{"report_id":"d5606bbe-ee19-4901-96a1-cbe2187ae14c","version":6,"status":"done","tags":[],"date":"2026-05-02T12:35:02Z","url":{"schema":"http","addr":"g99r.xyz","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.144","port":0,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"title":"welcome-BET365","dom":{"size":405504,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (49996)","md5":"ca58701fb48c48eaa75e642abf86acd3","sha1":"8dfc7708090e994a010cbcf95f958bd33aab603f","sha256":"a355e06669f22fb5b077366ec8374592f9f34e14a1539ae79c09193500c8f86a","sha512":"fa5f213ad3eeba8936a522b0a7f58ceefe901b667c6859599031fc4b6eab5a541a5b306e75f89eda0aa6bf6421317eda2b6223e95cf21e58b47a8167bbf7a448","ssdeep":"3072:mgavaBobz/psPHE1eJTO1l/TMIlPXS1VY:lavaBobz/psPE1iTyQIv","tlshash":"6d844af4435c43f5f40b8b9dac363d6132e130abbfc54548f3ad1ad19bb2686986c896","dom_hash":"domhashfdf73f8b458637b4ce79fe288976b0dd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"g99r.xyz","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.144","port":0,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-06T12:35:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-02T12:34:39Z","timestamp":1777725279,"ip_dst":{"addr":"Client IP","port":36624,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2026-05-02T12:34:39.589324+0000\",\"flow_id\":1542773448539471,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.39.104.132\",\"src_port\":443,\"dest_ip\":\"172.18.0.2\",\"dest_port\":36624,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=g99r.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"06:BE:88:6E:82:AF:9F:EF:32:98:1C:7E:5F:9C:A2:9B:21:54\",\"fingerprint\":\"0d:e8:d8:02:63:55:b8:50:b8:05:2c:64:61:a6:24:6a:73:e0:a6:ea\",\"sni\":\"g99r.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-26T02:57:58\",\"notafter\":\"2026-07-25T02:57:57\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3398,\"start\":\"2026-05-02T12:34:38.949583+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"g99r.xyz","ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-04-24","domain_rank":0,"first_seen":"2026-05-02T12:35:07.256876Z","last_seen":"2026-05-02T12:35:07.256876Z","alert_count":272,"request_count":68,"received_data":7429615,"sent_data":34200,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"GeeTest","description":"GeeTest is a CAPTCHA and bot management provider, protects websites, mobile apps, and APIs from automated bot-driven attacks, like ATO, credential stuffing, web scalping, etc.","website":"https://www.geetest.com","common_platform_enumeration":"","icon":"GeeTest.svg","categories":["Security"]}]},{"fqdn":"img.esportsdata.cc","ip":{"addr":"104.26.2.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-01","domain_rank":0,"first_seen":"2023-07-06T16:47:53Z","last_seen":"2026-04-29T03:41:01.41088Z","alert_count":8,"request_count":4,"received_data":88239,"sent_data":1900,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.geetest.com","ip":{"addr":"104.17.5.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-03-05","domain_rank":196356,"first_seen":"2015-01-16T07:12:35Z","last_seen":"2026-05-01T23:21:10.662406Z","alert_count":0,"request_count":1,"received_data":21656,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"g99r.xyz/configPage.js?v=4/28/2026,%2017:55:48","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","size":949,"data":"","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-05-05T02:06:34.451499Z","times_seen":1381,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8b733e809fcd514bdf9414ce77e3f5bb","sha1":"53f38e306721e3a00f340b966ac3f7642bebb57e","sha256":"a05c0b1be0d5a6858cd22804367a5d3a2d23e45de4cc9cfea2abd9fc65766b49","sha512":"07dc77674e4408902b7243c9036e85dc45bfa8ccdf839bd0f9aebf8f38209bb773c5c58733083e52f79fc22fb034dd03664c97f2c84d68646a138ab52bdaa6bd","ssdeep":"","tlshash":"0ec022a60b287f14110310230374f3ac5431c029bc15f202321f42018f50b0d0830a80","size":190,"data":"","first_seen":"2026-02-15T23:20:06.598758Z","last_seen":"2026-05-05T02:06:34.501249Z","times_seen":303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/config/telegram.js?t=1777725279985","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","size":116886,"data":"","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-05-05T02:06:34.469872Z","times_seen":769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"46c37814c8d855f8d26c8922d6a21d09","sha1":"77a8a7d835aacf3d4c325605b153d011418518a8","sha256":"bf3b91fc06aeb59c3f2832583ce2b70b2b8f4dc45df941aef8611949220ddf84","sha512":"24308fb6d5a6b83f2f8a328fde19300d8ab2a8f2d8116ef4cb160275ed664391e3d52794d94de19ab1a0feadab0168bf0a5e86e2066ccad31c2af2bc0a0ffc4d","ssdeep":"","tlshash":"9531e0282eb29531d423617a1f5bf2843235e62f3148ef043f0dc7661f24d6ba6356d5","size":1702,"data":"","first_seen":"2026-02-15T23:20:06.601892Z","last_seen":"2026-05-05T02:06:34.501802Z","times_seen":301,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/45540.1777369843125.8e1e0acf.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a0e497c34e367322be5d24c3b27d661c","sha1":"05738c9aad3a5d894b6d49780014a52200ef950d","sha256":"073a44ee1f965bd3739f07604455eb8940250c073f060303550cdd02ba87109b","sha512":"ea91edbfdf72b73e3fddb4a652393cfd4c1be31242b51f7caa28ee35cf3f66eb42bafff62ffacc3a2b89cdee253e84e2d8ec5e5c5bbc9832053bd5c00df77b3e","ssdeep":"6144:JYD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:JYD4wFsYiSAKNH3TY5","tlshash":"6024e894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","size":229366,"data":"","first_seen":"2026-04-29T03:41:13.329661Z","last_seen":"2026-05-05T02:06:34.433631Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/home.1777369843125.1e63fe95.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac7180fee301b4b62de750803a778412","sha1":"b70eb6223cbd147c8dc23df4d073e9dc641927d5","sha256":"25b167f413e31989cc5856e80f67902b0e84efed7087cea17ec1b5b0dcda5b68","sha512":"4fe2d812d406c786a2204a4f4b370217f4cccb1bf61cbea821e648667325ad32057d1aa30504952de28142b1f4fa0c523f55298834cb567631cc2b7cd37355b6","ssdeep":"3072:f+YNGVSIMctwiYJBuopQuFdBlGLuJuhxffj7TEOiGRlp:f+YNGVSIMctwi+PjFwzffjAGHp","tlshash":"b5140880b5f0e275576fd2b7d7371024b2271686d0ccac60e1f66b187e28796b236db8","size":193619,"data":"","first_seen":"2026-04-29T03:41:13.306134Z","last_seen":"2026-05-05T02:06:34.470397Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/65246.1777369843125.8333614a.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f72169b9753bbfd046b32e8a9c4c9d8","sha1":"76310a9e002235a02b1842b0ff3985e2bd53ef46","sha256":"26b88e6905d829b63d80a3ce48041e1fd4fe98923072fb1d19b371d117e41045","sha512":"05d8f29fd1ac787d4f27a2d8ee901437e310e0ca663822c6270d05c1de8d33a024e312797a984083b277aa054cde3c5995340a26c25bac74fa6c11b339bcfc3a","ssdeep":"1536:j2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:q+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"de73a501f78272384fa7e290220f2026e16e191505ac5bd8f179ffb93ef0954aa7d7b4","size":73494,"data":"","first_seen":"2025-12-17T20:52:09.055572Z","last_seen":"2026-05-05T02:06:34.475422Z","times_seen":869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"5281f83487c386b7836c0a61310eee71","sha1":"b69aa5eb7750fa2d18540f7a8f28dab10d4b2631","sha256":"5c4f27503b020517fa4d8a831ce6ea7c9b425cbda5603e8e6ce9119aa406cea4","sha512":"4d7ca7094121bc51fd7e24de7f2b9218624f1c7c2b5949e25ad2be53f4b1babc0ac6265a9e20acd2d51fec4e844baebdd7d1aa300a7f52f3b360bf36a8979ca2","ssdeep":"","tlshash":"5c8004047d5d50540000503014740c0d5c133c57403f0314340dcc013fd5c401447441","size":36,"data":"","first_seen":"2025-03-03T20:54:16.013922Z","last_seen":"2026-05-05T02:06:34.502397Z","times_seen":2494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/7653.1777369843125.5eafcc69.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4849391ecd3ae7038c8eca5da5af6cd4","sha1":"6316de5585ce9c3c90e92da7f445df0f1eb06f39","sha256":"7ace68dcf17129b57d79ff5a5ce030178b60d463fa0b0d1027ff5a62981ae2ef","sha512":"04bf30f23c9fc4ee7df1d106f541932dec50cf5794d313087378b16ed5430d29f75a5891abf4e84657525774f2ee231ac62d9e7640000390ee29a08bf23fbae4","ssdeep":"","tlshash":"47310e98b6a171b243af5af98f3f168bf16794c064edb094d096e2e07cb420c4937d29","size":1501,"data":"","first_seen":"2026-03-20T12:57:26.686565Z","last_seen":"2026-05-05T02:06:34.44231Z","times_seen":157,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-init-c0d76f48.1777369843125.2d292e02.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb71ab6debf3abe346c8c4d941813d15","sha1":"88116abc111aad2e9e1b1d0974de9d97cd891e0f","sha256":"3dca15bdb644d02cedbfe3adaeed7ff4c47508d664ad1ce6b361dcef7a5423b5","sha512":"eb604132673651b6a0646263fed02220557b65080b323b03513053af5662af520808cd469c00f7ad99ed16fcf9a2ab5374b89477cf8f8a9f8ed89f6a313afd7f","ssdeep":"1536:xTG5pxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3O:Mvz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"6ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","size":161198,"data":"","first_seen":"2026-04-29T03:41:13.437512Z","last_seen":"2026-05-05T02:06:34.475028Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/13575.1777369843125.cda1d494.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eda98cc14e8c025a359a009951750a20","sha1":"b54dc08d49209bb6953641b57cead1ec1e92d823","sha256":"636dbf0f9dbb30ed3d15582a38bbc4c1857fd1affbe8be077182666b906e7f3e","sha512":"fc6837e6c1ebb1b97998b81be6fab0614b1d30dd0494527bb2fdcaa139d3d26a16798468a172b13ad982cb3ac0651e22ed1d8af5ff62fc501babf9c04c104659","ssdeep":"1536:X17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:hjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"4a141a84764170b8c396a165322f601ae22f789650dd9c24f3789aa47f7470df26fabc","size":194938,"data":"","first_seen":"2026-04-29T03:41:13.356911Z","last_seen":"2026-05-05T02:06:34.483752Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/22872.1777369843125.dbee35b5.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e916996ddfb5f1c6e2f6cbf5a87b5565","sha1":"7b3812a3cf8758cd6ce5a442d899048e27d1790b","sha256":"a50d9c1f28c0948f0d468428aec46c5d300a84fb71ce27e6790ca8e0f40a955a","sha512":"c5fe69584b305477ce1b4bb12d6a9b4ce2c73ddeb07c133f14d7ec7782b743769b4f48824f326be1ea00c53835dda635e0011b055c6af3ad0876a0344d6be794","ssdeep":"3072:PHW7tB4Vgj5tNlxyUYwOW1YegxYffj7TEOiG1Zl+DJVkzEcx1nKs:PHW7tBwgttXxyUYwOW5ffjAG1T+DJVkV","tlshash":"76f30bd4f2c070f6475f85f2a2275065b26f4d92318c98b0e15ba6547f21b48c7abeec","size":158144,"data":"","first_seen":"2026-04-29T03:41:13.30041Z","last_seen":"2026-05-05T02:06:34.439638Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/31098.1777369843125.4108b3dd.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"31b93b7d8dfa0ca7f3f8477f00d0366b","sha1":"734c41538b3d1db2c12b2472b43ed1e86c79251d","sha256":"30c9d4b0f76502c14b849d636bb84d74c4e5caae97b1d650febe724d0f5cf2da","sha512":"dc141065235c7f28f7e4caed203c4d4cbf749bf1c651567bad15cd8225fd297099b4330a2b3d5d810e3a07af90a7e013ed13bd03a45d5018b9d8be708da4b872","ssdeep":"1536:d+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:AKK5sY4brG7O3SnLJNpL","tlshash":"d174b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec56c446aaf8865e92857245c4da","size":352738,"data":"","first_seen":"2026-04-29T03:41:13.322286Z","last_seen":"2026-05-05T02:06:34.47636Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"49bea4e1330b9d3f17c1c143ce23cb3e","sha1":"3a8874032b5979ba1fadfe141c0ebf28baa32fc7","sha256":"07f2a8f457d336c5a0cb2267f53a4be2676d30140da225305675f4b3957eb68c","sha512":"9cf0ea9cec23fb496db40aae14fe1df1a305d4a847e23a724645052c742a5995250f9d7f3f0584d3226aa17c6af04201f72cf7fca01bf4c788df2ab4cf488ad0","ssdeep":"","tlshash":"b580040cdc5544570000501014500cc57c170417453f435f750c04451fd34700007c40","size":36,"data":"","first_seen":"2023-03-08T15:23:49Z","last_seen":"2026-05-05T02:06:34.502966Z","times_seen":2561,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/theme.config.96698fb2.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a9a87f3e8804b6c2e87c2ef64cb06ac","sha1":"b57b77abc2f2694ee5b5404a08100b3bdbae1dbb","sha256":"1597153bb2084ffdd78db4687cd9efcd0d7d54f7f460c9b717988ff3dc4f640c","sha512":"5d9bbb05a39e07f2ccf8ac572dcc12d0ae5af13998abb2a6167619b1774272761b562cbbd40b287c404261553e88a7c872e1cfd2943678f59422161d10cee15a","ssdeep":"1536:D2JREobpmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qYtlGu1Jnz45Hl","tlshash":"23b3bb7ae20c963a6177acbfb46de111c12e9c0cab1d5fdef03d60a25710669c831de9","size":108069,"data":"","first_seen":"2026-04-29T03:41:13.38605Z","last_seen":"2026-05-05T02:06:34.440734Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"0ce02dcf11f1634908b4afc4e1bcc632","sha1":"f8911bd806c6ddd3daab7f3eba10081d7af38f74","sha256":"46c7be5f428c72dac25551dbcf74f494989a3cf773ff04f9e115e15ad7dc2893","sha512":"c4f56e0a143f096a106956d55a60f07405a2418d8eec9917a027d0ede74e7119884002051c598445519ff87ad5526d035c221bbcfc65ce817539e6162f157ac3","ssdeep":"","tlshash":"1901735d483748107b2225bd537f5045f1a2516f9e87cc103c1e5b00eff48a72591bd9","size":750,"data":"","first_seen":"2025-08-16T16:35:14.594808Z","last_seen":"2026-05-05T02:06:34.503524Z","times_seen":2086,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d7029dce5d85a5da627234c9d9dec9a","sha1":"24fb150f1cc1df574ff3e2cafbaa0da15372f707","sha256":"b0ff82425661555aef2b423d91265672271ef5854e3e7b815e12f9b363fd34d9","sha512":"db505fbc49659020a42eb8e2064c9aa0aaebb166f309faf0245432a9a5ceb1d921a6cd040d445c99d38108057d3c9aa84556a5b47433b7401ae410239a28202f","ssdeep":"","tlshash":"f741027d826345a51973346a1f9e734836f340b31149e9113e5c8a802fa9a5f83b7bfa","size":2333,"data":"","first_seen":"2026-04-05T08:11:55.739213Z","last_seen":"2026-05-05T02:06:34.504066Z","times_seen":104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/config/initGeetest4.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","size":14975,"data":"","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-05-05T02:06:34.472872Z","times_seen":315,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-common.1777369843125.4adb46f5.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd30be8efc49091ace6b6cba1d19f85e","sha1":"dcb13a103a96a9346297f81fa22518579b7694b7","sha256":"5aeec070f92421551adae5477625ba84ca8f44c1fc9c181efb18e241c0179776","sha512":"42df127ca6094903dba8af9a2166ce68c1386c59b2d7e48071f6c33ffe1c0e81b2a3673efd413142e6699be9719f79f6172c9f5aaea6fd8d45518f8d09aef6df","ssdeep":"1536:bvBBzbgGcdWUa2UTf6oryXHuLmbErF/G7D1dMI59HTsY5kN/voVGAClVbGD3tFkK:bvBBfRTf6yjFetHTsY5s/voVGAcgD3t","tlshash":"0ff3e8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade67f1a704a436ca8","size":160123,"data":"","first_seen":"2026-04-29T03:41:13.32854Z","last_seen":"2026-05-05T02:06:34.448497Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/83749.1777369843125.7bad5eaf.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d036e00b216c6886ee096346a4aa7d9c","sha1":"8b6cdea36134802a22d5ab4009f69036ef63dd40","sha256":"444030e40d34fa938300dd2cc7b218f3fe47f6a865afd399ea5c1cd5dddae433","sha512":"bab25e53e886cf51cb47125cbb1582da65677fbafa057cc9f770b7a7889ea3bc8a59f60574c16404fba3d974b876f655642a1708a9beedb20b9b47d1b5ba68b0","ssdeep":"1536:lcK/KnqHB3vmeLUw/A6+GplTwsCNgOX8JwTl0sI5pQiVFFsdt+HmQ:rB3vzowo6XTIgOXawTl0sgQi2tkr","tlshash":"6a93e7c4b5f4f5f9279ec5a297364478b02127c5a0c8ace0d2e96e147f1ab92b0758fc","size":91167,"data":"","first_seen":"2026-04-29T03:41:13.335994Z","last_seen":"2026-05-05T02:06:34.46002Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/index-a3dad144.1777369843125.66a58dcd.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa47bc946b9df160fc4c9d0ccd247727","sha1":"2b81fb3062bb6d32ce5cb43811300ec95a0f3cc1","sha256":"907a77df793605acb0f292d7b450584a9f7cc65e76b8ed19c7ed0b72e3a9f4cf","sha512":"73daf5dd0d9b5f8325bc9fd63618ff31bc76dbcd70b12961aa5d9cdac2b0b570fb832a3815c4cdeb269ed90bd5613e681da42d6b0e668303a7660c6017ee0f83","ssdeep":"6144:DybhFOufhkHLHEY/TtesplVyrYlRlNsmq9DG:+zBuHLHEY/TtesplVyesp96","tlshash":"05742c90f76ce1bd874e55fe7a3290a4902c1b41b0c89e59d29d2944fe6b385feb04bc","size":355104,"data":"","first_seen":"2026-04-29T03:41:13.301567Z","last_seen":"2026-05-05T02:06:34.446063Z","times_seen":41,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/21954.1777369843125.57c97863.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0e41dd7729067b884faab37fcd9af417","sha1":"11acbef297a8f924deae47393678fb42c36ece7e","sha256":"9535e9e039663a829c5e5ffb31879f836c96c5e1f58306318b45a64f4a6687ea","sha512":"228b5a935e11e121070f4a6710af8ed39e21fe53a228c99bb4befc116c54f37693f2c9e5b08d202dd5b8375b84c4fbf63918cf013f6af5d4f71464f93524d3c3","ssdeep":"768:QPhaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:/81R6Ipyk6o","tlshash":"a7132088fac2b06dd3eb7330857f505ae66a1dc0668c5438e260d6917e7198dc1fb5f8","size":41968,"data":"","first_seen":"2026-03-18T07:07:19.558046Z","last_seen":"2026-05-05T02:06:34.495996Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/8544.1777369843125.875d684f.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"136fc52b262ec03558367f9d050dd488","sha1":"42d2e74acd67477c27524bb4b17399c3c8a5044c","sha256":"7c0850eefec0bebf32593d27d1d85e262ddea0700c9179c4a1396556d6ccf3c2","sha512":"c7c19dcaf0d7f95397efb2d6e96bf11b3e750a26bff4e9bf6a1ed4c53e3b16b75dd5a728e2d2b490b0431acc27ff1849088c26999912f191b672a683ee2b8333","ssdeep":"6144:y/rOTURxxB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:qiJjytgPJPT3p2YpHrrL","tlshash":"bb442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f295ed90be7555c927fbfc","size":261999,"data":"","first_seen":"2026-04-29T03:41:13.358323Z","last_seen":"2026-05-05T02:06:34.452486Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-init-1656f0b4.1777369843125.32336986.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1aee3b4fdd378acbf851a367f523d6d","sha1":"9b808ee6cd84b9e3969901470ae1c2d1df800ea0","sha256":"a20ad3a83af7751da30c420d96705aa78f39ddbf610789296ce2b47ec3788179","sha512":"71c83f283537df70e91f49c73fe8554e59830f75caf60f372888692946e7c08ca9f13519f082c45ff310ba269151a9a2955fdf6fbc37b68ca4f1e348303725bf","ssdeep":"1536:2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCifM+:2twqhOIK2nCLdyACifMur06/D","tlshash":"30d3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","size":136038,"data":"","first_seen":"2026-04-29T03:41:13.388607Z","last_seen":"2026-05-05T02:06:34.469356Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/35142.1777369843125.e8dc7ade.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a5d97dbf77d44812ad4ab30e375fb143","sha1":"6bcf1ac84a9018203641f99e45abae922aef3e4c","sha256":"ca2b371b1bcef9e7641c24d421d68c7a3cef405f36a13597d724987a369a2727","sha512":"56bd2311e73f8ed688d893ac0c7d29d02bcda91e939a50f8cfc9bbe4435125c878b58ef47519618ca42aad8393b248455b87940c32121235c5850777aeac7b6d","ssdeep":"6144:xfhhkpltRm4iyveBHlBfb0wv1e7Ancbt83i2UfIL5LoSltLFe/fwwutUcAct37/k:xfhhkplTm4iyv0HlBfb0wv1aAncbt83s","tlshash":"26743c84b690b17483af86fb72169194d25e0e9460ccace4f27e6e40bf11746f87b5ec","size":341259,"data":"","first_seen":"2026-04-29T03:41:13.452388Z","last_seen":"2026-05-05T02:06:34.484735Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.geetest.com/g5/gd.js","fqdn":"static.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"104.17.5.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d7af3f3975e0fb657b71508b79515f9","sha1":"b36988028196a947b1d67af0856a79e6cf054283","sha256":"41cadd609d64b1958d25afc39e73148bf669fd94f48e848dd47494e7de5762b7","sha512":"ed69806d7f263fec8f66cccf0de8757df3b17cad5629c242e1da0d668830870d42951b8a05cb6780ecf8034800313d02531393745209a5aa3e00ac5d936e1bed","ssdeep":"384:oGm+XLBnDztmdGnnsQn4DgIzHilQVdlsGxCnXdPVcVf:dm+7B6gUKMrxCtCd","tlshash":"5d92204e6cf5a0934a43b078c9af6114b538da53041c9d597d8ce3a4ef684389bbafdc","size":21040,"data":"","first_seen":"2026-04-05T08:11:55.721652Z","last_seen":"2026-05-05T02:06:34.468316Z","times_seen":107,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-05T09:08:37.483759Z","times_seen":216487,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d053d2da6a5968d7b648d3f7360092a","sha1":"32ae5713edeb00288a3f8f3c02462a5d0ca9dbb3","sha256":"8896d194e4c39e87f52924073dd2d56b4aaab46fc9f7c56a57534545eef1d7f3","sha512":"01f9b63cd24ab6e0e097637341b78cda657192f98e37a39f0f75548f8fe0180418a86594df76858aee7d514282ac4dfb8263e1729ff325035897b841d09206a3","ssdeep":"","tlshash":"82f0a00e0ee548131963707a4c0f9201203b2513414eea08bffe9bb24f92a688a679cc","size":550,"data":"","first_seen":"2025-03-03T20:54:16.018132Z","last_seen":"2026-05-05T02:06:34.504594Z","times_seen":2558,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"25ba01da3f0b1b471747da4637862cd0","sha1":"0c5b0ce449b041467ab3bf825d2cb6c5dc9c8250","sha256":"5f9229d7d1276d1475836391ce453b7432244854be7368ae4c4c590f22789af0","sha512":"58d82418709bd36179a89dd6af167368c35512e8abc68ead43e9be0e5c5fd5027d83289b2ee30e6a211239b4d67790af51039cba61a54b4184e556741437c4a4","ssdeep":"192:K2wqx5Cvtib5XOQRzlaECoXZTAoV51nsPhwzvBa/id3+36a/E/97g6I52MdobsIc:K2VwiYwJvSoVXsp+pa/iZcVk97g6nMu6","tlshash":"8e323b69a5b71bba25673036277f301889b080630319fd947c0ff61e4fa5436629bbe3","size":11906,"data":"","first_seen":"2025-11-05T12:10:48.37972Z","last_seen":"2026-05-05T02:06:34.505161Z","times_seen":1368,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-svg.1777369843125.1e4dfc16.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"17dc7d24243be411dfc65e6d3bfc3fed","sha1":"040dff237c788f6720e1e7ad8903f103cb86db73","sha256":"4296d5094a19dae430c40d8315056ffcd226eafe5012f293d988d2b631c682e1","sha512":"742a36b45941527965abaaa6e1443e4668e5af5085a1166b561059df61a9f42f0096cbc9f80dd9cd845cefd166d5d84a4e6282eb16100e078d28e6c0305a6a26","ssdeep":"3072:h8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:h8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"bfa4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","size":464072,"data":"","first_seen":"2026-04-29T03:41:13.396807Z","last_seen":"2026-05-05T02:06:34.439099Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba4d957ec99a023d40fedffe8f2c9132","sha1":"32e9e162bad0ea93fde3f137877e95bbbb574327","sha256":"24e8b158f0130e4778f80107b4c038c9edda27db68dd815e66221cc1fb5837b0","sha512":"d0e45e79632f3ec13d043d91c87ef458d1ded7256a3aebe641b09e205ccd00b863424342238a41b73fd7173eaf8a260640fb3110c8a48422ef03050b691d5e2c","ssdeep":"","tlshash":"0311c05a59d18132665b303735bd43887724a013d184df413dcc99557f98da5cabf6c4","size":934,"data":"","first_seen":"2025-09-26T05:04:14.419402Z","last_seen":"2026-05-05T02:06:34.50567Z","times_seen":1515,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-05T09:08:37.484988Z","times_seen":642270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/home","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-05-05T09:09:34.126333Z","times_seen":83165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"0554aaa444e2ac2def8b294797179469","sha1":"1b30b218e0314220a32293b060ad46f51b711a85","sha256":"f2e2b0bbfe9849c3496108d51cce24dfcd8dc7a0e5224cb6f1ec61114baf3798","sha512":"4e9c1d9c448c2d43f047f5b56223dade78b5f7403adb1d89df5a0881ae215e914d04b5bc7560b39fe98628b05442228cc3f6e6e35d05bedcbe24058d74476433","ssdeep":"","tlshash":"54a002c33f0a84d1600159558466f14df954d584f55e981ca1a55502d2a07980851961","size":59,"data":"","first_seen":"2026-05-02T12:35:16.886574Z","last_seen":"2026-05-02T12:35:16.886574Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"g99r.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://g99r.xyz\r\nXign: XEwxFgbksU9L/HjhAeRf8OInU5uru63TJKJwugqxGtLfiNYhhpIhj1TAVPUrOb7d3VyVJz+Kn8fwTzOprsNKmf4K07jOV9olY3rDBAzptpjkEHyDE9z3q9CqRfz3N2waUeVZO4dEjpO1Sow9Q+L8JpyNKZBStk4R2OmCEMvgcQs=\r\ntimestamp: 1777725287379\r\nsign: f2lg7f7j5e1p5n6s\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:44:47 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c3da634\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7331,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"c36bf0f7fd7d5f1081ac656ce03dff4e","sha1":"3b722130d03ec7b6cd98cd80edfe046e7b116715","sha256":"27c86ee0dd20a582e9a56c19bec9f053a6ddf0eef5ff41ad10eeda539a8d720c","sha512":"0119a331142755a069c3440e221c0fb8e64abe33f2b9fc55c783280625f8af39d38ca38e90d7941ddc5efe1cb0b8f9f18e68fb1411ff93a4deb91b2c13d827c5","ssdeep":"192:VQXaHYhLBEWN/DUxL4jiJSGv3mY5rocwrLI4irw9bdWanVAa7aqr:2qHYvEk/DUrJSGv3mY5rTQw4dWanVT7P","tlshash":"9432be570b12e3a0669cd4f8a5236dc11a9b4acc80bdabd5d274c0902fde79071cc8b6","first_seen":"2026-05-02T12:35:16.817604Z","last_seen":"2026-05-02T12:38:48.421743Z","times_seen":2,"resource_available":false,"data":null}},"time_used":6186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/35142.1777369843125.e8dc7ade.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/35142.1777369843125.e8dc7ade.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5350b\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af184fa606\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":341259,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64890), with no line terminators","md5":"a5d97dbf77d44812ad4ab30e375fb143","sha1":"6bcf1ac84a9018203641f99e45abae922aef3e4c","sha256":"ca2b371b1bcef9e7641c24d421d68c7a3cef405f36a13597d724987a369a2727","sha512":"56bd2311e73f8ed688d893ac0c7d29d02bcda91e939a50f8cfc9bbe4435125c878b58ef47519618ca42aad8393b248455b87940c32121235c5850777aeac7b6d","ssdeep":"6144:xfhhkpltRm4iyveBHlBfb0wv1e7Ancbt83i2UfIL5LoSltLFe/fwwutUcAct37/k:xfhhkplTm4iyv0HlBfb0wv1aAncbt83s","tlshash":"26743c84b690b17483af86fb72169194d25e0e9460ccace4f27e6e40bf11746f87b5ec","first_seen":"2026-04-29T03:41:13.452388Z","last_seen":"2026-05-05T02:06:34.484735Z","times_seen":39,"resource_available":true,"data":null}},"time_used":1989,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1989,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/ecb/8f8306425eba6e0167bcdb25a31b67ec8f","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /ecb/8f8306425eba6e0167bcdb25a31b67ec8f HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://g99r.xyz\r\nXign: x5nnQXqZOFMuJPj6wMnCxA0v0wb/JLxMiIpdwK0BIgOFPFVOwypbq9axxcTnK4XDlnWIhrmqRuGLs6BgxalHrw9ZwDmxVRhF59Gaeu5jxbmlFqlYaKnyw5IS0YKH3az/1q9BfcWjVQ0WCjJvMAoRMm68o8uSY+Wf2izKbVHWoKY=\r\ntimestamp: 1777725287379\r\nsign: 4c7v4t7a2j4m75qu\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:37:47 GMT\r\ncache-control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c3da633\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3703,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"22a1827f9ee5315e75d737b97c5603f5","sha1":"4f62f1cc6c65a99df2d0a12fdbbde5d875a5c745","sha256":"53a4a367c68a11df50ac2e426d666908b31f0dde1d281a974d2d09e0013b57cc","sha512":"a87f9132ab94cd857a1943eb0d42dd3cfd2a85fc6e668257825382f34e9cba15eb76a1ab0ba1ac9262c1194ddbe45d4670621b6f73643c2bcd7bb064d0eac910","ssdeep":"96:eOGS7hTEAzTPZRNe4vK2Ha1A5Zfzg4j0RdyQ9LG6IoOQnempM6J42jv5DgaOa:VP7SaJe4nHKEzgvR0QoqY6JZJ","tlshash":"91b19e86772a5f08620339fa3c63d2d01ed0ff94ab91754ce8263e872fd018d925de5a","first_seen":"2026-04-29T03:41:13.391964Z","last_seen":"2026-05-03T11:34:05.398895Z","times_seen":29,"resource_available":false,"data":null}},"time_used":6188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor_web_2.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_2.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-a049\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1928a60f\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41033,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"66036fddf71ff69f45c146ca63883070","sha1":"4b3076a271d5042ef1b6cffc2ff49f421a819f08","sha256":"93c59a52fe04b0050dd4552a135177533afbe2dec54f10c516610b0dee857e0c","sha512":"29c2fc65e144e5d13c011e4897e0bdf771c7b4c249875eca4fa25589625696c71ec015e7e8ef3a5ee45f2a6ae9df3663da0bb736a6fb13c9628f0d0957827c71","ssdeep":"768:6eyNeN9huVfPKv0KhazApErcA6cFKSkS+pbTCx81TxUqIUgYWxDHc9wZGbYGniRl:6eXXh8KcQakywKK++tTCi6xD89HbxiD","tlshash":"b003f15c4c413e7777f19baae00ac84224d11fd4fdd5e3e61a8bc659a843a68bc2540e","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.484245Z","times_seen":1349,"resource_available":false,"data":null}},"time_used":1981,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1981,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor_nav_web_2.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_2.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-1922\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 90\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af199aa618\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6434,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"e31cb9f70abcc458288bb53868031352","sha1":"965f7cb9aaf0d166c21b8681b0671d17e019c74e","sha256":"33295ad776e1fde54dace5b0343c9aab9a2d70cfa8848e5cbd09065c340e294f","sha512":"acd328b1f4cb6e1c7267696487f637ea5ae4b724f7ab32516632a3eb2c8b4e374fa472ab77120230258fb49a23f54ba3988b155004b46e69519fe3ef57ee79c9","ssdeep":"192:RYc0QiGWn0WG2WmjNJMjOluoj/xrASMJmoJESULHT:RYc0QiGlHmjOo1j/xPMAG2Lz","tlshash":"c9d18ea6ea2a4a52cf8d0d633efc5b0671508e582f390826809a1d1d57767fa24a13e7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.443313Z","times_seen":1271,"resource_available":false,"data":null}},"time_used":2506,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2506,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/css/chunk-common.1777369843125.32ab7c45.css","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /css/chunk-common.1777369843125.32ab7c45.css HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-33e9\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5e4\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13289,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13289), with no line terminators","md5":"c564fca03e3163e6f230cfce16abd0b7","sha1":"f711dd11fd523e3299c13d9ed37d504671ed824d","sha256":"802bcd434c500feaf5a28cbd6adac354ef122e595965c6f9c440ecfd987d1cb6","sha512":"12d14dbdf4f1c1c446aceb866146eff40a66c77f74b8f331d3e9c4fc7c3f01c849b051a31020b2e2b5134fc2c1dd5c807f9cc398eec91edbdd5c7b1d95691984","ssdeep":"192:4dQK/X4cBY4mZGX1lsUTLA7gYEbz/i//LN4hHSQZA2VxM2XwKjv0:M8oTGEbz/i//LihHBrxP0","tlshash":"c452b731d634b53ce57be226f9d09adc6024d417e2730baeea653b3ac5ca4d215332c8","first_seen":"2026-04-29T03:41:13.417048Z","last_seen":"2026-05-05T02:06:34.482673Z","times_seen":43,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/config/telegram.js?t=1777725279985","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /config/telegram.js?t=1777725279985 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-1c896\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1040a5f3\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116886,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (483)","md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-05-05T02:06:34.469872Z","times_seen":769,"resource_available":true,"data":null}},"time_used":1132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/service.68be110a.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/service.68be110a.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/index-399e2569.1777369843125.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2991\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 90\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a621\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10641,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"993784a38ddc1156572bfc3308055ead","sha1":"becff431867226bf323b5a6535fa383992f107eb","sha256":"abca3af980888b08c6cbd57366b3ac94344d66ea048484c4f9867e300ee8703a","sha512":"48790c6340f273a58295fc6607306353ab69d5a818569fe36ef1bffc8fff084b23d37b401e10502b830c67a5efedca56c1c9d778d6198e4069018d055f1869f0","ssdeep":"192:NdsarkpjwOOmfStcnaHtzB3l2eKD9RdfXtRqi3ln+ojjjKMGlnyL5H7nx+:nJQpjgOz9Dd0orKMGlnA5Hbs","tlshash":"8822c0c41e1be1b6d2ffa916b28543a04b3421fda1a24c342d828c04ccad56ac91f9e7","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-05-05T02:06:34.496556Z","times_seen":1305,"resource_available":false,"data":null}},"time_used":2487,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2487,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/8544.1777369843125.875d684f.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/8544.1777369843125.875d684f.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-3ff6f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1040a5ef\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":261999,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"136fc52b262ec03558367f9d050dd488","sha1":"42d2e74acd67477c27524bb4b17399c3c8a5044c","sha256":"7c0850eefec0bebf32593d27d1d85e262ddea0700c9179c4a1396556d6ccf3c2","sha512":"c7c19dcaf0d7f95397efb2d6e96bf11b3e750a26bff4e9bf6a1ed4c53e3b16b75dd5a728e2d2b490b0431acc27ff1849088c26999912f191b672a683ee2b8333","ssdeep":"6144:y/rOTURxxB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:qiJjytgPJPT3p2YpHrrL","tlshash":"bb442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f295ed90be7555c927fbfc","first_seen":"2026-04-29T03:41:13.358323Z","last_seen":"2026-05-05T02:06:34.452486Z","times_seen":43,"resource_available":true,"data":null}},"time_used":1134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/e2ab79b717c8bd92a254a270bb7b2fc3.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.2.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:56.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/e2ab79b717c8bd92a254a270bb7b2fc3.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 12932\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"aeb9d2fd6212cc6b39cb64b4498326a2\"\r\nlast-modified: Fri, 24 Apr 2026 18:13:29 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18AB80E049004CD6\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 4875\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q5h%2BKLyG4%2BedZQYiLr6USPGknF07%2BwsSQ2GIhjB6vP%2B4jnQTABPy5JeUC3JsfZYVtKh7%2FVyLbo6NJg6J%2ByAJqi5cGVvFcGqlKkLVTJL3AQCxm6lbdTuEDiWUcXITukgj2KTaWQ%3D%3D\"}]}\r\ncf-ray: 9f571021aeeab28a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12932,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"aeb9d2fd6212cc6b39cb64b4498326a2","sha1":"88f1258ce320d656157084dbf051f62faf1fb2bc","sha256":"535b9fc36ee8dfc94a0c9e722c27ca5a47709ab29bf1a5c4504bc6d90fa95a15","sha512":"9a5b67c75a1ec29057782b196ba15242e8fa5ef2623045d9a83f2d49c18eeec0f241510af9334e8c449a9a69207242e1a1f450be9cac6115e3d2d4ebeab7f073","ssdeep":"384:OWHX7n09fql3QshXhO47At1iupHFmIIZc6:BHX70t0Xmi8FmB9","tlshash":"d042d09354c1aee2c51d063e1c265ae1201cd7b9d4c6b20fab1ee3740a3d1bf0b6c49d","first_seen":"2026-05-01T17:23:11.884072Z","last_seen":"2026-05-02T12:38:48.431878Z","times_seen":3,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/left.34013cd8.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/left.34013cd8.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 237\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: \"69f08424-ed\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a61c\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 44, 8-bit colormap, non-interlaced","md5":"5ecca260da6fc5e2843405c20ac69817","sha1":"3918cfad7493b6860ded9e259ba90bc6a853f1b1","sha256":"078a4aac39c49a33cbabf23cda7579fa7b76e875e6b6d24d16cfcbf9f8b250df","sha512":"b76a870a79a87a450e5d30a218d75093b57415c563e64a8ffd6839a31b36379dbc08398698b9c1368ecda671d65045d5cfebe3363b98d746d89dcaad15bcd8ce","ssdeep":"","tlshash":"6dd0a99be2076faed1c70bb3732e0ca18a8124e892944b088042c622ca663a1dd82042","first_seen":"2025-08-29T11:05:53.221032Z","last_seen":"2026-05-05T02:06:34.45413Z","times_seen":1301,"resource_available":false,"data":null}},"time_used":4611,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2490,"receive":2121,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-svg.1777369843125.1e4dfc16.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/chunk-svg.1777369843125.1e4dfc16.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-714c8\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5e8\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":464072,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"17dc7d24243be411dfc65e6d3bfc3fed","sha1":"040dff237c788f6720e1e7ad8903f103cb86db73","sha256":"4296d5094a19dae430c40d8315056ffcd226eafe5012f293d988d2b631c682e1","sha512":"742a36b45941527965abaaa6e1443e4668e5af5085a1166b561059df61a9f42f0096cbc9f80dd9cd845cefd166d5d84a4e6282eb16100e078d28e6c0305a6a26","ssdeep":"3072:h8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:h8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"bfa4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","first_seen":"2026-04-29T03:41:13.396807Z","last_seen":"2026-05-05T02:06:34.439099Z","times_seen":43,"resource_available":true,"data":null}},"time_used":716,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":716,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/noData/cms_moren.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/noData/cms_moren.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-4d14\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1a16a629\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19732,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 215 x 214, 8-bit/color RGBA, non-interlaced","md5":"f3c825751a70d4aad8da2ce57f76acf6","sha1":"732da443668abb03a79a70df2d0ea8d801158655","sha256":"c395f4c1941459ef620f6df95fabd39f9ac98e03f6a389886bf224157557ce41","sha512":"a3b3fa2a216c10d331fea4771b916825d0605b94e21ac242d152d7c5e4b984cf3baad7a3fd071dde3432162037514d756cce1a0f699baf3dc98eaf75483c91b0","ssdeep":"384:64pTwcIHFqFpIlD8SqhwFLW/na2PvyQXSOKvOi58KUezsTT5ZOon:67XlROe8WvOAPHQv","tlshash":"a592d0d8abcb6705bb132b43b941a3558e0dfd6a130b9bb131782805ee16151e8d7e3f","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.448963Z","times_seen":1339,"resource_available":false,"data":null}},"time_used":2431,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2431,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/1c77836f2702631a9967c8a60cd02a2e.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.2.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:56.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/1c77836f2702631a9967c8a60cd02a2e.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 32020\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"ab4f96119eb6fe9a6e3af79d9fefdecb\"\r\nlast-modified: Thu, 23 Apr 2026 10:11:01 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18AB80E040D7350E\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 4875\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YdXjSZ8P6exeDmJCfre6Ju45UwaptWsDlE5QQKm%2BqMnZL1y3m0kUEruThIonTRx6tL6Mt0O8cTzcyn77pN4ga783maEiTyinJOF%2B0qVZch%2Brnor9cQWX%2Fwpo9WTplOMCDZI0jw%3D%3D\"}]}\r\ncf-ray: 9f571021aedab28a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32020,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"ab4f96119eb6fe9a6e3af79d9fefdecb","sha1":"df530314cdca298c0b6ad1929f19719dfef017b2","sha256":"558c11b6f6d6b106d42525f6a8a9786ed4ce9e946bcf06c27fc2ca4e54d13368","sha512":"273bc8ee502a527e6addeb9af070d58206b892ceec7e673c598324b6250a93d0286ffe77a4c0952bdc4174942ab4b57966350c648983c051fe7197c9f786842c","ssdeep":"768:owf2O2PdVpFfvVrN0jlFSAk6A0folBs14z2t9pEOhKxHS/5:Bwl7ZvV5Y3k6tZ1SyECKUR","tlshash":"7be2f1e638125ed493c0f9b386e3c25e21b5bd980f790336e54eb7770c6503e1aa488b","first_seen":"2025-08-29T05:40:39.869271Z","last_seen":"2026-05-02T12:38:48.42944Z","times_seen":27,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor_web_3.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_3.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-9faf\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af192fa610\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40879,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"c26161f438986f6e2d677c34d653285e","sha1":"faf6c47a013a9944bb8cac197688908422992039","sha256":"58d11e173550b3420b35c4e4be3eeb76b59ac790d9fb59b535ffe55d3b470fa9","sha512":"97649de556447ef6aa6cdd7d0bec46837cfb328335daa3b862cbaa5e23ca5a8f2af296703c9e961cbad02bb797ebf1f99ced2d1d245fbbb3a428e39d26428c76","ssdeep":"768:ub+4OMIuYE3McXMuDR64Q7sRFKJdsCA1Hunj5tyKxGGTVtkDGlT2oTO:uS4OMXYODNDR6XsRFisCAk39t6oi","tlshash":"db03f108254f2d4466ec90bbc7a1e0f7ee1d103dddb7e30c35a685163e46ca559fa0e6","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.462538Z","times_seen":1342,"resource_available":false,"data":null}},"time_used":1979,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1979,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nx-request-source: https://g99r.xyz\r\nXign: jHOBNdd68ypWzqQwGCSF9xzzUOQ71+jtAxD51ZNOjH4qQjzoilvkuwgLyjDSDk217fa/uWS3tIotva8BHbFD3o/vgCFJKcxnNMLfSiI96Gms3/aF6CL642LwR81xWJvP9bYGwdu6Q+d2G6nY6HdSv2b+g7nhSAFlUrP9G5GVt+w=\r\ntimestamp: 1777725287374\r\nsign: h45746426f163c7t\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: fdScNimHe5TCbpb5KnZddJWwdexS8Yx7\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c68a637\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59601,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (57333), with no line terminators","md5":"9c769645e27c61fecd35101ca25df226","sha1":"f9ee9c40e5e5b9ea3407f07bfd6b86fe2076c56c","sha256":"17e15481c02c7486e325ed46db49bb748f7a5a3285f4ad789e8ec2695172e77b","sha512":"d8d13e4d9db5f41b29beadd69893c4ff087d6068973d19288498715fed8bba6865a1a8579a34ebef085f2bc52fe313240f5a4df6f76f9645be321d440439feac","ssdeep":"1536:eyDMAbFb+bobKbjSbEebcMbCb8bgbXbKbObUzb07bzbrbnb+babibG6isOqRq2qn:xDMAbFb+bobKbWbEebcMbCb8bgbXbKb4","tlshash":"a843dfa681ed18961b9c61e6ae1d3f4d487e791b0a9ef6c5ee0ecf1920b43f79100c35","first_seen":"2026-05-02T12:35:16.832298Z","last_seen":"2026-05-02T12:35:16.832298Z","times_seen":1,"resource_available":false,"data":null}},"time_used":6152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/css/home.1777369843125.0fc9d8d4.css","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:41.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /css/home.1777369843125.0fc9d8d4.css HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-15b21\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1702a5fd\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88865,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"30a5adbe27b21532b2c8f56952780659","sha1":"9145117e5aa3fdd7706b8ee646ad8dcd10fc3c7f","sha256":"37c13454d16818666b7f9cad2fd957546bc4bc5c0ce00a68be778c7ec411dcae","sha512":"823393636732a30be2a0daaedc93f43ec0bacd9cd5f85b238ffeb268af34215887fedef00480f471fadbd2aadd728d697778fee703fc9ae855d7b10d370af38f","ssdeep":"1536:fwRzOcRM7jufawS2d3a8WiLKbzGhbG9gpXdNCN9khb+8J/:fBtuSJwLUK09gEN9khb+y/","tlshash":"99933a76a610253db437ca72aaf06bd8b524c846d7634a3df2527e25cbc71f212363a4","first_seen":"2026-04-29T03:41:13.383588Z","last_seen":"2026-05-05T02:06:34.467784Z","times_seen":42,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/31098.1777369843125.4108b3dd.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:45.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/31098.1777369843125.4108b3dd.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-561e2\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725285=ua/m0NgFqRp8lnXxmFGbgEv0yt3hQyOTEmhV+BqsW8mYisJeo0e9nOzv3O+AQJKZvlrc2NjuFPSd88QI92at54vNEaaTog4jyNvmDVzGLZf/82iAPKhngNVsXw1M04X4R5hiHS084dgL38EDi5fheBgTEoRSf0M3kdGcgg1WWMX1yC/6DKgNeQKZa0lU0R7F\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af23dfa630\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":352738,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65338), with no line terminators","md5":"31b93b7d8dfa0ca7f3f8477f00d0366b","sha1":"734c41538b3d1db2c12b2472b43ed1e86c79251d","sha256":"30c9d4b0f76502c14b849d636bb84d74c4e5caae97b1d650febe724d0f5cf2da","sha512":"dc141065235c7f28f7e4caed203c4d4cbf749bf1c651567bad15cd8225fd297099b4330a2b3d5d810e3a07af90a7e013ed13bd03a45d5018b9d8be708da4b872","ssdeep":"1536:d+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:AKK5sY4brG7O3SnLJNpL","tlshash":"d174b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec56c446aaf8865e92857245c4da","first_seen":"2026-04-29T03:41:13.322286Z","last_seen":"2026-05-05T02:06:34.47636Z","times_seen":30,"resource_available":true,"data":null}},"time_used":5331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-02T12:34:38.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:39 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725279=HFcFtT5g5mjW7rZqcys4NCVyLTHcE8wERjTIzm+8Bh4r4gavHR9hFIjqdoVgIzE3S9RgD9Jiki88TK+PQ68UpBX7/lNvXXAaYbC/IzVcpbuEx4NaxFyQnyxNPco62xrk0POz/QuhDz+glymimG6C0nygpwJqs+hosV1VQQAYgww1SEXjsX+jecwR5TtqUDpJ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0dc5a5df\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"GeeTest","description":"GeeTest is a CAPTCHA and bot management provider, protects websites, mobile apps, and APIs from automated bot-driven attacks, like ATO, credential stuffing, web scalping, etc.","website":"https://www.geetest.com","common_platform_enumeration":"","icon":"GeeTest.svg","categories":["Security"]}],"data":{"size":24409,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"de12f9ef6903679d754b67293200edd6","sha1":"fd38488a0db4f56c62536cbdb4c5957ca9091148","sha256":"735a322de1f2ded527f569184d7c6c57ddaca2726df1b527386667704e130688","sha512":"6e460e29f99686c44c928a124be7cdc3b1633d6584c9d7e0256c69a1d328ec0cbe7f401d79385a18d16d458606e132567e8f7fa5e4e7ce56a3ffadc6c7b63b95","ssdeep":"384:Eo3ERrxqNBPJ+96junwIX2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:EpRVqrJ46junwIXiNYiKop/E6wkpcu2T","tlshash":"62b2185a9df349762523303a1fbfb20879b0c0274209ed443e4de7594fd59aa42e3be6","first_seen":"2026-04-29T03:41:13.317002Z","last_seen":"2026-05-05T02:06:34.48024Z","times_seen":42,"resource_available":true,"data":null}},"time_used":1512,"timings":{"blocked":642,"dns":1,"connect":211,"send":0,"wait":228,"receive":0,"ssl":427},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/css/index-399e2569.1777369843125.a7b0b4f4.css","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /css/index-399e2569.1777369843125.a7b0b4f4.css HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-faee\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5e6\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64238,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (64238), with no line terminators","md5":"1f30d2cd291b70a1848607e3460d9278","sha1":"e91e48518ec94fcaacf418789927f34d7527dc99","sha256":"8ce1851c7bd6e7db80ee5ee8da7a0c808f29756dda3c941bb3811dc3bd3e5afd","sha512":"3cf09b1afc740c4a219a45a233489d76587ec8bd80a57c52ab133f33fdffa8a3fe35a0a27e386270ebeaa9e86d156897e44733b8eb83ee6935fe67749c30cd0f","ssdeep":"768:E0ouVbMisnf7X8vtr9UL5srs7hAqpLe20TCKiNkZICSA2ohGyHukQ9aaV+TJtU+G:HoGws9isrQAqVe6KekWRlkQ9hf+Pe","tlshash":"c6538d3123e0286ee27b6b16ec51e659352b8602f127625af703362fc1d72f5c67b742","first_seen":"2026-03-20T12:57:26.768432Z","last_seen":"2026-05-05T02:06:34.468845Z","times_seen":162,"resource_available":false,"data":null}},"time_used":717,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":717,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/no_data.02e9590c.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/no_data.02e9590c.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T09:09:46.634642Z","times_seen":14680357,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-init-c0d76f48.1777369843125.2d292e02.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/chunk-init-c0d76f48.1777369843125.2d292e02.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-275ae\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5e9\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":161198,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"eb71ab6debf3abe346c8c4d941813d15","sha1":"88116abc111aad2e9e1b1d0974de9d97cd891e0f","sha256":"3dca15bdb644d02cedbfe3adaeed7ff4c47508d664ad1ce6b361dcef7a5423b5","sha512":"eb604132673651b6a0646263fed02220557b65080b323b03513053af5662af520808cd469c00f7ad99ed16fcf9a2ab5374b89477cf8f8a9f8ed89f6a313afd7f","ssdeep":"1536:xTG5pxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3O:Mvz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"6ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","first_seen":"2026-04-29T03:41:13.437512Z","last_seen":"2026-05-05T02:06:34.475028Z","times_seen":43,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/21954.1777369843125.57c97863.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:41.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/21954.1777369843125.57c97863.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-a3f0\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af16cfa5fc\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41968,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41968), with no line terminators","md5":"0e41dd7729067b884faab37fcd9af417","sha1":"11acbef297a8f924deae47393678fb42c36ece7e","sha256":"9535e9e039663a829c5e5ffb31879f836c96c5e1f58306318b45a64f4a6687ea","sha512":"228b5a935e11e121070f4a6710af8ed39e21fe53a228c99bb4befc116c54f37693f2c9e5b08d202dd5b8375b84c4fbf63918cf013f6af5d4f71464f93524d3c3","ssdeep":"768:QPhaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:/81R6Ipyk6o","tlshash":"a7132088fac2b06dd3eb7330857f505ae66a1dc0668c5438e260d6917e7198dc1fb5f8","first_seen":"2026-03-18T07:07:19.558046Z","last_seen":"2026-05-05T02:06:34.495996Z","times_seen":50,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/bj.ada43481.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/bj.ada43481.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-6b4d0\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 90\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a61f\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":439504,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 927, 8-bit colormap, non-interlaced","md5":"2c55f8fcc8edb773be5014d8deb72c4e","sha1":"e7e55505bf22de833ec6b82a229e70bdba93b58f","sha256":"21c44535cffd825752bf9a535001b4b605147e3434cf2906fc2c8fcdcd992c1a","sha512":"bab93e8eb191df623bd7e238ae8d5cf7feae73e2a768d7b591d4dd8b7aafc199fce7c34066a272fc9137959a78a6bcd9fb388f39d4a0938f5674aaee815a3cf7","ssdeep":"12288:K+TyFzCVXhEu0hvb3kkjOO9FNkh4k6yvwUKA4AuJiT9h+:tTyFGjENkkyOWh87UK/JiT9h+","tlshash":"739423b1df0b89c858a39043dc74f99263e8d0a6bdc40ab80bf14b9176709dbbbf5116","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-05-05T02:06:34.481314Z","times_seen":1242,"resource_available":false,"data":null}},"time_used":2488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/api/tenant/domain/list","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /api/tenant/domain/list HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nx-request-source: https://g99r.xyz\r\nXign: oEIO4tlO0vqIDiy4rkqLS0BqSnOh5iF60WDQ/yvadtnltihtX46Ymt6vx801pBNDJjoA6pfw6YjeuDhs7KTzIJ9VF8RxB8AF3bKCriuipnkC8LV0KJUZqT7awAZErWNOd+L1KwSfbPanx8jNlhOa1gd6mYRxAXN5X7LrXTmujbg=\r\ntimestamp: 1777725287374\r\nsign: 75de335779665e7i\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:44:47 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c6ca639\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1108,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5d9e96bd132a2c24281ae50f2b09efe4","sha1":"503ea18100d0f1573baa195933355a1372e93841","sha256":"7f205b18b5deaae96622989dbc8ad73999a9616e96ef26d909f19525deadb328","sha512":"ab5a589dc81944d2fe05d656777e9e490d42a2fd68c7e577387cfdd47c9b0c5276ca2f91a3868407c373e500d00bb5360a5ae035c7c0cb1addf47f20755a268b","ssdeep":"","tlshash":"fb11c6101c6f12c8d6e8d29263503345388d8b76056db91b69d6b74fae0583a32120a4","first_seen":"2025-08-29T11:05:53.144028Z","last_seen":"2026-05-05T02:06:34.459505Z","times_seen":1326,"resource_available":false,"data":null}},"time_used":6146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor_nav_web_3.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_3.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-1cf4\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af199aa619\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7412,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"eb94a297c215863d5d2232eaa67f4779","sha1":"d006f382f63ada4e4ef65d124a75eac2e4e72dd0","sha256":"6bd46b617bf27cb28fb798d50b2d6daa2aaed1a278ed50e9aa549b6e4fac48c3","sha512":"dc7759393acb5e7d1a635b4d91d73e84abc41fe6afde99a85a8e4ed6f4f8b1b5819bbcaa80b1c213c00c89df8b81db512a7bff142b24c50565ff1e6289f1a30c","ssdeep":"192:Sfq39wgHGYB1fcUWobKUUR6IHaDmzDxfbTow:uQ9gCEUWoWUe6DeJQw","tlshash":"94e1ad76a7f6d695a6b7908cfece94050fbba2722c6352762b7b8c02170c339525b411","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.451998Z","times_seen":1274,"resource_available":false,"data":null}},"time_used":2506,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2506,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://g99r.xyz\r\nXign: wSvN8lLq0nvftWIaGp7+FYz6kjpUxU1y/AoI7RGdMwUWfqT5giGykBn/PKIWep7zUXWPAa/5Hlkw+B6TXW91QnY55FhtlFSsNkNjCONoQ+tL1Zbi9uusoFyVwEraQl8fSHsLDarZfHwswlPU4Bd3lNOd5purFLTKj5Z33mZjWeE=\r\ntimestamp: 1777725287380\r\nsign: h30h15293p5l732e\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:44:47 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c68a638\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3828,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"d4030a33464fb1ca773325281e9359b0","sha1":"f0689c01b0ddaab32bf1dcfad5beb12d488f8efc","sha256":"e8f1f6beb13a3551d71c42dcd364bab6c4857548ab750b75b77a57e12305eda6","sha512":"e251da701262ee2027d5fe7a9ef2a840ac19c1a198e1dd9ae71447707e736df4d39221b4cf4b92a01706dfea48606eb82cdcb42efcf0882446c2f34d438a45c5","ssdeep":"96:eOG3iMFIoL1z+WuQ6JdcSssJ1OIhOC2Iqk8yxtx5hfchDsjdnsF+CXVXdls3uJ8o:VL0pJuzg5sJDOCRq8xtxg5UNnqdS3ij","tlshash":"09c15c09f794b7a0974643fa74d710a8921f2d7bb68b6d79c7b0c36b045b71a132e704","first_seen":"2026-05-02T12:35:16.841352Z","last_seen":"2026-05-02T12:38:48.449466Z","times_seen":2,"resource_available":false,"data":null}},"time_used":6149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/home.1777369843125.1e63fe95.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:41.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/home.1777369843125.1e63fe95.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2f453\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1705a5fe\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193619,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64126), with no line terminators","md5":"ac7180fee301b4b62de750803a778412","sha1":"b70eb6223cbd147c8dc23df4d073e9dc641927d5","sha256":"25b167f413e31989cc5856e80f67902b0e84efed7087cea17ec1b5b0dcda5b68","sha512":"4fe2d812d406c786a2204a4f4b370217f4cccb1bf61cbea821e648667325ad32057d1aa30504952de28142b1f4fa0c523f55298834cb567631cc2b7cd37355b6","ssdeep":"3072:f+YNGVSIMctwiYJBuopQuFdBlGLuJuhxffj7TEOiGRlp:f+YNGVSIMctwi+PjFwzffjAGHp","tlshash":"b5140880b5f0e275576fd2b7d7371024b2271686d0ccac60e1f66b187e28796b236db8","first_seen":"2026-04-29T03:41:13.306134Z","last_seen":"2026-05-05T02:06:34.470397Z","times_seen":42,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor.json?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 646\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: \"68aaab45-286\"\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af198da613\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-05-05T02:06:34.461472Z","times_seen":1457,"resource_available":false,"data":null}},"time_used":2540,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2538,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-common.1777369843125.4adb46f5.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/chunk-common.1777369843125.4adb46f5.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2717b\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5eb\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":160123,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fd30be8efc49091ace6b6cba1d19f85e","sha1":"dcb13a103a96a9346297f81fa22518579b7694b7","sha256":"5aeec070f92421551adae5477625ba84ca8f44c1fc9c181efb18e241c0179776","sha512":"42df127ca6094903dba8af9a2166ce68c1386c59b2d7e48071f6c33ffe1c0e81b2a3673efd413142e6699be9719f79f6172c9f5aaea6fd8d45518f8d09aef6df","ssdeep":"1536:bvBBzbgGcdWUa2UTf6oryXHuLmbErF/G7D1dMI59HTsY5kN/voVGAClVbGD3tFkK:bvBBfRTf6yjFetHTsY5s/voVGAcgD3t","tlshash":"0ff3e8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade67f1a704a436ca8","first_seen":"2026-04-29T03:41:13.32854Z","last_seen":"2026-05-05T02:06:34.448497Z","times_seen":43,"resource_available":true,"data":null}},"time_used":714,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":714,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/13575.1777369843125.cda1d494.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/13575.1777369843125.cda1d494.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-2f97a\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1040a5ee\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194938,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"eda98cc14e8c025a359a009951750a20","sha1":"b54dc08d49209bb6953641b57cead1ec1e92d823","sha256":"636dbf0f9dbb30ed3d15582a38bbc4c1857fd1affbe8be077182666b906e7f3e","sha512":"fc6837e6c1ebb1b97998b81be6fab0614b1d30dd0494527bb2fdcaa139d3d26a16798468a172b13ad982cb3ac0651e22ed1d8af5ff62fc501babf9c04c104659","ssdeep":"1536:X17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:hjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"4a141a84764170b8c396a165322f601ae22f789650dd9c24f3789aa47f7470df26fabc","first_seen":"2026-04-29T03:41:13.356911Z","last_seen":"2026-05-05T02:06:34.483752Z","times_seen":43,"resource_available":true,"data":null}},"time_used":1135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/config/initGeetest4.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /config/initGeetest4.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-3a7f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f6ea5e3\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14975,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-05-05T02:06:34.472872Z","times_seen":315,"resource_available":true,"data":null}},"time_used":719,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":719,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/css/83749.1777369843125.2e202a68.css","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /css/83749.1777369843125.2e202a68.css HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-6f2f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af18f2a60a\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28463,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28463), with no line terminators","md5":"1ead8072763d5fe20963f033dc63d94e","sha1":"36eeb0853a1b5681ab464dc1ef3682160e420e60","sha256":"8f014d5d9b2798ecfc473bac7c23f80295b94af3cbeff054fcaf973b286f8240","sha512":"92670a870b9db4259e71072ab72699e3431fa9eb53027f4b90c954b51eaf1869f5f50987808e5c625e9101ea4ea3aca655b81ba73f3ba2ced4cd480eb9a915cc","ssdeep":"384:DYCKpsUIc1F8l1TANI34yQyqPPQwmfzIfRbHx6+OhCcbakzeYaTONdqdK:DYCKpcPE64yDqbodqdK","tlshash":"07d2739ae5d4b13e6c1fbb35ebc5a1ecb1399450df620e7af202762547c3af1012216d","first_seen":"2026-04-29T03:41:13.425526Z","last_seen":"2026-05-05T02:06:34.460966Z","times_seen":39,"resource_available":false,"data":null}},"time_used":2701,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2701,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/heying.d446c85d.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/heying.d446c85d.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-591\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af191ba60d\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced","md5":"c0d0c516850381dd1ca39dd94b08f21b","sha1":"54522affec52debd9c0bd3784f0ce9bf692f5d6d","sha256":"301cbb9a8c3fae88d732c8b8fdfe40113e3257831d37150e95564cc0f9b8fbe7","sha512":"6d6b1263f2de2b35237c784fd0aa127c469f8b6ebf347ff1987d791611d5b36f0909f3a81f9db6b1571756ecae60454d854e776e5ed782acbdfcce4fda2b9c86","ssdeep":"","tlshash":"dd213b5023742cd0e8ae3457ef12e5fdb823417994f8dd0c99b9bc3e84908b1057a48e","first_seen":"2025-09-04T00:49:32.953523Z","last_seen":"2026-05-05T02:06:34.457776Z","times_seen":1303,"resource_available":false,"data":null}},"time_used":1795,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1795,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/help.4e3cf897.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/help.4e3cf897.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/index-399e2569.1777369843125.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2852\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 90\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a620\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"6dd52a6a4d07f2786b1926fac1b4b06a","sha1":"9c9908204401fbe65d33cf7df8881639d6aea37d","sha256":"e02471f47b506ab510d0e0dc4224cffc03c34f950b649ce347ccd71af0bcf0ab","sha512":"fdd52f532e5c2e2c182db20e2053eee0ca8c26cec51ff75e1bc341b01911461ac72fa75887fa3114188ba32aa6341c0974d81d071fc42b605e72f73dfb87ab9c","ssdeep":"192:x0C+pMwjX2XZ456BAJu+1KzdjCfDrRq6wUPlJyh2h4PAmWP5yQSkHxfYX32H5TRm:EjGXZau+1MjCrrRLlqGOnWcQSkRQX3IG","tlshash":"3822c054370836084f737a4362ac4e837a06040ffdf9b7919a6372659a5b94e44cfb66","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-05-05T02:06:34.492253Z","times_seen":1309,"resource_available":false,"data":null}},"time_used":2488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://g99r.xyz\r\nXign: GdtC7xgqpFsAAK62zjnavP69ldFdoC/U5SiWE4ANSLdn9AKaEZBAFJK5pGpMF3LlPaoPgRy4GY9anCpCMc5iLXVl8KKLjRkBc5XGLAmBO7e0FwihcWNZ2ZklKwkkdmEgTLFHxObyr4WcaAoMHcs0dyybxDoJm/672bpX7BsI7S4=\r\ntimestamp: 1777725287379\r\nsign: j6h652f5n733211i\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:44:47 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c67a636\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2132,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"993900fcd0654caf0cde8544e9a6f0ae","sha1":"900f2580db6968e6fd3907a9deaaa6f45e263605","sha256":"bc605ec2c10a4b58662ae58d4739b1b2df24e4b73dd25bac24d56817bad8f892","sha512":"a17ddd0fa5e94a14ab075aa74af49966fd20528a182d87dc7c1e9717c8fc964aeffa65d3bf25c178d741cb803b7a5d0514766039af443e407a1c7c72597aea3a","ssdeep":"","tlshash":"1f616d176a8eb345da2a8e71c8738ded592cc329b75ce8e3c5908f2086e730330ad540","first_seen":"2026-05-02T12:35:16.847823Z","last_seen":"2026-05-02T12:38:48.442057Z","times_seen":2,"resource_available":false,"data":null}},"time_used":6153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/css/7653.1777369843125.0ab0fca2.css","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /css/7653.1777369843125.0ab0fca2.css HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1439\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1850a607\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5177,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5177), with no line terminators","md5":"a0ef4268641ef0b005737ce8cc0c4b44","sha1":"9bb50b9000a419e7a701392b0d7d6c992cf585bb","sha256":"f64c7a7e6ecd620d1c7f8cc67e1eda83a0a115a8d86f3954efdaba3c09d62e66","sha512":"07605ebd7e16aef28f0ad5ed406f29ea9b77e8ba6b2079c810aacf8faf0b4a8d18d4f7775c62860cbf6d4379729a60076103a4daa833c860ddebeee3793ccbe2","ssdeep":"48:ZSPkOO2s2L5Pukasq+nArLkrL4QuQKhUjUkM5P6CdRDRWURcWaTHR/:iOvyP2r4rEDFP61LR/","tlshash":"d1b1412f01703349641bad6807dc67098325d8b399eb37da259d2a0dcbc3f861eb718b","first_seen":"2025-06-26T16:31:28.933081Z","last_seen":"2026-05-05T02:06:34.473335Z","times_seen":2117,"resource_available":false,"data":null}},"time_used":1350,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1350,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/ea7b339e585247cfef3ccd821f15b81e.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.2.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:56.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/ea7b339e585247cfef3ccd821f15b81e.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 14529\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"59844e73b63137fd7506791dd4f51956\"\r\nlast-modified: Thu, 23 Apr 2026 15:00:23 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18AB80E048304863\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 4875\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sz1yeQJRaykKwrvZsIAzcO3ScBVuFT0AS7t6pAhitXE3xAaw4V7eEDtrsZsuhGGNlO5f%2BLAZaYpjxtDkCAJ4laQ0RLwkrgBwkBNPczvjdLzZHSxRk97LlosNAI64DWo1HoeytQ%3D%3D\"}]}\r\ncf-ray: 9f571021aee0b28a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14529,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"59844e73b63137fd7506791dd4f51956","sha1":"7f695547f10cd735b7df37ff86569aaa4f763bff","sha256":"ce4b0200150c1621295f5f48adf3e403f2e715d4a74b76c03f459260a0cf31c5","sha512":"f5ed55d09933997c9307c4ec64723b46b521fbc66dc95c4a106e580f5bbb1db932b3264646e57ddcc4307510f04b469cef7390b7b5fff823b2d7251775ff146b","ssdeep":"384:JVMt3Jl58leCkMi14CJzT/TFhZXNuVOD8n:JSt3JUleCkMs4CxzRN5k","tlshash":"e162c06b6e81adf3c12b33a4026da4365724cb733d673f0421d4742ed21a7fe5325aa0","first_seen":"2025-09-13T01:37:37.342674Z","last_seen":"2026-05-02T12:38:48.42703Z","times_seen":21,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/bj1.17ef2db8.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/bj1.17ef2db8.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-e5eb\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 90\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a61a\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58859,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 1299, 1-bit colormap, non-interlaced","md5":"59f1176bd542d042d8ddecbe4ab2cbdf","sha1":"7251e6f8bc0bf8bf3e62e892b34540f8259dcf9d","sha256":"b3bc2f14721d5f84900af66179eb6ad69a9c8d5a89eae36f877cf09fc9872603","sha512":"c4e7f1491686b72482ba26e34fd94496fc71bec2a35ba1d7cf67391e1f47f859465ad9f0c7d286bd35f9a26132fd80012a2cd2f8133cf1c6013db4f4d27a85d7","ssdeep":"1536:jlJ0Z4kwI3cG0YXIPf/OWcFOtk2bnIlfyMcw68vTbD8:gxbsGvYXd8OtTbIsgTbD8","tlshash":"004302d3b5e9f610dd38c157a3d1c9da504483be3e938d0bebbe402629fd56840a6f16","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-05-05T02:06:34.480774Z","times_seen":1322,"resource_available":false,"data":null}},"time_used":2505,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2505,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/index-399e2569.1777369843125.70d3d47c.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/index-399e2569.1777369843125.70d3d47c.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5cf4\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1040a5f2\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23796,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23796), with no line terminators","md5":"6b35d598f9222431824849a2ef5b6359","sha1":"c7409a8c4b4e0d925aabc7be2afbb31941494256","sha256":"b82b7f362bca79155342b54e2494f4086e7181eba033c4b667ff885b2bc33439","sha512":"3fff55c5f39ae811ca094e65168d57fdd6ddeafb608e8209b24ed3587dbdcb4580c09ec8361c1db0557843a26bd10552e9a5a14ad827c876ecccef7036d8e689","ssdeep":"384:EZSANHmDGj4aePlBTSQwf+q0ht1wtzgNA2K88ZdZ11YcpK21p5F3oWf0Af/nBtUM:HnDGcPPlRef+BhtutUHKTZXYeT5FYxA9","tlshash":"0eb2b6e53392bdb4c24f9276f23a68ecc43f9151c34fc4f8d264bd947c98644aa92784","first_seen":"2026-04-29T03:41:13.403184Z","last_seen":"2026-05-05T02:06:34.490187Z","times_seen":42,"resource_available":true,"data":null}},"time_used":1131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/b5ae6453f2e40dac2f469a7060dc839d.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"104.26.2.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:56.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/b5ae6453f2e40dac2f469a7060dc839d.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 24950\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"e5131735e1393bec016330b6f184c073\"\r\nlast-modified: Sat, 25 Apr 2026 16:04:11 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18AB76672D91F7D3\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 4875\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YOv5C4npOgcZyAKWArKVeS0BkJtHID%2B%2FrRZm6Et2uQf6GVIUz8kb5dzbhoWj2fefQjx4u8nTAW%2Bj5olWNgYXNn42ZWu52q0B1j9KvJn3O53XyIUxlQJxUq8MygscQxZZ8pg7KA%3D%3D\"}]}\r\ncf-ray: 9f571021aee1b28a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24950,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 139 x 181, 8-bit/color RGBA, non-interlaced","md5":"e5131735e1393bec016330b6f184c073","sha1":"257e28b8af9de8913f4680e279a29d403e5ec0d2","sha256":"7a473db24a666d4e5d559d6c5167849b8876f9d51790120ae3288c3e4a1e3134","sha512":"9b7536788825e296d020f1865d8835f1a88a57f7d70e7ba30de63867c8673b7c1810c684ec7db1ce5b6e11df5b2041da024a3f0109478b1214181dd6a62a3d7d","ssdeep":"384:GyepGGhjT6fZNSQpupAOPtJYcRL9IOEYQGQu/F7cfk9s/kizjIstyRDTv2kOp/5u:GDRhKQpvAMF/Fofcs/hzjPtMDI3BiCU","tlshash":"48b2e1d1b90d1bd205a2eb4adf0ed2a3ed1fdceec47a61d329a718540ca135690afc47","first_seen":"2026-01-10T05:48:02.748542Z","last_seen":"2026-05-02T12:38:48.416751Z","times_seen":42,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/83749.1777369843125.7bad5eaf.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/83749.1777369843125.7bad5eaf.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1641f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af18f6a60b\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91167,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64072), with no line terminators","md5":"d036e00b216c6886ee096346a4aa7d9c","sha1":"8b6cdea36134802a22d5ab4009f69036ef63dd40","sha256":"444030e40d34fa938300dd2cc7b218f3fe47f6a865afd399ea5c1cd5dddae433","sha512":"bab25e53e886cf51cb47125cbb1582da65677fbafa057cc9f770b7a7889ea3bc8a59f60574c16404fba3d974b876f655642a1708a9beedb20b9b47d1b5ba68b0","ssdeep":"1536:lcK/KnqHB3vmeLUw/A6+GplTwsCNgOX8JwTl0sI5pQiVFFsdt+HmQ:rB3vzowo6XTIgOXawTl0sgQi2tkr","tlshash":"6a93e7c4b5f4f5f9279ec5a297364478b02127c5a0c8ace0d2e96e147f1ab92b0758fc","first_seen":"2026-04-29T03:41:13.335994Z","last_seen":"2026-05-05T02:06:34.46002Z","times_seen":38,"resource_available":true,"data":null}},"time_used":2699,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/pay.8f35ebe1.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/pay.8f35ebe1.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-154d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a625\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5453,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 492 x 132, 4-bit colormap, non-interlaced","md5":"05d444b76263f6958a37ac82e45daa67","sha1":"a067d3a654da1ec4c51d8f049aabaa112183e355","sha256":"49166910b376f5487f30174e60fcf13aaaca9620ef1aa58cfb2c94a8c111ea8d","sha512":"7d276d57b068ec4a0125512e0781c501a96bf6c30b30304d247251190c6421a9ed7a03ec208a590d19d9a1183e3837b06d141bddd99abb7b0ee4e2a1ba28b28b","ssdeep":"96:u9g9Yof8+keuD1Kai/MXG5BHMsDiCNPFH/qX4iWXnqvcIzDRHSVyl07TrOKCm0R4:u9g9rJuYai//7FiSXnqvNYGmrOKcPwzp","tlshash":"74b18e749d6efb2a26b315c30d7499c21ea45c9e0d94f1c2244776963c732de3270985","first_seen":"2025-08-29T11:05:53.301829Z","last_seen":"2026-05-05T02:06:34.48522Z","times_seen":1245,"resource_available":false,"data":null}},"time_used":2483,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2483,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/loading.da46bff6.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/loading.da46bff6.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-7384c\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 88\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1a02a628\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":473164,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"ac7ca483f10bc73cffa89f639f6ffa56","sha1":"03873b9607c635752526968af31773498d259afa","sha256":"a054b81d2850fe2da5b4f97a1c50c05ee59a24c37f1c700e5cc45fe6079598b6","sha512":"caa6b3e243f02c86ccaf71aafd0e716834a7a0cf07305c5c7cc0a1b9d637cc2802caa067b0010c7c3c064e3fe8f7881b26992f57137f98477266653342257760","ssdeep":"6144:NFoYczeWIF3Q/IUPYhuF0KX38I4z/tcKZPehCIjAl/CS+b:rLczeTUPpF083CBdeh7MlvI","tlshash":"79a423929b411988e1096432215fab4d23993b6458ab5fbf78843d88893cf059ff763f","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-05-05T02:06:34.434692Z","times_seen":1293,"resource_available":false,"data":null}},"time_used":2430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2430,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/appdown.6e7c9177.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/appdown.6e7c9177.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/index-399e2569.1777369843125.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-277f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 90\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a622\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10111,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"716d097b193628397635cfac41b561fa","sha1":"545d1876219bed15fe850a499a08322de6a26866","sha256":"50276d87fae9c1e30a32c32b4e90dcc2e227cabb4e3bb1d60ecb22fb50c5f2ff","sha512":"47ea5928e921bec4ce4d9c807ee921f6115a6dd27af6fa7325e6d988058d22cf36c03693ebc56665203809cfd6d008cd410380e688e90b36d7eeec18ce6aa92f","ssdeep":"192:cALsiDRih/bWKl4Hq2BHZE6+3paMeCsuTvB6hi6tswYmd:lBEv2Hq2BHS1ZaMJtB+tsud","tlshash":"4622d047a584327b826ec79c8fe98c112470ad1ce6f04d5ac44e711128e8df3503baf2","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-05-05T02:06:34.488825Z","times_seen":1305,"resource_available":false,"data":null}},"time_used":2487,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2487,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/download/download_nav.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:46.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/download/download_nav.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:46 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-2c05a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725286=c4ZIFwRXPre2Dx+UIFbP3RgdOK7HUuLrZN/0nHCMLzzvl3f7gSAzAdVvQhagskxc+/3KymlYfzU7y04E1SlDwSPvsF8lvr2+9ptEAIMrJG4pPq8W6Q6iqW0bAXHByRSENDZUBIjjOs3+dm7pIolqALDvQC1yJquyXMKOmU1VFDQBaiIuSI1COqwll1rBJl1A\r\nage: 92\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af278fa631\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180314,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 820 x 600, 8-bit colormap, non-interlaced","md5":"87eaffe415a7eb41b7b4b8a868bb3b32","sha1":"575618003efbf8dc8ea781379aeff463cd0cc498","sha256":"4264138e0c015e52e3efa14e34ce9c52490316935b4667756ea631b96eca64dd","sha512":"2b06fbacffed6de2fb1d4a6db2cbd0d9c5c790f9b5a10a6dceac64ff69d300f20628c465a720102da9bd857c80be886ab0a37848929741d2bdef6eddbe0de8bf","ssdeep":"3072:iWlCRQlVF5aSW/mUdJSu3405ovKFzkRKcZjF9Km/mKg/hPFsQBhXRU0K:iWM2I405oCRncZHL/mKWBhXRU0K","tlshash":"0f0412cc23773ffbf8a0865a83fbc1599c3bfd0824e56722ea1662b5186053145a59cb","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.444525Z","times_seen":1197,"resource_available":false,"data":null}},"time_used":7381,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7381,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://g99r.xyz\r\nXign: MN3chN+UuKnBG/VI/tVYs1CpcADhkWOywdKop4ln+dFfUW7YGVpJ224186Xt+w7gvMoKVrfrPXNEQDneG8Wp3LEoZ8+bQZqLamsYgAQdnCyUEHBUbELGvhJrSLFtWMljjvB9m1TD/J+BC8ti1PmIRqk1fo3rO4Sskrh0mcGB3xw=\r\ntimestamp: 1777725287379\r\nsign: c6g5o975136k7mq4\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:39:47 GMT\r\ncache-control: public, max-age=300, s-maxage=300, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c58a635\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34099,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"64165ffd5c06313c45cd13302e3264d7","sha1":"f165c866794ac5a2b7b1e546121e6fb633192de1","sha256":"784484d549d827f06edc4db09c09d904e0693e6dbe38b4fb06519410c2c7a765","sha512":"572f7087f3e3aa7f009a2765f3cc9ecaed1efc38900af52f718c148d21069aca05b6dad5245b0e691f06eaf1c25b5778c7dce754562596ad7bcc3d159f91a865","ssdeep":"1536:OvIExMWGTXBp/f/QC2HJUyVo+leV/wtPc6kY3wQT:iIExMnXrABH6ydlg/wtk6Vv","tlshash":"ff33d0140201f3f0d3eb94fe1d161ac01a25de96eaa6fd61c576c7606afb01ea39f5c2","first_seen":"2026-05-02T12:35:16.859526Z","last_seen":"2026-05-02T12:38:48.422799Z","times_seen":2,"resource_available":false,"data":null}},"time_used":6168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/configPage.js?v=4/28/2026,%2017:55:48","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /configPage.js?v=4/28/2026,%2017:55:48 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 949\r\nlast-modified: Tue, 28 Apr 2026 09:55:57 GMT\r\netag: \"69f0842d-3b5\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f6ea5e2\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":949,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (917), with no line terminators","md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-05-05T02:06:34.451499Z","times_seen":1381,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/45540.1777369843125.8e1e0acf.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/45540.1777369843125.8e1e0acf.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-37ff6\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1040a5ed\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":229366,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a0e497c34e367322be5d24c3b27d661c","sha1":"05738c9aad3a5d894b6d49780014a52200ef950d","sha256":"073a44ee1f965bd3739f07604455eb8940250c073f060303550cdd02ba87109b","sha512":"ea91edbfdf72b73e3fddb4a652393cfd4c1be31242b51f7caa28ee35cf3f66eb42bafff62ffacc3a2b89cdee253e84e2d8ec5e5c5bbc9832053bd5c00df77b3e","ssdeep":"6144:JYD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:JYD4wFsYiSAKNH3TY5","tlshash":"6024e894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","first_seen":"2026-04-29T03:41:13.329661Z","last_seen":"2026-05-05T02:06:34.433631Z","times_seen":43,"resource_available":true,"data":null}},"time_used":1135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/assets/logo/favicon.ico","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.219Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 585615\r\nlast-modified: Fri, 27 Mar 2026 09:31:20 GMT\r\netag: \"69c64e68-8ef8f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1803a603\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-05-05T02:06:34.440238Z","times_seen":149,"resource_available":false,"data":null}},"time_used":2060,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":1841,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/index-a3dad144.1777369843125.66a58dcd.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/index-a3dad144.1777369843125.66a58dcd.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-56b20\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1040a5f1\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355104,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64580), with no line terminators","md5":"aa47bc946b9df160fc4c9d0ccd247727","sha1":"2b81fb3062bb6d32ce5cb43811300ec95a0f3cc1","sha256":"907a77df793605acb0f292d7b450584a9f7cc65e76b8ed19c7ed0b72e3a9f4cf","sha512":"73daf5dd0d9b5f8325bc9fd63618ff31bc76dbcd70b12961aa5d9cdac2b0b570fb832a3815c4cdeb269ed90bd5613e681da42d6b0e668303a7660c6017ee0f83","ssdeep":"6144:DybhFOufhkHLHEY/TtesplVyrYlRlNsmq9DG:+zBuHLHEY/TtesplVyesp96","tlshash":"05742c90f76ce1bd874e55fe7a3290a4902c1b41b0c89e59d29d2944fe6b385feb04bc","first_seen":"2026-04-29T03:41:13.301567Z","last_seen":"2026-05-05T02:06:34.446063Z","times_seen":41,"resource_available":true,"data":null}},"time_used":1132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/bj3.a7dbd558.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/bj3.a7dbd558.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-16cb\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a61e\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1003 x 171, 8-bit/color RGBA, non-interlaced","md5":"b79234bcd23ce7e063481b3605bcdd45","sha1":"eace4c48cc352cfb10fb6fcffed50748f18aa78d","sha256":"2dbca2ee9a515b178cb6a5ce670a5dafa30941ad8c753fa3e94642f8dacca13d","sha512":"40fa685181391f1ca805440f53683045d1fbd5c0f36cf471f53641c6f289481f42fefc4d1f2b2fdfe8a20d7488ef0537f10352492e46af76770b49fe8876def7","ssdeep":"96:brOIaX7VK+RUSrZ3rnZ1L++y+hsVoK4CBVVikox3n0muoE7Nqh7zwGto:K7VK+RBZ3l1i+y+3peikr3oEJqh7MCo","tlshash":"91c18f03f313ed339b875f190abe4dc3498b2f9a4725a7d6285b5aa89654819c062e82","first_seen":"2025-08-29T11:05:53.328141Z","last_seen":"2026-05-05T02:06:34.488363Z","times_seen":1295,"resource_available":false,"data":null}},"time_used":2488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/license.ea57c78d.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/license.ea57c78d.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-7b8\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a623\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1976,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 161 x 52, 4-bit colormap, non-interlaced","md5":"60a2c7c150b01809fbb7b97932684b5b","sha1":"67fc9647c452a17b519c6a51dc8c38daa23755f9","sha256":"c5ce31558a1f979ae78c7779d2f312b196750375541e9c147b73d6e44d47c276","sha512":"2328442fa1c74e47c6eff4adab55920c7e7738e7ae51bd2b222fb696bbcf8201a14805089a33baa80c28a40db47061048d817c384bd72735b2e0c0116ff63c6f","ssdeep":"","tlshash":"b3412a6266729beced1a8c47592c7df1d8338ca1a200e1c150ed761f1bf8e1060e7a94","first_seen":"2025-08-29T11:05:53.23289Z","last_seen":"2026-05-05T02:06:34.434193Z","times_seen":1251,"resource_available":false,"data":null}},"time_used":2484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/css/46431.1777369843125.7dc7cfcf.css","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /css/46431.1777369843125.7dc7cfcf.css HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-552d2\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5e5\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":348882,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e9d628daba48b940e276f091325ad9d3","sha1":"fdad8ce2a89ba61e92793906f2c486dba4ab6830","sha256":"8335d1e28f036809b567aa56d38506372340045a62595b1d896dd659faf5ec5f","sha512":"ca21fb5041ed2e5dfc57f5080b7cfc4bfad2aa4f9e7556680d57ac7d82669ff16ee746998b3d016994ae96c770b8a582ef129b01f52e5dace961e2625cc15ac9","ssdeep":"6144:z4+4r0H8Tu4+4r5cRlGuEQUQ929sYbnpTP40:z4+4ZTu4+4La0","tlshash":"0774fa6caf1030ae15a7cb27b660f5199c36a443f9bfde9af3e53d580789a510623c13","first_seen":"2026-03-06T18:01:11.525986Z","last_seen":"2026-05-05T02:06:34.457256Z","times_seen":184,"resource_available":false,"data":null}},"time_used":718,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":718,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/fonts/DINPro.9ee75b04.ttf","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /fonts/DINPro.9ee75b04.ttf HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/46431.1777369843125.7dc7cfcf.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 119892\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: \"69f08424-1d454\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a627\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119892,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 10 tables, 1st \"OS/2\", 30 names, Macintosh, 2005 Albert-Jan Pool published by FSI FontShop International GmbHDIN Pro RegularRegularAlbert-Ja","md5":"028cefac160ed3b006f47106fbc68d1c","sha1":"efcecac09684435facd7397e4f6163a5069802c2","sha256":"fb841a09a82787982ad1774bdeb45e8e06ff4909161a9ce33fd42f8822c5ddc3","sha512":"3a5a284d0c4da6593b857ba785a4ba7d5f2e2b73d22a2ef25435b9558063d2486228d76a3cd5d3a59b5abe4c0da696a75373111b3569a94a9dea1516cf16091f","ssdeep":"3072:YhtN/CZnt1tbtKtHtFNgz1QZt0tbt2ktwtNstAtqNaEctWpy8TLtsIb66AUeo:YhtNGnt1tbtKtHt7t0tbtxtwtNstAtqV","tlshash":"5ac308c153e8fa4ad83996388511c7434226ff2de65d4f36ffd94d8c688e8e9064e6e0","first_seen":"2023-05-08T18:58:40Z","last_seen":"2026-05-05T09:09:34.082259Z","times_seen":3155,"resource_available":false,"data":null}},"time_used":5027,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2471,"receive":2556,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/partner.dca3fc6e.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/partner.dca3fc6e.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-7129\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a624\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 151, 8-bit/color RGBA, non-interlaced","md5":"7374b72d05130af2d77119eb0eb4ba10","sha1":"5b3e5e621329685de250121b2fd9c798f46f7d65","sha256":"059a622a7f1f0f1f239d624f19b0f5531c0f0aedadb8ccd40d2570a76dd56752","sha512":"c2d0f744838a882c8ac15de6bb0bfbeb3dd2f31550cc7a259b9890ea38eddf835902171c1346ed7e1d2005ba18b929d598002d60b7355df72073d955521b18b0","ssdeep":"768:tAAoY1X4ITISUWhiqmMiuCaUENwHoacq8zqWx6:abaX4SIYIdMMow8zqi6","tlshash":"a2d2e0ecdc3058f1f533894dc979813a6f3886ba05e359817a36f92bddc3e8506491e6","first_seen":"2025-08-29T11:05:53.287538Z","last_seen":"2026-05-05T02:06:34.473973Z","times_seen":1244,"resource_available":false,"data":null}},"time_used":2484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/theme.config.96698fb2.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /theme.config.96698fb2.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1a625\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5e7\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108069,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38260)","md5":"6a9a87f3e8804b6c2e87c2ef64cb06ac","sha1":"b57b77abc2f2694ee5b5404a08100b3bdbae1dbb","sha256":"1597153bb2084ffdd78db4687cd9efcd0d7d54f7f460c9b717988ff3dc4f640c","sha512":"5d9bbb05a39e07f2ccf8ac572dcc12d0ae5af13998abb2a6167619b1774272761b562cbbd40b287c404261553e88a7c872e1cfd2943678f59422161d10cee15a","ssdeep":"1536:D2JREobpmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qYtlGu1Jnz45Hl","tlshash":"23b3bb7ae20c963a6177acbfb46de111c12e9c0cab1d5fdef03d60a25710669c831de9","first_seen":"2026-04-29T03:41:13.38605Z","last_seen":"2026-05-05T02:06:34.440734Z","times_seen":43,"resource_available":true,"data":null}},"time_used":716,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":716,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/65246.1777369843125.8333614a.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/65246.1777369843125.8333614a.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-11f16\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1995a616\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73494,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (48666)","md5":"4f72169b9753bbfd046b32e8a9c4c9d8","sha1":"76310a9e002235a02b1842b0ff3985e2bd53ef46","sha256":"26b88e6905d829b63d80a3ce48041e1fd4fe98923072fb1d19b371d117e41045","sha512":"05d8f29fd1ac787d4f27a2d8ee901437e310e0ca663822c6270d05c1de8d33a024e312797a984083b277aa054cde3c5995340a26c25bac74fa6c11b339bcfc3a","ssdeep":"1536:j2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:q+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"de73a501f78272384fa7e290220f2026e16e191505ac5bd8f179ffb93ef0954aa7d7b4","first_seen":"2025-12-17T20:52:09.055572Z","last_seen":"2026-05-05T02:06:34.475422Z","times_seen":869,"resource_available":true,"data":null}},"time_used":2528,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2528,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://g99r.xyz\r\nXign: dFqGP6X4yXcbi8ravYYOf9n/NnZuB4HGhaEs0mXdFbAcWnBlOcXcXLRCw/8pcqtFBjzoNZrqqxCWzX4bcMTp1ZNYMRvy6pXfqAxkpwSumyQTEODU3rxHJaiItZrSFfl2jpqhDOIikAbpDSAZ96ig61gxJHOgRwRF3alNPkw9V80=\r\ntimestamp: 1777725287380\r\nsign: 62583o611n397b3q\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:44:47 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c7fa63b\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7331,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"c36bf0f7fd7d5f1081ac656ce03dff4e","sha1":"3b722130d03ec7b6cd98cd80edfe046e7b116715","sha256":"27c86ee0dd20a582e9a56c19bec9f053a6ddf0eef5ff41ad10eeda539a8d720c","sha512":"0119a331142755a069c3440e221c0fb8e64abe33f2b9fc55c783280625f8af39d38ca38e90d7941ddc5efe1cb0b8f9f18e68fb1411ff93a4deb91b2c13d827c5","ssdeep":"192:VQXaHYhLBEWN/DUxL4jiJSGv3mY5rocwrLI4irw9bdWanVAa7aqr:2qHYvEk/DUrJSGv3mY5rTQw4dWanVT7P","tlshash":"9432be570b12e3a0669cd4f8a5236dc11a9b4acc80bdabd5d274c0902fde79071cc8b6","first_seen":"2026-05-02T12:35:16.817604Z","last_seen":"2026-05-02T12:38:48.421743Z","times_seen":2,"resource_available":false,"data":null}},"time_used":6136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/sports.60212fd6.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/sports.60212fd6.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1c734\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a61b\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116532,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 666 x 541, 8-bit colormap, non-interlaced","md5":"fc82aa907334f929011fc2a6ec906f55","sha1":"f76bd75b9d1235807c70c7d763a1865d7c3f8d4e","sha256":"2ae1d61176960d7ddfddcb30a69d22b9da893687370d8cd26f4917d129a1bf3b","sha512":"12ef7a828d7d4228596b0db0ad77b200e8ffcfe2457d12821a4e9778b62668ebeef075c2bc79076e36291e3015afbfe276a2ca230ead018b38e2d3fd803dd31f","ssdeep":"3072:/ZEgiWqpGRwEyiwX0wgOZzbKoSxNiSvrUeO4h:/ZLf/R2iVwgAKoSPiSvVOy","tlshash":"76b3021c79775a2083c6bcb40b583aeae09b3dc19d169808d68b7791993df43c970bed","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.478725Z","times_seen":1383,"resource_available":false,"data":null}},"time_used":2492,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2492,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/7653.1777369843125.5eafcc69.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/7653.1777369843125.5eafcc69.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5dd\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1850a608\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1501), with no line terminators","md5":"4849391ecd3ae7038c8eca5da5af6cd4","sha1":"6316de5585ce9c3c90e92da7f445df0f1eb06f39","sha256":"7ace68dcf17129b57d79ff5a5ce030178b60d463fa0b0d1027ff5a62981ae2ef","sha512":"04bf30f23c9fc4ee7df1d106f541932dec50cf5794d313087378b16ed5430d29f75a5891abf4e84657525774f2ee231ac62d9e7640000390ee29a08bf23fbae4","ssdeep":"","tlshash":"47310e98b6a171b243af5af98f3f168bf16794c064edb094d096e2e07cb420c4937d29","first_seen":"2026-03-20T12:57:26.686565Z","last_seen":"2026-05-05T02:06:34.44231Z","times_seen":157,"resource_available":true,"data":null}},"time_used":1989,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1989,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor_nav_web_1.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_1.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-1e8d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 90\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af199aa617\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7821,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"0eb441aa3c30cc3c92da984283938f90","sha1":"74a769808afa9b87ea483a82d47958bf05ab9b87","sha256":"146f45de163728bb850c9a8e6c1693dd4c82caf7b6e1f58728395003b84f286c","sha512":"d1c9c8824c4f42f71db8ce2b62955647aa55bb590305765cd931000d0fc6023f7d57cd3daf6992094365ca6ecb42f02f93d606d79f6643a2f89d52f71200461e","ssdeep":"192:AnUYZGCj89cpWsWKE+hAqF7k4Pk7KJw7OjF57HUNuvs7alaUd:AFEijWKE+hHF7kt7857HU/eRd","tlshash":"20f19f3eececd52cd1a745f68caf47a6142c5031ee9d7929b82fdc728649a409d403c5","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.463638Z","times_seen":1276,"resource_available":false,"data":null}},"time_used":2507,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2507,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:47.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://g99r.xyz\r\nXign: TCH+h6BahbTYJU6tK1zVdjbxfz3DjTU7Mkzk5Uu6Pkb6vyGKkxbUKePkIsgorRWwTzDjmMr/W04xa8v+x0uwepJW2nz7M78aOYz+mfqQ+mAr/4Zm3LkkiKgaTy97GneCMGRHus0XoC+21nEoFGUyWkxfKHQ9E5PJF1LcfGO3nkg=\r\ntimestamp: 1777725287380\r\nsign: 524i6j633a6g245n\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: nQFm3eQ8WjrWHc6dSipaQJCettHEjMYK\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:47 GMT\r\ncontent-type: application/json\r\nexpires: Sat, 02 May 2026 12:37:47 GMT\r\ncache-control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725287=eXz1w9d/uySp8q8Cp7kTE+iGnuVw03tIZigZzLvP32lAJcHRLNp+FRYVwvqzI8ncul+S5c8j8oKN0IruSBbgdB4PgzAr+CJiCamkNj9EOHTLS81W4BV5zBFazuoxyLfb03CK5UaxFvVOjWg7KKcfRuCeSLU9ZnjzgilRi1AFFZMA8HTaNcuiMyXUUL7DuNoN\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af2c7fa63a\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"aa1fe36cc499baa3fbdc7ab9bda7432f","sha1":"201b0fc1c4c699f3538c8e3992ec08ecd2f3acb3","sha256":"d509d9e26b3c3a371856286d14bcdd4f17125a10d8ee40e119fdecaf964fb478","sha512":"2dff3b34740cc9d3690f596673675516493472f5ad4bbd3536b5b1b18922543771be73e01051874bc7039aef9461cedb841f0cbe4945118bdea5773a4b3f7a55","ssdeep":"","tlshash":"03b012a2d5a309ed9644713104305c414be022ccc9bcf858c7bc4d2b45650210494105","first_seen":"2025-08-09T20:01:46.169117Z","last_seen":"2026-05-05T02:06:34.49474Z","times_seen":1457,"resource_available":false,"data":null}},"time_used":6138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6138,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/chunk-init-1656f0b4.1777369843125.32336986.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/chunk-init-1656f0b4.1777369843125.32336986.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-21366\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af0f71a5ea\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136038,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44088)","md5":"a1aee3b4fdd378acbf851a367f523d6d","sha1":"9b808ee6cd84b9e3969901470ae1c2d1df800ea0","sha256":"a20ad3a83af7751da30c420d96705aa78f39ddbf610789296ce2b47ec3788179","sha512":"71c83f283537df70e91f49c73fe8554e59830f75caf60f372888692946e7c08ca9f13519f082c45ff310ba269151a9a2955fdf6fbc37b68ca4f1e348303725bf","ssdeep":"1536:2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCifM+:2twqhOIK2nCLdyACifMur06/D","tlshash":"30d3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","first_seen":"2026-04-29T03:41:13.388607Z","last_seen":"2026-05-05T02:06:34.469356Z","times_seen":42,"resource_available":true,"data":null}},"time_used":505,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":505,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor_web_1.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_1.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-a556\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1928a60e\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42326,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"e0ecbe5a9349aaa328ffd6f9515f9007","sha1":"79ebc30d345c812a3e3a122f152829d161b00a52","sha256":"452d27839b3f3f35d11c9a26f06d6cc9db56dc8c61261ee43e0512f69abf71f4","sha512":"fd322bf3ca925ce2eb45317adae1dee0f1c2e4f30035738052a97ccc054ffb576a92a46758559c8d13cff6be549caca5541d14c5692cbec2758ab2b3c7f3324a","ssdeep":"768:2o9mjFjepo5h5jLasrCO57PIrvmMOSf4t7q5bo6Wruv9CSMsfRLMD7XZ0:2ogpymTxRrwmDSM7mbo6WrutR60","tlshash":"8713f2ebe1075d80bb946c9b3925eec61da50f047bc78d68c5e055f921290bb0fa33a7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.479701Z","times_seen":1349,"resource_available":false,"data":null}},"time_used":1807,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1807,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/bj2.a8fabbac.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/bj2.a8fabbac.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://g99r.xyz/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5809c\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a61d\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":360604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 641, 8-bit/color RGBA, non-interlaced","md5":"e0fe8ffeed1841f74df53c3b0c1f2db0","sha1":"77bf6dfe664cdc936776654af151f49368479ec3","sha256":"db4d87e8a403e388c54dd5d114b738c82e1d2dbe65b95630fd5782179f0d7d54","sha512":"825bf73262c2b613b6a8a8397f869db6b2cd4118e554689d228503e7a04c4e674d49c5649e4ac8e2423a7b526c0f6621c259566d0e9bb6ebfa0712a7352968fa","ssdeep":"6144:iAHwIFRCiRIygxWS9v34xfZzuwbIYGzl8BPp0eIiOk3Fg7la6RUIs4pU2:rwy0IgxDEfQwbjw8dpmiOiFgpLHFU2","tlshash":"2874238d711d48cc9c9b45003dd82d9e1c55aa2f7aab20b58264fed24d17ddeec0ea3b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-05-05T02:06:34.475896Z","times_seen":1250,"resource_available":false,"data":null}},"time_used":2489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/undefined","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /undefined HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1990a615\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"GeeTest","description":"GeeTest is a CAPTCHA and bot management provider, protects websites, mobile apps, and APIs from automated bot-driven attacks, like ATO, credential stuffing, web scalping, etc.","website":"https://www.geetest.com","common_platform_enumeration":"","icon":"GeeTest.svg","categories":["Security"]}],"data":{"size":24409,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"de12f9ef6903679d754b67293200edd6","sha1":"fd38488a0db4f56c62536cbdb4c5957ca9091148","sha256":"735a322de1f2ded527f569184d7c6c57ddaca2726df1b527386667704e130688","sha512":"6e460e29f99686c44c928a124be7cdc3b1633d6584c9d7e0256c69a1d328ec0cbe7f401d79385a18d16d458606e132567e8f7fa5e4e7ce56a3ffadc6c7b63b95","ssdeep":"384:Eo3ERrxqNBPJ+96junwIX2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:EpRVqrJ46junwIXiNYiKop/E6wkpcu2T","tlshash":"62b2185a9df349762523303a1fbfb20879b0c0274209ed443e4de7594fd59aa42e3be6","first_seen":"2026-04-29T03:41:13.317002Z","last_seen":"2026-05-05T02:06:34.48024Z","times_seen":42,"resource_available":true,"data":null}},"time_used":2532,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2532,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/logo/logoWhite.png?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/logo/logoWhite.png?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 27 Mar 2026 09:31:20 GMT\r\netag: W/\"69c64e68-547d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1919a60c\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21629,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 318 x 144, 8-bit/color RGBA, non-interlaced","md5":"0fe99b7761db545277ab76a5eac225b7","sha1":"c0ae9d5f9473be88b84d7d46d1efc51283a57a76","sha256":"e74b087729f820069fc590a73411d4b19d3da8a22ad1d127d4e4109be832cd97","sha512":"848f1da518a00ef98cf0e70429260b91720d3f139ed89714536d0a267aaacb8acb9779dfb1c0b42b134f81cb1ec0f5af97a160f1fc327750b111e88d7c6cc239","ssdeep":"384:Ok3FHRYfLVQEST+Yh9YDQiIkXnq3H+PxYi5JLL5PI4v2Kee/0Aytd:nFHRYfL+r9AQiIk0H+ZRGQHee/yr","tlshash":"aaa2d0d63930414ec49128de0fc1b9285cb6858847fd1e944f9f5eb2b4a3df62b4b368","first_seen":"2026-03-22T09:12:55.770605Z","last_seen":"2026-05-05T02:06:34.446514Z","times_seen":136,"resource_available":false,"data":null}},"time_used":1799,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1799,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/assets/logo/favicon.ico","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 585615\r\nlast-modified: Fri, 27 Mar 2026 09:31:20 GMT\r\netag: \"69c64e68-8ef8f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1804a604\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-05-05T02:06:34.440238Z","times_seen":149,"resource_available":false,"data":null}},"time_used":9029,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":8804,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/img/zeren.c0aa584f.png","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /img/zeren.c0aa584f.png HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-cfa\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nage: 89\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af19f4a626\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 414 x 130, 4-bit colormap, non-interlaced","md5":"217588cbcd6216a09cac17953ae710b1","sha1":"de250755d284bb75dcee38ee45f2fc839987dcba","sha256":"24c2821b322d0c9087bcb0727dc0307311f6cfbb52af9f8a93308e48705f706e","sha512":"da190054ec0862c9927bb3bd928481459d53d4d778e9b2928c2507f2a34df5791d43adda750fcf184b767c1ba3a3f92e45dc57242a80869e253a9b37639abb4a","ssdeep":"","tlshash":"50616c01eb9130b8129c286701bd3fcda4c64d993d203d798d87b29bd6f970d288b123","first_seen":"2025-08-29T11:05:53.326961Z","last_seen":"2026-05-05T02:06:34.474486Z","times_seen":1241,"resource_available":false,"data":null}},"time_used":2482,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.geetest.com/g5/gd.js","fqdn":"static.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"104.17.5.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.geetest.com","organization":"Wuhan Jiyi Network Technology Co., Ltd."},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:8B:31:34:03:03:4F:25:DE:AF:F1:76:9E:25:19:08:18:0C:04:EA","sha256":"F3:25:0F:0B:68:0B:B5:E2:F6:2A:F2:FE:E9:AA:10:6C:61:1C:7D:A6:FA:3F:D9:45:0F:E6:58:6D:71:F9:2E:2E"}}},"request":{"raw":"GET /g5/gd.js HTTP/1.1\r\nHost: static.geetest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9f570fb878235695-OSL\r\ncf-cache-status: HIT\r\nage: 1387654\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\netag: \"7D7AF3F3975E0FB657B71508B79515F9\"\r\nexpires: Sun, 03 May 2026 12:34:40 GMT\r\nlast-modified: Mon, 30 Mar 2026 13:35:27 GMT\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncontent-md5: fXrz85deD7ZXtxUIt5UV+Q==\r\nx-oss-hash-crc64ecma: 275051795077788302\r\nx-oss-object-type: Normal\r\nx-oss-request-id: 69CA7DA1318BA43434E50547\r\nx-oss-server-time: 8\r\nx-oss-storage-class: Standard\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21040,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"7d7af3f3975e0fb657b71508b79515f9","sha1":"b36988028196a947b1d67af0856a79e6cf054283","sha256":"41cadd609d64b1958d25afc39e73148bf669fd94f48e848dd47494e7de5762b7","sha512":"ed69806d7f263fec8f66cccf0de8757df3b17cad5629c242e1da0d668830870d42951b8a05cb6780ecf8034800313d02531393745209a5aa3e00ac5d936e1bed","ssdeep":"384:oGm+XLBnDztmdGnnsQn4DgIzHilQVdlsGxCnXdPVcVf:dm+7B6gUKMrxCtCd","tlshash":"5d92204e6cf5a0934a43b078c9af6114b538da53041c9d597d8ce3a4ef684389bbafdc","first_seen":"2026-04-05T08:11:55.721652Z","last_seen":"2026-05-05T02:06:34.468316Z","times_seen":107,"resource_available":true,"data":null}},"time_used":140,"timings":{"blocked":52,"dns":36,"connect":4,"send":0,"wait":23,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/js/22872.1777369843125.dbee35b5.js","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:40.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /js/22872.1777369843125.dbee35b5.js HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-269c0\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1777725280=PZdgWzxkn/FYPHuxAc/r7sdIAUTJOAf0syWsWqr5yz/iBmdXFT1t8YyUbHlbwH0SOSDpDXSOxj5xhhtVEKPMbBjHHJcic0al4NTxMabVvwYIg8hSZb0iPhKMTWLqtyUn4CNiSHuVE1YIZRV7sBFmF0BQJ4IwApgoP1ICgM/iuAko3J3Mu0EitLrxIFUBlSTX\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af1040a5f0\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158144,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e916996ddfb5f1c6e2f6cbf5a87b5565","sha1":"7b3812a3cf8758cd6ce5a442d899048e27d1790b","sha256":"a50d9c1f28c0948f0d468428aec46c5d300a84fb71ce27e6790ca8e0f40a955a","sha512":"c5fe69584b305477ce1b4bb12d6a9b4ce2c73ddeb07c133f14d7ec7782b743769b4f48824f326be1ea00c53835dda635e0011b055c6af3ad0876a0344d6be794","ssdeep":"3072:PHW7tB4Vgj5tNlxyUYwOW1YegxYffj7TEOiG1Zl+DJVkzEcx1nKs:PHW7tBwgttXxyUYwOW5ffjAG1T+DJVkV","tlshash":"76f30bd4f2c070f6475f85f2a2275065b26f4d92318c98b0e15ba6547f21b48c7abeec","first_seen":"2026-04-29T03:41:13.30041Z","last_seen":"2026-05-05T02:06:34.439638Z","times_seen":42,"resource_available":true,"data":null}},"time_used":1132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"g99r.xyz/kc523-1/sponsor/sponsor.json?1777369782162","fqdn":"g99r.xyz","domain":"g99r.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.132","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://g99r.xyz/","date":"2026-05-02T12:34:42.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"g99r.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 02:57:58 GMT","end":"Sat, 25 Jul 2026 02:57:57 GMT"},"fingerprint":{"sha1":"0D:E8:D8:02:63:55:B8:50:B8:05:2C:64:61:A6:24:6A:73:E0:A6:EA","sha256":"BF:86:C5:4C:CD:1D:44:B3:8C:7A:E0:10:A1:16:1C:87:12:19:CF:CD:54:4F:24:3B:1E:D7:B8:F4:85:AB:19:43"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1777369782162 HTTP/1.1\r\nHost: g99r.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://g99r.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 02 May 2026 12:34:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 646\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: \"68aaab45-286\"\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1777725282=J/gMFgsot4UJi9Nsmklpje9eDRfIucH70LbpRyHzwBq/A1yyJvUFn0j6d+WCe5mowugNMhW6GEhmQxiNN6Qkw3mB9VyBXaGfoBAc+TYyis9WoTFGxaxybZWPM2e2Jon/6snIFiIxjBTVPt/ZasWkf7++SlxqljI8BYczsQTyDhWu1qFpY8HZBL+QwFHO+Ue1\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1777175801\r\nl-request-id: 028119de8af198ea614\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-05-05T02:06:34.461472Z","times_seen":1457,"resource_available":false,"data":null}},"time_used":2537,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2535,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-02","alert":"Sinkholed","trigger":"g99r.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}