Oct 2025 22:47:51 GMT\r\netag: \"68f2c797-8396\"\r\nexpires: Sun, 22 Nov 2026 02:20:01 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3YGEiAAwBuUwKAQH3ZwYGAAwBw7WvFwG3AP4AAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69e3d6b832\r\nx-77-cache: HIT\r\nx-77-age: 2253152\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\ncontent-range: bytes 0-33685/33686\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":33686,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"9c36f7d9ef8a0467e98eb0fdaf17480f","sha1":"73e22d6d1fc5168f6092b30ae82c8eff5bd94dba","sha256":"c08b3b76fbe4b64bf4b097cbb8dac903ccfb08b3d682853419aebf9a25451950","sha512":"2859260430af9af381650484d7a6065a05953b2e2b501e9a257fac7cfc392957b31ac91189ef9e7270e3ddb4778f2e8ae8f7f8ce13b8f2a186541e08baae8f19","ssdeep":"768:4VaNvFJ5fH0aK5CMcJ+pDmJDn16fuoZQid:4VmvFjfH0b5BcFSz","tlshash":"d4e2e1674e46cda5f2856770b3f1932d6351b93935df2a85c2bec130c4acef49d606a0","first_seen":"2025-10-17T23:47:55.576323Z","last_seen":"2026-02-15T16:32:10.924328Z","times_seen":323,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10012989?time=1636664872070","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.548Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AA:9C:09:B0:15:A1:0B:DA:1E:24:2A:BC:FB:1E:C8:F2:28:27:96:B6","sha256":"BB:A4:BD:A7:85:B4:BE:F6:6B:75:DD:E6:F5:7C:F3:C5:BF:B2:38:FA:6D:10:F1:1B:81:19:E4:9B:74:53:CA:9C"}}},"request":{"raw":"GET /get/10012989?time=1636664872070 HTTP/1.1\r\nHost: a.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: text/html\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With\r\ncontent-encoding: gzip\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version\r\nalt-svc: h3=\":443\"; ma=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3788,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3788), with no line terminators","md5":"3a2755c82712720ef3e9d8c5fbfc87d1","sha1":"f0eaf39b0701602031efe3f1a7939394facb8969","sha256":"49ffef1d450866cc78844e3fda4e3c3d47233846bddad8e84a2e057564d0e2ed","sha512":"2f1aefa898f700ed50c6b0268c3ad7a8a236c1c72cc389c4f2fcb4d1feb429b587d71700ddc5283b40bfabfe78ef1ac58c3dc07a33a9265d5eb875465da1cf04","ssdeep":"","tlshash":"2e71a8b21c0abc5de16261e36e2b596ca37a118910c1c1d37bdeda9bcf20cf64d1c297","first_seen":"2025-12-23T11:57:49.609389Z","last_seen":"2025-12-23T11:57:49.609389Z","times_seen":1,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":109,"dns":12,"connect":21,"send":0,"wait":28,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwHXjhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a693290d926\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678366/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678366/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 46555\r\nlast-modified: Wed, 03 Dec 2025 05:37:02 GMT\r\netag: \"692fcc7e-b5db\"\r\nexpires: Tue, 30 Dec 2025 11:57:12 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46555,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x360, components 3","md5":"0409498a9d3ce612720d3fcb8fc0800d","sha1":"dfce1a5078b084723d930b9b61019e46332de146","sha256":"7830d91ba533bf881371bb14219f8df8be175f281bdc46658d37e2372c2c637d","sha512":"bbc65c0af80da9d828c5084b04ee465a993e2c2fee2782a8ee18fecaebb3f61797f13f83e371a2bd0f5ecdb8a805637dbf655e888407f1336b6bae9b94bc50c5","ssdeep":"768:NbH04SqmIf8yTLSOnM2ywY2+LQuN2CzHjQ0M+sWwhAJoI6MrCtBC5aK2A7701+o:Nb/SdUSi9M1LvN7U0M+s7IlrMBfNA77E","tlshash":"0c23024c8b9bb1e5f414f406ddd60d762153a944a31cb4a413f1a2f707bb0fb6d88ea4","first_seen":"2025-12-23T11:57:49.611305Z","last_seen":"2025-12-23T11:57:57.932708Z","times_seen":3,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW2oDMQy8Si8Qo5Fkr53vfrfQ0gM4G28JJQkkJWxBh6+thhILP7BmPDNm4rgBb1ieKG3jtAVbQSgUlAOi2svrmyns/BXWdTXVrBEWUwFny5RyKhajUpJkkbJFTFMmMrCCEhUyJROjXhxFdZwCETrXPt6ffaIXmxCtHDvTJY07c3Q40wriQdztkGtNwIJlzsJL1twWTHWfdy3F1uHUjXafCPP56KJDDiLiEvRfmwEVqHC31AeZX9frz2k2ewB6NvXTPQb5QwMj8QH4V4J7QALG7ovAnZFdw7F+Xi83dwfXDSj+4mTQLnOrl0P9PpxP3h4cQ5tya6kH7bnbRFFS3fO+f2ZBK23+BRnwSBvCAQAA\u0026cb=e2e_694a83985dc8b4.75578449","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW2oDMQy8Si8Qo5Fkr53vfrfQ0gM4G28JJQkkJWxBh6+thhILP7BmPDNm4rgBb1ieKG3jtAVbQSgUlAOi2svrmyns/BXWdTXVrBEWUwFny5RyKhajUpJkkbJFTFMmMrCCEhUyJROjXhxFdZwCETrXPt6ffaIXmxCtHDvTJY07c3Q40wriQdztkGtNwIJlzsJL1twWTHWfdy3F1uHUjXafCPP56KJDDiLiEvRfmwEVqHC31AeZX9frz2k2ewB6NvXTPQb5QwMj8QH4V4J7QALG7ovAnZFdw7F+Xi83dwfXDSj+4mTQLnOrl0P9PpxP3h4cQ5tya6kH7bnbRFFS3fO+f2ZBK23+BRnwSBvCAQAA\u0026cb=e2e_694a83985dc8b4.75578449 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/enter_pop.okx.v1.js","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/enter_pop.okx.v1.js HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 31 Aug 2023 09:44:55 GMT\r\netag: W/\"64f06117-41d\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1053,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"7cbc9d50dbb2536e63a2de22c2c3d604","sha1":"ae62a6c764073e2183965322bf4fc2652db1a698","sha256":"a61f0f4268764eb21ba630e8ef6d113d636ae59c135a9d9a7dee9fdacade8833","sha512":"58dc589e572e433938b44a27ad1dcd34d15fcec684f037c6da20c2e14dc83296c889c67d618265d1a610d2c052eb70d3345feb4fbe91a1deaf89abfa7ab7cdb9","ssdeep":"","tlshash":"ac111fadb8aa753c1337731c261d2116760654468208ce05f36c21f4bf6063bae7b4ef","first_seen":"2023-09-23T23:54:41Z","last_seen":"2026-02-25T00:18:48.231307Z","times_seen":8,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":54,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QQWoDMQz8Sj8Qo5ElrTbnnlto6QO8m00JJQkkJWxBj6/tlhAL28Ka0YzMxLoBbzg/kW112IJjRBopCSeoxMvrWwji/JXWdQ0RF0WojWAPJ3MbQ1XIWELJQzEMThRgARm5hFDkoBqsWaRliQjKYpUfH+/PfaMGRyZaWSu7ywZTSKuw0wriRp4meCkG7LGfPfPexZc9hrLzaTFdKpyq2eoVaT4fu3CThHFXoHtsGjJDMldXdVH053L9Oc0RD8A+Xu7Z/yTUGzVM1gfgX+A+I1u70Y6Mbozimo7l83q5dXPouonROw6VWj/rVi6H8n04n3q5caqDYcYMGGEEwTQvZcc8epmt8LT7Be+mYK3FAQAA\u0026cb=e2e_694a83985eeb74.48888469","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QQWoDMQz8Sj8Qo5ElrTbnnlto6QO8m00JJQkkJWxBj6/tlhAL28Ka0YzMxLoBbzg/kW112IJjRBopCSeoxMvrWwji/JXWdQ0RF0WojWAPJ3MbQ1XIWELJQzEMThRgARm5hFDkoBqsWaRliQjKYpUfH+/PfaMGRyZaWSu7ywZTSKuw0wriRp4meCkG7LGfPfPexZc9hrLzaTFdKpyq2eoVaT4fu3CThHFXoHtsGjJDMldXdVH053L9Oc0RD8A+Xu7Z/yTUGzVM1gfgX+A+I1u70Y6Mbozimo7l83q5dXPouonROw6VWj/rVi6H8n04n3q5caqDYcYMGGEEwTQvZcc8epmt8LT7Be+mYK3FAQAA\u0026cb=e2e_694a83985eeb74.48888469 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"okxxx1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 03:25:24 GMT","end":"Wed, 04 Mar 2026 04:25:21 GMT"},"fingerprint":{"sha1":"D5:FA:EC:FF:09:24:A6:12:FF:3A:52:E1:F0:71:4C:E2:3E:71:E5:8A","sha256":"A5:BE:13:2E:FC:EF:CD:01:4D:1B:70:D0:A1:FE:BA:0C:83:45:0D:4E:A9:0F:DC:65:74:1C:9F:F5:61:28:28:AD"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:10 GMT\r\ncontent-type: application/javascript\r\nexpires: Tue, 23 Dec 2025 12:45:10 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZDRP9pcb54eoMym%2Fpxf2gLiKkWU25KKLZUEZvJ%2BbGVIY%2FE4ebzkyFTcY0btTRROQmdjvtvzLsx8j4TkwbLzFvmJcbc04fzI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b27ae0fae8f56b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T21:31:02.061029Z","times_seen":291487,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verifycdn.agego.com/v1/verify.js","fqdn":"verifycdn.agego.com","domain":"agego.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"agego.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 08:04:37 GMT","end":"Tue, 17 Feb 2026 08:04:36 GMT"},"fingerprint":{"sha1":"6E:D8:53:FE:65:9D:32:37:07:E9:4D:0C:15:2E:95:5B:BC:E0:7A:88","sha256":"BB:A1:DD:0F:5F:60:82:14:05:A6:76:E5:F4:93:68:46:81:41:BC:A0:3C:7B:17:4C:7F:52:E9:08:8A:A9:8B:49"}}},"request":{"raw":"GET /v1/verify.js HTTP/1.1\r\nHost: verifycdn.agego.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 26 Nov 2025 09:23:29 GMT\r\netag: W/\"6926c711-41b2b\"\r\nexpires: Wed, 26 Nov 2025 12:49:53 GMT\r\ncache-control: max-age=10800, public, stale-while-revalidate=3600, stale-if-error=60\r\nx-served-by: hap01\r\nx-77-nzt: EwwBuUwJGwH3AB0AAAwBuUwKAQH3MAAAAAwBJRPCVwG3GAAAAA\r\nx-77-nzt-ray: fdb541239ca017be97834a69e735bb06\r\nx-77-cache: HIT\r\nx-77-age: 7424\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":269099,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65504), with no line terminators","md5":"27c6c10f025028c7f70bc16717c392b0","sha1":"8971a3c2c256b2067e8ac937e8f971da9e786799","sha256":"42d042148b944c5cf1e230e3fa7e61af33440e9e9fbbf2756dcf0eede187a4e8","sha512":"b65f3e0844087b28b3ab847ae89a6e80255279733660257d046e4249ff38e49183227d327e954e7d1253469d1e3fcd0564044666634929dc163672f897cc6d3d","ssdeep":"3072:9m/p4yqxGb0UdZ0T6PPT1DBxFDpk43M3cw/etJ7Cx5ttRqH2711xI:ImFxGbDdS8dDP3UlQcq","tlshash":"e644189db3d6b06183d776a5502f200bf23b5a54a84d8050f22ad6d17cb9a4fc23bf79","first_seen":"2025-12-01T15:49:38.789557Z","last_seen":"2026-01-10T10:37:39.801283Z","times_seen":21,"resource_available":true,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":66,"connect":9,"send":0,"wait":12,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.2.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/main.min.okx.v2.2.js?v=1 HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Dec 2024 12:09:06 GMT\r\netag: W/\"67582f62-292f\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10543,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9140)","md5":"a580dbd3914cdfaf1da3184199444c5b","sha1":"b1d1d77e8acb8a9858b30d6e9bafcd6604508b28","sha256":"3218ea66e7c46750f96d8e93d447180bc123525355556f05acbbff80da7bb20c","sha512":"cfc5a2c061ab77ce7fa646f924fd53517aafada17d3414fa12a7d25cf2848b6429a18434e665a3c0ac8cf876b033975e38c21151f455d02b16f900f41b55e3fb","ssdeep":"192:BV7+EqleaEzTb7mgPTFQCZvN7oNrf4nIaiB6Cw59T7TMcPvHKEr:BV7+HoHT7xrFQ6vN72f4GB6CwHf4cPD","tlshash":"6922ea6830e3605b50b7b1547cfbf38eb2b16638588794d1d0ace46939bcd7a1636f28","first_seen":"2025-07-04T12:53:42.454947Z","last_seen":"2026-03-06T20:07:37.840229Z","times_seen":10,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":81,"dns":0,"connect":19,"send":0,"wait":63,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/199688/382c69cfec26cb595b0cc9144957070a819ac725.webp","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/199688/382c69cfec26cb595b0cc9144957070a819ac725.webp HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7780\r\nlast-modified: Thu, 25 Jul 2024 08:11:25 GMT\r\netag: \"66a208ad-1e64\"\r\nexpires: Fri, 25 Jul 2025 08:58:10 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-77-nzt: EwwBuUwJCgH3azTHAAwBuUwKEwH3pDkAAAwBJRPCNAG3yDaZAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69ba586e2d\r\nx-77-cache: HIT\r\nx-77-age: 13055083\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":7780,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"afd7eef3f03fe90084f45c93770ed7bc","sha1":"382c69cfec26cb595b0cc9144957070a819ac725","sha256":"1b86ae194b8fe85ea8fa6ebc6adc7915215831d0acdb41dcc29e494483d5232f","sha512":"3f3d4f5b389d5877a0ad4b184b74d67b039a4925388a012bc5cf72a008115483fd9f4cb2e9ebf3978960cb747dc9b6e4067d974e7a8616217d9ace74e59173a2","ssdeep":"192:4HzkWCH+cq9I1A/l6Cx4KYzQqquQA7reFvDAMGxG/:4HzkWCH+cq9wA/ACCKoQvTA7KVn","tlshash":"5bf1af7b2936fbccd031d5faaadfd572ac471a12d155e7091629a6039262323870dc3c","first_seen":"2025-03-01T23:33:09.728761Z","last_seen":"2026-02-03T09:29:09.629658Z","times_seen":683,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/9543d83d369507849757a700910f06a57a1232fe.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:13.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/9543d83d369507849757a700910f06a57a1232fe.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 97939\r\nlast-modified: Tue, 21 Nov 2023 20:33:06 GMT\r\netag: \"655d1402-17e93\"\r\nexpires: Fri, 27 Nov 2026 09:58:40 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH30P0HAAwBuUwKEwH3/hYNAAwBw7WvFwG3+00NAA\r\nx-77-nzt-ray: e2f754205aa1896f99834a69a625640b\r\nx-77-cache: HIT\r\nx-77-age: 523728\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":97939,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"b299e593d7893e617d46d337bba11ab4","sha1":"9543d83d369507849757a700910f06a57a1232fe","sha256":"ae360167ff0f6f893df3c693ec213eb94ea70d27c5bd2dd5b6d26ba71d6fcac5","sha512":"7b427856e5d085f6d51f9deefcb1006e0a6dfe488f84bc8096dd992d7ad0d2ea429dce43ecb04c9ef2d522958c797aa22fb37eb86998792a03bc1e91d95259b9","ssdeep":"1536:/jLkg0PfrqiCN77Cs5+xBB1sJFzpIm1aPB98fgnibY+IQiKEZW9vY7xmHXHLow/J:foifCpB7e1aJ98fgQIQipci7odXFqLuB","tlshash":"47a312e9ce6b4d4aa7dbe079a5d53f032c897ad1663f8b5b2f801483f3446aab014650","first_seen":"2024-01-21T00:35:41Z","last_seen":"2026-04-03T21:53:02.009396Z","times_seen":345,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T11:57:10.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"okxxx1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 03:25:24 GMT","end":"Wed, 04 Mar 2026 04:25:21 GMT"},"fingerprint":{"sha1":"D5:FA:EC:FF:09:24:A6:12:FF:3A:52:E1:F0:71:4C:E2:3E:71:E5:8A","sha256":"A5:BE:13:2E:FC:EF:CD:01:4D:1B:70:D0:A1:FE:BA:0C:83:45:0D:4E:A9:0F:DC:65:74:1C:9F:F5:61:28:28:AD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:10 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nx-frame-options: SAMEORIGIN\r\nx-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Olpxp4Zu%2BT9JiYf1lisjkGGLC0RsJR0q9F%2Fi67hfQsGxwuhfMhJogLfWy1NvNZDrNfA4kDL8Jvg2go1wkNTrmhlXgvwzyKU%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=7,cfOrigin;dur=92\r\ncontent-encoding: br\r\ncf-ray: 9b27ae0decdf56b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"mobile-detect.js","description":"Mobile-detect.js is a compact JavaScript library designed to detect devices by comparing patterns against a given User-Agent string.","website":"https://hgoebl.github.io/mobile-detect.js/doc/MobileDetect.html","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Liveinternet","description":"","website":"https://liveinternet.ru/rating/","common_platform_enumeration":"","icon":"Liveinternet.png","categories":["Analytics"]}],"data":{"size":408700,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (63731)","md5":"64ca1837fe905319e9312ea8d6526428","sha1":"b6c061474aae34bed0e6e653e63b7c76a83d0c27","sha256":"f01e9cc150fccaab1f107eb4671225c055cd744f4afd4bb654c44a4251d971f8","sha512":"46f11a9c855533493088273fbc8e5bad3a03da046297219f80512043ba62e9bb087298b66df173b38635185fecf7f7bc6111802544b342c532a46576c6b61a94","ssdeep":"3072:WyrM/nng8xKVip3lDnGTJZMHOECmbwfhzk:ZA/nnVKV2DnGwupzk","tlshash":"9d9407f0939c24791203e2d9bb256309776ffa77d6120aa0f1bf1e9ccbc788054669d9","first_seen":"2025-12-23T11:57:49.623603Z","last_seen":"2025-12-23T11:57:49.623603Z","times_seen":1,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":36,"dns":8,"connect":1,"send":0,"wait":104,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10012990?time=1636664874192","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AA:9C:09:B0:15:A1:0B:DA:1E:24:2A:BC:FB:1E:C8:F2:28:27:96:B6","sha256":"BB:A4:BD:A7:85:B4:BE:F6:6B:75:DD:E6:F5:7C:F3:C5:BF:B2:38:FA:6D:10:F1:1B:81:19:E4:9B:74:53:CA:9C"}}},"request":{"raw":"GET /get/10012990?time=1636664874192 HTTP/1.1\r\nHost: a.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: text/html\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With\r\ncontent-encoding: gzip\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version\r\nalt-svc: h3=\":443\"; ma=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3797,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3797), with no line terminators","md5":"286cdb0db3e5b37def9cd91cfc19317f","sha1":"840eaa6115cd77447b39e1c162dd2d7129239e54","sha256":"acbc1894dbeb00560cfc7ff261784d68c68e23c8822a536c5ecdd21609eadaeb","sha512":"f59ae1ad39c1bc92b48580809744e8f87b2aa48165212c8418cb2646c0df653863a1e3402dd804982aaa7fcaa5a360471f54b0e489424a157e96217f9a906497","ssdeep":"","tlshash":"a27188b11d09ad6de05271e36e2b8d5c637a15592481c2e377ee8a8bcb24cef0d1c195","first_seen":"2025-12-23T11:57:49.626141Z","last_seen":"2025-12-23T11:57:49.626141Z","times_seen":1,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":105,"dns":9,"connect":21,"send":0,"wait":28,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QQWoDMQz8Sj8Qo5EtrZxze20hJQ/Yza57KGkgC2ULenxtpynxYHuQxtLITCw78I7jE+lehj3YM0KmkDhAkr++HTzBL59h2zZHzmrmohlsbqSm2UUSKasLmQ/R4mDqAItlSeyJPDpVsMSUOjPy4/uzvxwPjoCB+X4xuaO3bBQNbLSBuD2cJtg4KlBQTha5WLKlYBhnmxaVpcqpGq0+EU6Xc29VEZirZTjfAxW7Jo1Ikaulush7eFx/vk7uD8I+W+ysj8GtSttNFOVBeYP9M/RzDefxY71+d0Pwv9q4JXugk6jQ2WYiLlQk6gCuPzwvkxZFMv4FGHExN6cBAAA=\u0026cb=e2e_694a83985f0c99.57799271","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QQWoDMQz8Sj8Qo5EtrZxze20hJQ/Yza57KGkgC2ULenxtpynxYHuQxtLITCw78I7jE+lehj3YM0KmkDhAkr++HTzBL59h2zZHzmrmohlsbqSm2UUSKasLmQ/R4mDqAItlSeyJPDpVsMSUOjPy4/uzvxwPjoCB+X4xuaO3bBQNbLSBuD2cJtg4KlBQTha5WLKlYBhnmxaVpcqpGq0+EU6Xc29VEZirZTjfAxW7Jo1Ikaulush7eFx/vk7uD8I+W+ysj8GtSttNFOVBeYP9M/RzDefxY71+d0Pwv9q4JXugk6jQ2WYiLlQk6gCuPzwvkxZFMv4FGHExN6cBAAA=\u0026cb=e2e_694a83985f0c99.57799271 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\netag: W/\"92eb331739d51c65226b5fdb07e\"\r\nexpires: Wed, 17 Dec 2025 13:24:25 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBuUwJGwHXjhUAAAwBuUwKEwH3IwAAAAwBJRPCMQG3fwAAAA\r\nx-77-nzt-ray: fdb541231adbc9bc97834a699da9d826\r\nx-77-cache: HIT\r\nx-77-age: 5518\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6bd931315f9ec922d23220a34a506421","sha1":"92eb331739d51c65226b5fdb07ec2d74924f200f","sha256":"28f33740f0a341c823243413c7780d92e7ae39254641174a86a4f51ac805b576","sha512":"26bb36ab577ba2b6486f482177e31992c81c79322070edc9d55af10d7ab8f3e1b9dccc89f7c925a47a68e464f522736c0e64d3d7e4acaa016745e0104bddb167","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisiEolY4o/CXMXpo:U+28VOk262lElwnRjfs4sXhpo","tlshash":"96045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-11T15:18:11.624048Z","last_seen":"2026-01-15T17:17:43.902034Z","times_seen":1441,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QWWpDMQy8Si8Qo9WW893vFlp6AOctJZQ0kJTwCjp8ZRNKLGyENJoZmYB0h7QjfoK817JH8oqpQhJKqOIvr28u6OevtG2bi5gouuaKZG6QLVdXFcicXcFcsRQDcIw+AlRyAWeHCFIW6VkCII4RLahaTDmI/OP9eVyMIGeAjTRohr4TuPQOGWwI1FkOB7TWMuKK62RMq4ktK5Y222HJugQcwnWYxjSdT8NB18YaTrsE/MeuQxmFKfzFAR/ldv39ntwfgGNRGdl9JxhEHcP6ALy3+L5taIpQEUApqr2E/WEcJsGv6dQ+r5fbMIrDQiIc5MVRQvHWLsf2czx/j3afifqqi9S5zYQ8TfGR83xYGK1SjY+XPy/NVl7aAQAA\u0026cb=e2e_694a83985decc0.54502509","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QWWpDMQy8Si8Qo9WW893vFlp6AOctJZQ0kJTwCjp8ZRNKLGyENJoZmYB0h7QjfoK817JH8oqpQhJKqOIvr28u6OevtG2bi5gouuaKZG6QLVdXFcicXcFcsRQDcIw+AlRyAWeHCFIW6VkCII4RLahaTDmI/OP9eVyMIGeAjTRohr4TuPQOGWwI1FkOB7TWMuKK62RMq4ktK5Y222HJugQcwnWYxjSdT8NB18YaTrsE/MeuQxmFKfzFAR/ldv39ntwfgGNRGdl9JxhEHcP6ALy3+L5taIpQEUApqr2E/WEcJsGv6dQ+r5fbMIrDQiIc5MVRQvHWLsf2czx/j3afifqqi9S5zYQ8TfGR83xYGK1SjY+XPy/NVl7aAQAA\u0026cb=e2e_694a83985decc0.54502509 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/676000/676316/640x360/2.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/676000/676316/640x360/2.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 42491\r\nlast-modified: Fri, 05 Dec 2025 19:23:12 GMT\r\netag: \"69333120-a5fb\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42491,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"ea0cb64953f30b880c473e1df3a862bb","sha1":"f9f678f4ff95b806a3e9389131d869ac63291a5f","sha256":"ed6132d3556e3432cd8acd7605a044fe5ea68fc80eec0017442c95e84056bdc0","sha512":"374a0de0239531475365def18cffabd14cca4ef5b1585268dc5f461db673f5ab2a44bc31cb873cda6365286fafc67ecd3e28a67bad0184f7d0aaad260ce9092d","ssdeep":"768:RrX9JBdK2rnAhqXnff/QrZyUKrdDTbguUhMPyywEToqKebJZba883LxMCdwsm:PHc2rnAhaf/GZyUKrdDVSe/wZqKenJ8G","tlshash":"8f13f1837b1f017cad3abdb68ed48a0658b0705950e2ccdd20fba1a3c47024c97c46e7","first_seen":"2025-12-23T11:57:49.627525Z","last_seen":"2025-12-23T11:57:58.005417Z","times_seen":3,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":81,"dns":0,"connect":0,"send":0,"wait":58,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/a7/creatives/221/1559/825087/1174778/1174778_banner.png","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://a.adtng.com/get/10012989?time=1636664872070","date":"2025-12-23T11:57:11.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /a7/creatives/221/1559/825087/1174778/1174778_banner.png HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Dec 2025 22:54:52 GMT\r\netag: \"1751b-64655f7186700\"\r\nexpires: Sun, 19 Apr 2026 12:21:28 GMT\r\ncache-control: max-age=10416329, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\nage: 306073\r\nx-served-by: cache-ams2100136-AMS, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 78, 8\r\nx-timer: S1766491032.890972,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 95515\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":95515,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1323 x 110, 8-bit/color RGBA, non-interlaced","md5":"1db903910536174b8f3b8ab1cea84e8d","sha1":"d7eec4fabb1ee894a69c262323a2bc5ce359fc36","sha256":"f0b5cf5a2347456a566897e14bbce6e50400ce9bdf1916b5c0994f29d28fcd11","sha512":"f4c2e2cbb3418c1f7dc482792cfd963e6e208aea3cd4f0ef9430b582941a99c4e1fdae08e33b093f06dd821abfe43073a9f9c00412fb4a8cf032c7555db8e260","ssdeep":"1536:Z31/yHrmpbyd1/9EMK+CVFJMCozB4CxjwpSulkQAYIw8OYH1vr6HdkO5ftl62tfd:Zl/2wba15K+9PzaCxjwpRkhT1z2kclVH","tlshash":"bd93123e63a83ff921651d8a80e86e3529edceb2c15c919e1fa443b03b4206151bdf9d","first_seen":"2025-12-23T11:57:49.628824Z","last_seen":"2025-12-27T10:28:13.150413Z","times_seen":2,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":15,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/android-icon-192x192.png","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"okxxx1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 03:25:24 GMT","end":"Wed, 04 Mar 2026 04:25:21 GMT"},"fingerprint":{"sha1":"D5:FA:EC:FF:09:24:A6:12:FF:3A:52:E1:F0:71:4C:E2:3E:71:E5:8A","sha256":"A5:BE:13:2E:FC:EF:CD:01:4D:1B:70:D0:A1:FE:BA:0C:83:45:0D:4E:A9:0F:DC:65:74:1C:9F:F5:61:28:28:AD"}}},"request":{"raw":"GET /android-icon-192x192.png HTTP/1.1\r\nHost: okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/png\r\ncontent-length: 14362\r\nserver: cloudflare\r\nlast-modified: Fri, 12 Mar 2021 08:18:10 GMT\r\netag: \"604b23c2-381a\"\r\nexpires: Sun, 18 Jan 2026 17:54:05 GMT\r\ncache-control: max-age=2592000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nage: 324186\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VnF15avGpNyhaoYx8%2FH%2FAMZx6lhn5KLO%2BckQPPpEXmyTGvIhBl0ruTuAQzYyGEynIQ43jN%2FsX3eT1ugLYdO4nfQyIr2UJFA%3D\"}]}\r\ncf-ray: 9b27ae14fbf156b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"7cde475774931dd1f3b466d0e26d6cec","sha1":"291d38a7603dcf338fb872fc6a50fc0f5527318e","sha256":"03e2e1c60a16b7080a6d3229cef26c009bed7c5abaacb926d1c09ca45205acaf","sha512":"59fec4b0f2b3dd2d6623c67b20e7edc8b990b892ccdded001c8b664ee825cc2e4bc79a691daac5ccf61099e1acdbfe335af23d6e1559bac4bc5305f8ae51dcf0","ssdeep":"192:MLZ47WqXysAIxUr91IDox6UPjZyCzdHpG1aWER17ibYuj7Lbq8YGQ3vCTWEJJL38:L7bir1r9BhBQ69q7LLYClmby4b","tlshash":"7b52c045a6e329b6f7d121a3864910b340a2d110f3310772d65a9c3a1b7b67e2fe45af","first_seen":"2023-05-25T17:24:26Z","last_seen":"2026-02-25T00:18:48.259144Z","times_seen":10,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QUU7DMAy9ChdoZDt24u6bb5BAHCDNWjShrdKKpiL58DgBwfIUx7FfXl5CQDIgDRQfIB0kH5BsxDBCYAoobE/PL8Zo60fY990UHGySRiT1XdI0mghDomQCajlqBAJDJFEYXYDBooGDJDL3TMHeXh/7RIfTPbaLzEVbxcVhR6BGnybUUhLigkvVSIuyzgvmctRpTjI7Hdyeu8NQ17NvsptzB5yyLxCIRiMH/GFoRyJyJDfkA6yXy/Z1qWZ3xP6y2LP+CGoqbTZSlDvmD/C/hD1u4Vzet+utO0P7FUd0PWT/mVu5nsrnab30ZutZrsdpllhjzlFqmvOMTFIXUaUFavoGqIl07bIBAAA=\u0026cb=e2e_694a83985f2793.77781179","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QUU7DMAy9ChdoZDt24u6bb5BAHCDNWjShrdKKpiL58DgBwfIUx7FfXl5CQDIgDRQfIB0kH5BsxDBCYAoobE/PL8Zo60fY990UHGySRiT1XdI0mghDomQCajlqBAJDJFEYXYDBooGDJDL3TMHeXh/7RIfTPbaLzEVbxcVhR6BGnybUUhLigkvVSIuyzgvmctRpTjI7Hdyeu8NQ17NvsptzB5yyLxCIRiMH/GFoRyJyJDfkA6yXy/Z1qWZ3xP6y2LP+CGoqbTZSlDvmD/C/hD1u4Vzet+utO0P7FUd0PWT/mVu5nsrnab30ZutZrsdpllhjzlFqmvOMTFIXUaUFavoGqIl07bIBAAA=\u0026cb=e2e_694a83985f2793.77781179 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/80e968f7ca74da0974a7a7c3a05527e4b5f78582.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:13.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/80e968f7ca74da0974a7a7c3a05527e4b5f78582.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 62099\r\nlast-modified: Fri, 17 Oct 2025 22:47:51 GMT\r\netag: \"68f2c797-f293\"\r\nexpires: Fri, 11 Dec 2026 15:13:36 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3S/4HAAwBuUwKCQH38AEAAAwBT3/Y+AG3vqMHAA\r\nx-77-nzt-ray: e2f754205aa1896f99834a69b24b4c0a\r\nx-77-cache: HIT\r\nx-77-age: 523851\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":62099,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"762fdd4fdbeb5b1b5f48f2a346cd8566","sha1":"80e968f7ca74da0974a7a7c3a05527e4b5f78582","sha256":"a0cc19a3d0397f2369c09c3f896102bcc2a8c2b1dc9e9d948f2db05b8af6313b","sha512":"b974a45835c8cea7ef202638b0c5eed9d9d6f5886199abcf3e9b2e845de47842ab7c87cb73259574f72c499e0d1ddd128895e73dab63459237c5bc77fcbb0140","ssdeep":"1536:XHXTuPAnl+6YhR3iO0VOst9sizJYvoDnt4+20IM9d48lAG:XHDokgde0s8EtzXNkcAG","tlshash":"f85312183d95f3c6e603f131b93ebfcc12a47273e5a84b84b613b48265780e1e59ad53","first_seen":"2025-11-27T17:50:36.752747Z","last_seen":"2026-02-15T16:32:10.989376Z","times_seen":218,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 10:36:27 GMT","end":"Fri, 20 Mar 2026 11:36:07 GMT"},"fingerprint":{"sha1":"C6:6A:71:84:C2:40:13:D1:A4:B7:DF:C4:1C:E1:54:F3:76:97:EF:6B","sha256":"EC:09:93:3E:E8:5D:9E:7A:B0:D9:7C:6D:85:49:92:10:89:9F:C8:FF:A5:1B:90:BB:AB:86:7E:D9:BA:0A:1C:4E"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9b27ae104b0bb509-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-03T21:28:55.574834Z","times_seen":330047,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":60,"dns":1,"connect":4,"send":0,"wait":13,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 611\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":611,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://okxxx1.com/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22acf9faf5a3cd4d67b7e36e1ab4453a39%22%3B; expires=Thu, 23 Dec 2027 11:57:12 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6341,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"760be0396a63f79fb7b6a1008dcb98cd","sha1":"b5b84e066556a3d2788da4cb21e803a1276eb1a6","sha256":"ed58697e4eccf9fd80908cfecefada27167cafa7c0bd605b936acb1a94537a20","sha512":"86481f257d3421b3487f4d3e45da288c9ea5af0eb12d35fe4a9dfe2b4d5e45494ae111bf807d3f422605d52345e4478f61114943a85cb6bab60a09e154b9f04c","ssdeep":"96:SrViFaw9w7+otItK5E9e16c3n7J80MgCKbThtstgZ5E9eZVmOBh0aI0otw5E9ebV:SrssKBcrm0LbtZKevvBKSl5Yo5Yo5YQ9","tlshash":"ced119bfb58048fbcee1578a2f9735a81d783a4fee85cad8c00dd809aa3c13104157b8","first_seen":"2025-12-23T11:57:49.639384Z","last_seen":"2025-12-23T11:57:49.639384Z","times_seen":1,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":93,"dns":4,"connect":25,"send":0,"wait":133,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTU1OSIsInNpZCI6IjEwMDEyOTg5IiwibmlkcyI6IjYxMDQyIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMTc0Nzc4Iiwic3YiOiIxOTY4IiwicmVmX2RtbiI6Im9reHh4MS5jb20iLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiI3IiwiY24iOiIxMzIzWDExMF9aWl9GUkVFX01WIiwibmlkIjoiNjEwNDIiLCJleHRfcHViIjoiIiwiY3JwIjoiMjcuMTgiLCJ0aWQiOiIxIiwiaXQiOiIyM1wvRGVjXC8yMDI1OjExOjU3OjExICswMDAwIiwiY2MiOiIyIiwic25jaWQiOiIxMDk0MDciLCJjaWQiOiIzOTQzOSIsImV4dF91aWQiOiIiLCJjcCI6IjUwIiwic25jY2lkIjoiMjY4ODg0NiIsImlpZCI6ImE4ZGZiMTZiY2U1YTU2MWI3MjRkMjlmZTVhNmIwZmE3IiwiZXh0X2lpZCI6IiJ9?unique_view=1","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.adtng.com/get/10012989?time=1636664872070","date":"2025-12-23T11:57:12.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:67:8C:D2:F3:88:16:3D:99:D4:20:FD:1B:49:11:66:D1:6A:9F:43","sha256":"1A:A3:49:5D:8F:EA:EA:8E:F5:2F:82:5F:FF:33:C6:FF:50:0C:CF:FF:CA:65:5C:0A:74:2F:DB:27:1B:12:CF:EA"}}},"request":{"raw":"GET /track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTU1OSIsInNpZCI6IjEwMDEyOTg5IiwibmlkcyI6IjYxMDQyIiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMTc0Nzc4Iiwic3YiOiIxOTY4IiwicmVmX2RtbiI6Im9reHh4MS5jb20iLCJleHRfY2lkIjoiIiwidHNuYW1lIjoiTUIiLCJjcmMiOiI3IiwiY24iOiIxMzIzWDExMF9aWl9GUkVFX01WIiwibmlkIjoiNjEwNDIiLCJleHRfcHViIjoiIiwiY3JwIjoiMjcuMTgiLCJ0aWQiOiIxIiwiaXQiOiIyM1wvRGVjXC8yMDI1OjExOjU3OjExICswMDAwIiwiY2MiOiIyIiwic25jaWQiOiIxMDk0MDciLCJjaWQiOiIzOTQzOSIsImV4dF91aWQiOiIiLCJjcCI6IjUwIiwic25jY2lkIjoiMjY4ODg0NiIsImlpZCI6ImE4ZGZiMTZiY2U1YTU2MWI3MjRkMjlmZTVhNmIwZmE3IiwiZXh0X2lpZCI6IiJ9?unique_view=1 HTTP/1.1\r\nHost: a.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/get/10012989?time=1636664872070\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: openresty\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: text/html\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With\r\ncontent-encoding: gzip\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version\r\nalt-svc: h3=\":443\"; ma=3600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PQWoDMQz8Sj8QM5IlW5tzzym09AHOZreEkiwkJWxBj6/thBIPloU10owYrBviDccXpK3mLbEPFAYE4UAqvnt7dyFfvsO6ri5iouSaBmJzQ7I0uKogxeQKc6WcDfBsJsicXODRUcEaRVoWAKqt/vnx2i9VsEdgZUXNm6IzXFqFDSuBW+N+T1ZKIpppHi3ybGLTTLkcbD8lnSod1We1SWFcTl20yVHEXQL/2DRqJIlcLdUD79/l+nse3Z+IfTXp2WMN9EGNE/WJeAfhsSCI2ttDpO4Mfg2n8nW93Lo76rqBrE/MTlJlbuVyLD/H5dzLrcd1yiPlhCnJEA+WMmQuh1FLniUXKX//94nQwQEAAA==\u0026cb=e2e_694a8398584b90.55269182","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01PQWoDMQz8Sj8QM5IlW5tzzym09AHOZreEkiwkJWxBj6/thBIPloU10owYrBviDccXpK3mLbEPFAYE4UAqvnt7dyFfvsO6ri5iouSaBmJzQ7I0uKogxeQKc6WcDfBsJsicXODRUcEaRVoWAKqt/vnx2i9VsEdgZUXNm6IzXFqFDSuBW+N+T1ZKIpppHi3ybGLTTLkcbD8lnSod1We1SWFcTl20yVHEXQL/2DRqJIlcLdUD79/l+nse3Z+IfTXp2WMN9EGNE/WJeAfhsSCI2ttDpO4Mfg2n8nW93Lo76rqBrE/MTlJlbuVyLD/H5dzLrcd1yiPlhCnJEA+WMmQuh1FLniUXKX//94nQwQEAAA==\u0026cb=e2e_694a8398584b90.55269182 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/808084/1bd1180e5721468f2f78aad5e0d821bd54d6262f.webp","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/808084/1bd1180e5721468f2f78aad5e0d821bd54d6262f.webp HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 15778\r\nlast-modified: Thu, 12 Dec 2024 15:51:28 GMT\r\netag: \"675b0680-3da2\"\r\nexpires: Sat, 13 Dec 2025 12:05:14 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3Gy0NAAwBuUwKAQH3GDQAAAwBJRPCLgG3ugAAAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a695b59782d\r\nx-77-cache: HIT\r\nx-77-age: 863515\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":15778,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ca7da4dda6e7a37e1cfc6ab8a8ba1f3f","sha1":"1bd1180e5721468f2f78aad5e0d821bd54d6262f","sha256":"eeb80252d3568583a3e4b03754c05f523930b1a544654fccd64350474cf8335a","sha512":"f2433f1fc5b3fd2b30e97b74d1feaaac854fe8465e0a848ab9f15ad2e2e2dc15d607d8be9946a55ac7cde180f8e72fb6e8de534dbbe8240a99f704be1421d7ee","ssdeep":"384:igeaUXn1p/KKbBos7Vr/MbTg2ZwssPkqm0E:GnFpSmGs7Z0bTg2ukqm0E","tlshash":"8062d04db730c9d4a6902ab4c9181fbd3cb727d63820665c87c794eba14d5b539fe8e0","first_seen":"2025-03-09T17:28:58.503099Z","last_seen":"2026-03-31T07:16:52.376905Z","times_seen":119,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/static/js/main.min.okx.v2.4.js?v=1","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /static/js/main.min.okx.v2.4.js?v=1 HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Dec 2024 12:09:04 GMT\r\netag: W/\"67582f60-10be8\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68584,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (37927)","md5":"42ea793f5b9774638bb9942e1e76df26","sha1":"fdf19f8ced0de3f98ef9cd78cc0a5387af6ff7fd","sha256":"a6f7b74f8d0d71fc120185e4d0ec53f1fa98d8f2b0052656692ca8157280b176","sha512":"85539578955cfa9b8df761db62596a5cc8b75d944ce95948fbea3ac7d80048b0dbdc483b6c7213dec990bb6792dd866a68427480284478330f8ec12c6b835e61","ssdeep":"1536:BrSXNoLtHmjF5hY95OC5uSFx9FGUMqXJNnzzDJ8LprwIto:Brd+F5Q5OIG9gbzJMwIto","tlshash":"f663b64872a078a251f735b7141f640631325933e606c8a5b56ee5f19ef8ecc2633fae","first_seen":"2024-12-20T20:24:35.309699Z","last_seen":"2026-03-14T04:47:23.939647Z","times_seen":31,"resource_available":true,"data":null}},"time_used":260,"timings":{"blocked":87,"dns":1,"connect":18,"send":0,"wait":54,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/player/geoip/geoip.php","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"okxxx1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 03:25:24 GMT","end":"Wed, 04 Mar 2026 04:25:21 GMT"},"fingerprint":{"sha1":"D5:FA:EC:FF:09:24:A6:12:FF:3A:52:E1:F0:71:4C:E2:3E:71:E5:8A","sha256":"A5:BE:13:2E:FC:EF:CD:01:4D:1B:70:D0:A1:FE:BA:0C:83:45:0D:4E:A9:0F:DC:65:74:1C:9F:F5:61:28:28:AD"}}},"request":{"raw":"GET /player/geoip/geoip.php HTTP/1.1\r\nHost: okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oX02%2BTqJc8mPSNC9Ljne7i%2BIHhVO%2BthKZcV%2FfeF3LqgMt1jXYHGQ%2Fx0yQ3m1pqtppnA2QxOmryybv9x8EEEK8Y%2F79brlDH8%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b27ae12d9ed56b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"c2f3f489a00553e7a01d369c103c7251","sha1":"a0509b7780628bd9d9abc7eb8a2163477341053a","sha256":"23794d91c53ae875c8e247d72561e35d9d06ee07c70c9e0dbcc977a6d161504a","sha512":"0f446282a46dfefa3995e9e78443c907aca544aff495badfcb632b9df2457f8491babf852d8ebbe7ecc9392461b559e9e242960f13e624e79dbcfca44a6e5de1","ssdeep":"","tlshash":"c7100000000000000000c0000000000000000000003300000000000000000300000000","first_seen":"2023-03-10T09:11:58Z","last_seen":"2026-04-03T14:17:44.93018Z","times_seen":5352,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW2oDMQy8Si8Qo6dXm+9+t9DSA3gfLqEkgaSELejwtdUS4sFY2DOakQlId0g74ifIex32SD5iGiEJJVTxl9c3F/TzV9q2zUVMFF3ziGRukC2PriqQSVzBXHEYDMCRBCGDiQs4OzSQskivEgAqSW56/3h/jo0N5AywkTZ12DqBS38hgw2Bunia0ErJiBXrbEzVxNaKQ1lsWrOujQ4tbMuKaT4fwzgsOWtYwB27TmUUpharLfC4Ltef0+z+QIz5OKr/USAadQ7rA/EPeB+Scj8x7DGSgV/TsXxeL7dIh+GbCKPj0KTtt27lcijfh/MpnrvGl6UwkxXGZaLKdVQpebFaZxFcJ/oFGTy7jMYBAAA=\u0026cb=e2e_694a83985254a2.53358282","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA01QW2oDMQy8Si8Qo6dXm+9+t9DSA3gfLqEkgaSELejwtdUS4sFY2DOakQlId0g74ifIex32SD5iGiEJJVTxl9c3F/TzV9q2zUVMFF3ziGRukC2PriqQSVzBXHEYDMCRBCGDiQs4OzSQskivEgAqSW56/3h/jo0N5AywkTZ12DqBS38hgw2Bunia0ErJiBXrbEzVxNaKQ1lsWrOujQ4tbMuKaT4fwzgsOWtYwB27TmUUpharLfC4Ltef0+z+QIz5OKr/USAadQ7rA/EPeB+Scj8x7DGSgV/TsXxeL7dIh+GbCKPj0KTtt27lcijfh/MpnrvGl6UwkxXGZaLKdVQpebFaZxFcJ/oFGTy7jMYBAAA=\u0026cb=e2e_694a83985254a2.53358282 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nCookie: __uvt=s%3A32%3A%22a2276a33b813d4058dc7db8d6436200a%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678284/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:10.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678284/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 40510\r\nlast-modified: Wed, 03 Dec 2025 04:09:02 GMT\r\netag: \"692fb7de-9e3e\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40510,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3","md5":"f408e23b54fc227eed32f0d0c4a45455","sha1":"0615e41c60a46bab2fdc2d5685008e897b4814cf","sha256":"493fd26f73f64b022db9048cf163364624b069c572171dedf84eee7977965334","sha512":"34d62dac05affb385941c041ab02e5fe39b2e9b206d5dc83ef72b0764281151e3998f5e70b2fe74fce79fc33a58834b31927b3cc0cab11d74238bb6c7f1ab821","ssdeep":"768:pNHIDEWAn7RG7R8ofPw1zp8ia6INeTTEcARFWMaPqFvSsZ5:+EW67RI8ofPwzJRINeTTQWPyZ5","tlshash":"8c03f266f428c2eefa6ac6f40cd411a681b92f2c9459b6ad1ec98c7c453d4cbdcc2219","first_seen":"2025-12-23T11:57:49.651979Z","last_seen":"2025-12-23T11:57:57.960193Z","times_seen":3,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":87,"dns":0,"connect":0,"send":0,"wait":62,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.pemsrv.com/v1/api.php","fqdn":"s.pemsrv.com","domain":"pemsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pemsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:38:47 GMT","end":"Sat, 17 Jan 2026 14:38:46 GMT"},"fingerprint":{"sha1":"16:DB:C0:84:B9:67:99:32:B2:65:B9:B4:19:A3:A4:E7:78:E9:46:B2","sha256":"C4:03:5E:C5:AB:57:86:05:02:9F:9E:F3:BD:1B:01:5E:C2:F0:0F:F0:14:40:3E:FF:68:BC:99:E6:3B:D1:2A:F5"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.pemsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 409\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":409,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://okxxx1.com/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5538850,\"extra_params\":{\"first_request\":true,\"zone_type\":35}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%2289fe05642f680d7b12138dbe73959ac1%22%3B; expires=Thu, 23 Dec 2027 11:57:12 GMT; Max-Age=63072000; path=/; domain=pemsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1954,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b201e136276cbf2f2a939d31e68ba9a9","sha1":"2a57b98b249e8d8ae9b9dd702897b26bb50a803f","sha256":"02f7cb4a795d27d78f8b8502b5ce9e2db8ab3af423fe87dcbf955fe0ba4fffcb","sha512":"923724589d4acc7565f2f5fd88c7e9aac844cc7a231927af340ee9e948c9832e24a6833f9540e379b0f1450ecec00d95acb12c61fbd0b70db9464eb46b1a6822","ssdeep":"","tlshash":"e141c8f0f99458b8c56ccd597eeb38258fa57a1b6fcc19fb8088446c23ea1181119336","first_seen":"2025-12-23T11:57:49.654465Z","last_seen":"2025-12-23T11:57:49.654465Z","times_seen":1,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":95,"dns":1,"connect":26,"send":0,"wait":42,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/a700b844aabf582247772e22615cd88098d65897.mp4","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/a700b844aabf582247772e22615cd88098d65897.mp4 HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Tue, 23 Dec 2025 11:57:12 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 16872\r\nlast-modified: Tue, 21 Oct 2025 18:19:17 GMT\r\netag: \"68f7cea5-41e8\"\r\nexpires: Fri, 27 Nov 2026 09:56:02 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH3jv4HAAwBuUwKCQH3gwEAAAwBw7WvBgG3VWMaAA\r\nx-77-nzt-ray: e2f754205aa1896f98834a69829bc132\r\nx-77-cache: HIT\r\nx-77-age: 523918\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\ncontent-range: bytes 0-16871/16872\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":16872,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"3a30ef41039217abc73dba6322d4c60e","sha1":"a700b844aabf582247772e22615cd88098d65897","sha256":"6c5efb64c8488c8a92528eadf6f4da232e17eed12a92e2c5288048f584bcbe9b","sha512":"9f41e2c7be3cf5e9490cafbf5c8014e2d849708de05d1de07aa44d795679368b3e57feb73b056547adead14373f205188ab2e2faa804324dd33854a2fab26db8","ssdeep":"384:yM5uSnXST6j7oh6hBd16oYZvWsDpGhcaIuSt0s4T0i7:3BAuSqd1ByesD4cVuSCsk","tlshash":"af72e157834c90a2c9599671367833bfd31b738ba2f61797430cc075ac274b58b8342d","first_seen":"2025-10-22T07:49:28.529399Z","last_seen":"2026-04-03T22:13:11.964815Z","times_seen":439,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/a7/creatives/221/1559/825087/1174771/1174771_banner.png","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://a.adtng.com/get/10012990?time=1636664874192","date":"2025-12-23T11:57:11.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /a7/creatives/221/1559/825087/1174771/1174771_banner.png HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Dec 2025 22:53:16 GMT\r\netag: \"4254d-64655f15f8f00\"\r\nexpires: Mon, 20 Apr 2026 00:56:20 GMT\r\ncache-control: max-age=10461706, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 306158\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\nx-served-by: cache-ams2100119-AMS, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 67, 0\r\nx-timer: S1766491032.890079,VS0,VE1\r\naccess-control-allow-origin: *\r\ncontent-length: 271693\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":271693,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 576 x 230, 8-bit/color RGBA, non-interlaced","md5":"8996fad8b4ece097e4ea05f5543383f9","sha1":"d840465fe3902a8ac2a131130c331bb48cdb73cf","sha256":"d28f3dec36a3d5ea8ada456c3524372711be276c99c908465b346a29533d4aa6","sha512":"8d20068f3f46954286474572a0ea264e59fa2eb99ca4e31c7605a2707301416fe5a241886f7a5d1fadef91e0bd92c58319023250fcef085ef915f3b41cf6ed81","ssdeep":"6144:rBJfgkpEQD++WntsBruqPoVygBqoerbeEGAdWxe3s8n0cEJWt:rBfE3+otsBrulVyg0DbekWxe880cJt","tlshash":"3a4423d60f9798e322e5eb14969d1b486214a35f2cbb0a533313cca11a2e66df2f3c55","first_seen":"2025-12-23T11:57:49.657395Z","last_seen":"2025-12-23T11:57:49.657395Z","times_seen":1,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":67,"dns":0,"connect":0,"send":0,"wait":16,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"okxxx1.com/favicon-16x16.png","fqdn":"okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"104.26.4.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"okxxx1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 03:25:24 GMT","end":"Wed, 04 Mar 2026 04:25:21 GMT"},"fingerprint":{"sha1":"D5:FA:EC:FF:09:24:A6:12:FF:3A:52:E1:F0:71:4C:E2:3E:71:E5:8A","sha256":"A5:BE:13:2E:FC:EF:CD:01:4D:1B:70:D0:A1:FE:BA:0C:83:45:0D:4E:A9:0F:DC:65:74:1C:9F:F5:61:28:28:AD"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/png\r\ncontent-length: 1308\r\nserver: cloudflare\r\nlast-modified: Fri, 12 Mar 2021 08:18:21 GMT\r\netag: \"604b23cd-51c\"\r\nexpires: Sat, 27 Dec 2025 07:37:46 GMT\r\ncache-control: max-age=2592000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nage: 2261964\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f9fgAvTsrMKf7zq6A9Mxcw%2F65Tm2SsZOmKtBQmF%2Fsu8PEWNTSApZtg%2Fi%2F0QQ%2F9hcM4fOj9Te8SbulSlRjEObOJgvSuK7STE%3D\"}]}\r\ncf-ray: 9b27ae14fbf456b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1308,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"ab64816aafcb38f45e8747ac39e35fc2","sha1":"899cfb85b26cb942100df65da51cbb4c8142faf6","sha256":"37bf45d80fa17edbd62f49fe3da334b3a5b77a61b414c799cc285c2f82a17a24","sha512":"2dffc362c9617f4ddebb63aeaa33a036f791a605ee7f8053f89772929c92ade6993b0dabf4f9ea607d084a21059f1ece13a1bf6b33997c1375d92a096bdbb71e","ssdeep":"","tlshash":"6d21c8c8d023a096d3e299531b1745e4ce6720cfd98d83496c67c82468497f812f9f56","first_seen":"2023-05-25T17:24:26Z","last_seen":"2026-02-25T00:18:48.308241Z","times_seen":10,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.okxxx1.com/contents/videos_screenshots/678000/678585/640x360/1.jpg","fqdn":"static.okxxx1.com","domain":"okxxx1.com","tld":"com"},"ip":{"addr":"185.240.28.22","port":443,"asn":56898,"as":"Private Host BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:11.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.okxxx1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:23:21 GMT","end":"Sat, 14 Feb 2026 02:23:20 GMT"},"fingerprint":{"sha1":"33:E9:31:A5:55:9C:39:DD:02:46:A8:92:96:1B:1B:91:31:F2:98:34","sha256":"9A:A9:8B:EE:43:E8:39:4B:1E:CA:83:6A:9A:B7:F0:06:15:B5:B9:09:77:59:40:F5:64:5D:EA:0D:3B:3F:D5:C7"}}},"request":{"raw":"GET /contents/videos_screenshots/678000/678585/640x360/1.jpg HTTP/1.1\r\nHost: static.okxxx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Dec 2025 11:57:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 38196\r\nlast-modified: Thu, 04 Dec 2025 21:43:02 GMT\r\netag: \"69320066-9534\"\r\nexpires: Tue, 30 Dec 2025 11:57:11 GMT\r\ncache-control: max-age=604800\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38196,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"d09f622f36dde9003dee5e6fab785201","sha1":"00c8063cfa46cad4b77592a80f4c13f6bf983f0e","sha256":"60658391fe4a22dbe75e0611f15ca095348860a9d90d2f3a0105e63583f104d3","sha512":"42204175ec6142675ae40e903f84dc23f4ce29f8f107411ed750d6f87f5fb8d93bba15c2d6d0dda11179a1ec7b865ec18495a1117946239236cfba2c6c8876a8","ssdeep":"768:nLt/3oZ2FNMKQymAygJPByjxsP4a3/4BNctyvuQQBFZoA:L5YZ6ZQybPjDmlrif","tlshash":"e303e1756e22accfa457f0b7a1c21be61dc59d1d82976b0e31b162c61f8bdc38a311b1","first_seen":"2025-12-23T11:57:49.665425Z","last_seen":"2025-12-23T11:57:57.959408Z","times_seen":3,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:12.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 611\r\nOrigin: https://okxxx1.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":611,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://okxxx1.com/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}},{\"custom_targeting\":{\"ex_av\":\"1\"},\"id\":5540640,\"extra_params\":{\"first_request\":true,\"zone_type\":38}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 23 Dec 2025 11:57:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://okxxx1.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22af7579a19b4d886046959f3ae18f4579%22%3B; expires=Thu, 23 Dec 2027 11:57:12 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6478,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"291109867e3cabd3f99610da85e5cd9f","sha1":"9de0fb2e4fa6bf23867ac6c76883b348ed466950","sha256":"afa0ac72ae20456841f06dd0d6fc026f5946b9c905ca6fdf30c0942c6738a391","sha512":"0209a085c91d82e4029eeefb0cca30a61df3a51c8a79f418961af909e697bb9b3ece17f0de6cf531f7815e7bc2e9d6f01d63b93be51e333f24b41bcb0168b2ed","ssdeep":"192:7gg3AMK9WObNwOoIEK+R1Mu/s/KSJbobobQ9:hAMK9FuPK+R1MP/KSa9","tlshash":"aad13a7ab2c04cbf4ed06f442ecb75a8ad66305f9e5b8ddd424dee0e9a380360949364","first_seen":"2025-12-23T11:57:49.669207Z","last_seen":"2025-12-23T11:57:49.669207Z","times_seen":1,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":99,"dns":10,"connect":30,"send":0,"wait":151,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/448451/247063fbd40c9ef3d61cef29d09e1c050de17104.gif","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://okxxx1.com/","date":"2025-12-23T11:57:13.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/448451/247063fbd40c9ef3d61cef29d09e1c050de17104.gif HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://okxxx1.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Dec 2025 11:57:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 125849\r\nlast-modified: Fri, 17 Oct 2025 22:47:51 GMT\r\netag: \"68f2c797-1eb99\"\r\nexpires: Thu, 17 Dec 2026 10:15:45 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBuUwJCgH32/0HAAwBuUwKCQH3NgIAAAwBJRPCNAG3twAAAA\r\nx-77-nzt-ray: e2f754205aa1896f99834a6949f73a07\r\nx-77-cache: HIT\r\nx-77-age: 523739\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":125849,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"4945dff7447fdcc00c31034b924ece8b","sha1":"247063fbd40c9ef3d61cef29d09e1c050de17104","sha256":"03441dddfdfe014f2269aab60348fea5f92bb30f8b973b19d903d47ddd9a90c3","sha512":"e8b87b7c9e4b5f9fb9b5e54af814d3266c50eea8805ed1fac6513e3e669701f4ebb72884dee2763e7acce10df696504eedaf683385abe9bfb325a40d6b31be0f","ssdeep":"3072:b2WSxvHuFdmysKgO/66Mz8t52M5XzlUHuOulDxi0WSbg:SWCHujIKgO/6qt5XXzlUHuOyDxv8","tlshash":"fac3129dc8691501f2c0f48f9cc9ab9ba5f17b58c1b1b48383d4c432223de3ed865ab9","first_seen":"2023-05-11T08:14:16Z","last_seen":"2025-12-24T15:25:58.357056Z","times_seen":159,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}