{"report_id":"d7ff8092-ab40-4ea2-9ae9-0a81945ceb07","version":6,"status":"done","tags":[],"date":"2026-06-02T09:19:23Z","url":{"schema":"http","addr":"t-mobile.ugamtw.top/pay","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"104.21.41.219","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"title":"t-mobile.ugamtw.top/pay/","dom":{"size":112959,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"f45be191da963fd8baaa024e56017fd3","sha1":"15e36709b372b8207bf424c0ed5125d882fe7ab9","sha256":"6e09b49eb8a78f90982fc13e8f52bb102529333a359cb3c242c570d3b29cad0a","sha512":"fbb9dfaaea12198696e6b8e364fe5f1c300c33852e9b9858e190734c4d2f7fc1222130a4ac0afb6833ab42dca2ade759a0d2e986335952f34e1ad25f1da77d83","ssdeep":"1536:0291yw7fIWQ2xfGXB+Sw7NmqfDQ1a3CWwsH97pijUOMOgO8OEOoOMOIOMOdrji:t/yw7fBQh+Sw7Nr3CWwsVp0fi","tlshash":"01b30971a258303350174fe8f974ef8da373f65acf492226a6e4577466cbc70780aa9c","dom_hash":"domhasheb82c29fceaff0e57c0f9edb7f5208c1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"t-mobile.ugamtw.top/pay","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"104.21.41.219","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-07T09:19:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T09:19:02Z","timestamp":1780391942,"ip_dst":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46842,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-06-02T09:19:02.294274+0000\",\"flow_id\":1356074183962323,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46842,\"dest_ip\":\"188.114.97.1\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"t-mobile.ugamtw.top\",\"url\":\"/pay/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://t-mobile.ugamtw.top/pay/\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":680,\"bytes_toclient\":994,\"start\":\"2026-06-02T09:19:02.274131+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T09:19:06Z","timestamp":1780391946,"ip_dst":{"addr":"34.117.59.81","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":55184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)","source":"{\"timestamp\":\"2026-06-02T09:19:06.560602+0000\",\"flow_id\":597089038502749,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":55184,\"dest_ip\":\"34.117.59.81\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025331,\"rev\":5,\"signature\":\"ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)\",\"category\":\"Device Retrieving External IP Address Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Linux\",\"Mac_OSX\",\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2018_02_07\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0043\"],\"mitre_tactic_name\":[\"Reconnaissance\"],\"mitre_technique_id\":[\"T1590\"],\"mitre_technique_name\":[\"Gather_Victim_Network_Information\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_09_19\"]}},\"tls\":{\"sni\":\"ipinfo.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":911,\"bytes_toclient\":3413,\"start\":\"2026-06-02T09:19:06.527197+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ipinfo.io","ip":{"addr":"34.117.59.81","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2013-04-23","domain_rank":1327,"first_seen":"2013-12-16T07:25:53Z","last_seen":"2026-05-27T18:05:04.167221Z","alert_count":0,"request_count":1,"received_data":514,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"unpkg.com","ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2026-06-01T07:32:20.81408Z","alert_count":0,"request_count":4,"received_data":501936,"sent_data":1802,"comment":"","tags":null,"fingerprints":[{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"t-mobile.ugamtw.top","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-27","domain_rank":0,"first_seen":"2026-05-30T14:03:29.694621Z","last_seen":"2026-05-30T14:03:29.694621Z","alert_count":150,"request_count":37,"received_data":907103,"sent_data":18362,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]},{"name":"Adobe Experience Manager","description":"Adobe Experience Manager (AEM) is a content management solution for building websites, mobile apps and forms.","website":"https://www.adobe.com/marketing/experience-manager.html","common_platform_enumeration":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*","icon":"Adobe Experience Platform.svg","categories":["CMS"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"5e09aa53ccdb2de94e4093d3c52b466c","sha1":"b3d7cfc8788bc9a17a509bfbe34a097de7355554","sha256":"d77fe435701de13d2dac9cfc1f66ed1469a862e0c55a89a45db432652ba059ae","sha512":"bdf88bc17c1389d4650d572f01c01d4c1ab01b868a774863f3b56b535fb6acc9554ff4b586b74e145b6c875531b22438a35bb32e50816ff0c20410d10f96921b","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2166,"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/amex-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}},{"md5":"65e5ef6e1e662df2dfb177d738a34736","sha1":"52300d2f11f13d5ec7694b78951ef029eed486af","sha256":"ed2f990ced5ea2b6e51167148a75ec39a9c3e98e2e16259f31cbf3806d4403a7","sha512":"ee36269a8aecb4af648fbc8c5993f2489e0e0134080c6cb3afa2f365c6227ce8eccc3d21a07f6627bf38cb4e05c31cbd52afd8bccbe9a8bf497e364d9af60c8f","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2052,"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/visa-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}},{"md5":"4c8d90fb3ea4c2d57299eedb41a2e20d","sha1":"d22bd75e679fd93d69269939d855435b87453c0f","sha256":"7a0822eefcd060a8fa86ee2c2e778f59c5eb11e5cd41818f5059aea5c3da3f7b","sha512":"5a4cb1819a56e40527070a8e6613ca2f523a61e989f1c7148023c327f6eae3b124537880b1ad6678e1def808a0e4cbd3f58dea9c363675f3f7a876c81bb60075","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":1239,"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/card-refresh.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}},{"md5":"79a5f1fda4790f8900e278fa7c7d907a","sha1":"34624cbd1976f030b11e49811d02da1121593a4d","sha256":"2889851f4d97b538b546aa51a676dc2100c8fa5710187de45e2875bfbc21ee57","sha512":"34730569aa90502c0ad9238e3fa524af812407639f9c4167a635db169f7b49ceed8d0d499538f1501d21328921a4a2ac6901fa52b44ebaf58325884f976ad0d8","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2379,"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/jcb-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}},{"md5":"a737c47eb9e414d0de0195b5c56a2c6e","sha1":"682755372ff57c42620bb9b7d453c9339df6dc36","sha256":"6cb862862fc8536523b9f6041c8e15ae015d64ce82e062297ec8662017b11819","sha512":"b07d00d705acccca7ac9169a4436c106305b9c720e23715cf630cb26a15680a1562666ab8870a26b8fbcff830dcf20a72686dc6acef0d885c4b1015c0e872d03","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":3638,"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/discover-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d40324326ad355963d258fc8793af015","sha1":"9f4b572ffe203113fc3badaf3ac9a64180f955f0","sha256":"5dc106cf84c7712da5522073bf40ec7f0f0b21f76161bff93d04c1f2f261a3e5","sha512":"d5a49d2b777e7c9a118f6aca139f07d0791813775e4f5334559fdcff1911e8ac063355db253c0220f9fd8c127eda60f910f3341e50a499b406d381fe372740d0","ssdeep":"","tlshash":"7df0225ba593164a5113a26b06fb810c393bd14f2f2ae144323e02f08f25a4934a3af8","size":620,"data":"","first_seen":"2026-04-02T16:12:25.218492Z","last_seen":"2026-06-07T06:03:21.383423Z","times_seen":8336,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T09:19:02Z","timestamp":1780391942,"ip_dst":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.17","port":46842,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-06-02T09:19:02.294274+0000\",\"flow_id\":1356074183962323,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46842,\"dest_ip\":\"188.114.97.1\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"t-mobile.ugamtw.top\",\"url\":\"/pay/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://t-mobile.ugamtw.top/pay/\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":680,\"bytes_toclient\":994,\"start\":\"2026-06-02T09:19:02.274131+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/static/js/main.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5cf5cebedf8ec64d3161e568dc6a6bf6","sha1":"5c9dbbb4e83c72ca1adaf1294c47f2657bc01295","sha256":"6922b69f12163337cbd0ed8be71babe7a717c488e5db389f09618d8efd23a9c2","sha512":"2756056c50398b2d70e66f3f87a2cb333cb95a31b9d5ddad0ca92c4bebe7eeee6fc12113a2da9dccc751d0ed12a460989d2725821dde4d3eec8e80ab1e49bf52","ssdeep":"3072:N5i2qY4caSkTc4m8RB59oI5bkZj30lDGzDK1My5vU1izImNlTEmG2bwqm5RvWIyW:K2qY4caSkTc78RB59oI5bkZj30lDGzD1","tlshash":"e804a60125cc540223064efb765e76e5da293f9fb8090d9ad668bc34b9d6123fee9334","size":185481,"data":"","first_seen":"2026-05-06T14:21:54.430556Z","last_seen":"2026-06-05T01:47:59.127483Z","times_seen":2071,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"620991b106fad7aeb0a217afbeb21c2c","sha1":"b946d34b36a9e4179d384846362e213a3c21e08c","sha256":"1266382339bc43050c3da0ec68f0b444284fcf5bb7ed5ce9b3d13bf91d16e978","sha512":"0eaf6427b2502f9e65051b08d9681997a319b0403c9bac8e9f9a59916eb4275a1df3a3b3f4fb75d33d53f03a425d533627429b91cb998b6afd91a1ccd6634fd4","ssdeep":"96:r8YtoR/XA5MiZo1lc+3zZo1eY3zZo1sz3zZo1Wi3zZo1rf3zZo1OEE3zZo1HP3D:r8YWR/XA5Mia1C+3za1eY3za1sz3za1j","tlshash":"28a16df1b92d947dfe5e84a26618ffa4e48e6895f2780accbd66cc14a0dc1644f0e706","size":4672,"data":"","first_seen":"2026-04-22T13:58:31.590042Z","last_seen":"2026-06-08T13:13:59.39788Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9d32d43cd2989a22f58acefbc5bc1942","sha1":"a85bfe5b5091ee5b1f9aac011fe21f025c3d1cf8","sha256":"2c2e4ecf6fc37d3657587b56cbccccc643bf1e78c4685be763bd24cd280fa9af","sha512":"85a8e194ad277e73331697c0fb3c8c59cd8cfa72992b14842bc904c2fba805e26e3bfdee4307da34e82d7974a151ae3b01bff2c9db15e181f807962265e1891c","ssdeep":"","tlshash":"c9014ca2b96da879fa4f44526619bae1b4093465f2b80accf9a5cc1460dc1714f0e749","size":755,"data":"","first_seen":"2026-04-22T13:58:31.593258Z","last_seen":"2026-06-08T13:13:59.396412Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7d521474ef95fc1ba07e0b19f976c230","sha1":"20641619b4466688d003a51911ad7d1bc7101b14","sha256":"5dd415fdd65640a5552e60166897cfffaf9214e830d1fac9ce9108e66cf6711a","sha512":"8bca4a317bd92148d8b089bc6494b123b66cea208edefbde7392b8731cbcfcba764784f3991f8c2a08505c75a4e95c015d6fcd292532298eb20fff765ac8321d","ssdeep":"","tlshash":"c5f081e6761c647afb8748a2b214bd96941f2891a27409d4dd65c93870d80344f1d785","size":587,"data":"","first_seen":"2026-04-22T13:58:31.584922Z","last_seen":"2026-06-08T13:13:59.391704Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-F5EFWER6.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"e404af09dd04bf3f85ef25ff477f2235","sha1":"c01a359668d3860945f3c1ef49b66bd623ab25e0","sha256":"636ae4031f3d4cec06693504293bcd55d5ea42a0022e579d6c2d01620024054d","sha512":"a49dea23ac5ed1b82c7edaa62d0fbed4195bb48aff92378adcda6891c8d581aba45590892137f314a12e4f881daead6ff63d51696b1075c8f7e1041c1d694b00","ssdeep":"","tlshash":"1d019ecc78b8bef287d25859405feb02e6265451d56a405022edaed4d07c8d789a982f","size":672,"data":"","first_seen":"2026-03-05T17:25:09.886647Z","last_seen":"2026-06-08T13:13:59.36941Z","times_seen":8766,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/dotlottie-wc.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"05981be59a26970fbca1e5a8c7634336","sha1":"579e7098232d88c3a0cb8101b9ad9bd45a3c9f40","sha256":"71bd5d3c6e096c8a6e9a3a3f0acb0dcd5cfc610ac5706ff0251964ec34bc71e5","sha512":"4d31793eb824fbfec3447fd7a4a709d7605e7dcd276c710d599de8c2b059c3935922d3f78a3999ba095ed47eb92df069bbc5d9bb3a98a649aef2c15c4e54feac","ssdeep":"","tlshash":"31c0127be8f0eeb359728c5a80a6c3212a1a88d3d361037491881aac41208db9918ca7","size":187,"data":"","first_seen":"2026-03-07T22:46:23.632504Z","last_seen":"2026-06-08T13:13:59.386782Z","times_seen":8764,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"54f97a4931f20bd3eaf3404f91c825ec","sha1":"5fbb0461b42bb9641391d02c37925a010b6de3f0","sha256":"786136fb4840f0057bc23d355e8e152ca6e4398d93609ffeb93ad2e087678b20","sha512":"c2f6938abd26d2837edd45d2b3b905061977d1e8544bb1fe3fb835aa5989f278ff989fe1df10218be876749eb3192a0781e94ea0e849da0bb6b64afef72aa3a3","ssdeep":"","tlshash":"e5e06151b57c68b2ff4655716325fa64741d2ad272a4cbc479d4cd09e0ec1688f1d30b","size":409,"data":"","first_seen":"2026-04-22T13:58:31.594281Z","last_seen":"2026-06-08T13:13:59.39295Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1fcb5aff16139e8f00699561351f1244","sha1":"8d507ed794d651933f5aa5e04ba1a0489fee5c46","sha256":"d493380d7dee40d9651254dfca50276fa629446fe58b83af74541faa3e98446e","sha512":"42ffcdae7cd41e4b7d0d689f6010adb4a85039c90b8e9f2e1b3a0523e467eac9fe5ac83e8f00669f434757fd4bb520dbd53216573edecc7f2e209c33f2cf44cc","ssdeep":"","tlshash":"251152e1bd2c9969fa4d44a69215fe61e40f7565e2784ecc7d75cd24f0c81744f0c306","size":1051,"data":"","first_seen":"2026-04-22T13:58:31.599041Z","last_seen":"2026-06-08T13:13:59.391033Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/main.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5cf5cebedf8ec64d3161e568dc6a6bf6","sha1":"5c9dbbb4e83c72ca1adaf1294c47f2657bc01295","sha256":"6922b69f12163337cbd0ed8be71babe7a717c488e5db389f09618d8efd23a9c2","sha512":"2756056c50398b2d70e66f3f87a2cb333cb95a31b9d5ddad0ca92c4bebe7eeee6fc12113a2da9dccc751d0ed12a460989d2725821dde4d3eec8e80ab1e49bf52","ssdeep":"3072:N5i2qY4caSkTc4m8RB59oI5bkZj30lDGzDK1My5vU1izImNlTEmG2bwqm5RvWIyW:K2qY4caSkTc78RB59oI5bkZj30lDGzD1","tlshash":"e804a60125cc540223064efb765e76e5da293f9fb8090d9ad668bc34b9d6123fee9334","size":185481,"data":"","first_seen":"2026-05-06T14:21:54.430556Z","last_seen":"2026-06-05T01:47:59.127483Z","times_seen":2071,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f31ede360cbde08d7cfac7f3426c7a43","sha1":"6349c983b5c4a17237ff508e482da93c69ba338f","sha256":"70158027dd5915af731522fc53be17db1e375995dbbec1017d41af2f46e59e37","sha512":"21197b07313d1bf482a8026c8a5769bfa44c912169e2c49089f2941805170b505d6b3579c4d3751031bc4d856653b915952ef45ff1f989dbcf6cead3a39a5494","ssdeep":"","tlshash":"d870008002820f3088e00002832a2a082a08a0b08020a00020820c0a2a820230028a82","size":24,"data":"","first_seen":"2026-04-02T16:12:25.222128Z","last_seen":"2026-06-08T13:13:59.394991Z","times_seen":8336,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T09:19:02Z","timestamp":1780391942,"ip_dst":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.17","port":46842,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-06-02T09:19:02.294274+0000\",\"flow_id\":1356074183962323,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46842,\"dest_ip\":\"188.114.97.1\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"t-mobile.ugamtw.top\",\"url\":\"/pay/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://t-mobile.ugamtw.top/pay/\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":680,\"bytes_toclient\":994,\"start\":\"2026-06-02T09:19:02.274131+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/axios.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1eb8e8e2284670dc214a3e70c25992b8","sha1":"94ece417aa560aa8de906e8f54c0985da90364cc","sha256":"96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455","sha512":"ae6cce74fa46a0ee1b00245f7da885ace7bd608d96152f3b4d9b2c1e66d53cbf5c1f298d1eb60cdf4a17a14296edc2fec63c22a7cf968025911ebe9272f7d49e","ssdeep":"768:iE/e1fRWqcYe4Q2q3jetDArR2d1mP2EduTgeIQN/s:VGoqcY22q3GASme1k","tlshash":"0a1385c6fbd57803b51630a98e8f754a76b4d05374046ca5bc4cb9e83fd883c86e6a89","size":42736,"data":"","first_seen":"2023-03-08T19:53:18Z","last_seen":"2026-06-08T13:13:59.385572Z","times_seen":25369,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b5f085b92dba82d8748d7a6a2b772174","sha1":"2f380a4a8bb394a0fcbd2ff5299d63e25f452195","sha256":"61cd773491c08cd8ca3379e18ac76d1bbce673ebdece036f64e99e149d83dd7b","sha512":"526538146106608617e98d0fc2802a6f1e1444b4724a48ded76b9e29ee0815880462de736889b2ec8d57d80c99af1c653452566b55f64f9e14d6d388c085c2f4","ssdeep":"96:r6tR7wDtRQnO7oxYDEjEB2qc8qSOgynPO9epEFRdMAloOSn/AloOSnvAloOSnUtI:r6tR7wDPQKkYDEjI2q/qiyPGaEFRdMA+","tlshash":"cab14021ba1c443dfa5f55a5a21cbb95a48ea510f32902dc8fdacc3491ed3210f7a3cb","size":5509,"data":"","first_seen":"2026-04-22T13:58:31.592199Z","last_seen":"2026-06-08T13:13:59.390434Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/vue.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d510c12b589a26e2c72f65a1e726a347","sha1":"61131c8e8cc4151fdc2d89e21f95ee27a76710c1","sha256":"d535a5f003b5350e4753025226c81f30cf883edb0ddc01901a31e49f0a9740b5","sha512":"a31326ea137759a06e3c7d26f26ca4adfe31bcc7b96cf24710bf6ef0cc1ae778b883f2f838145e8c615dcaeff42fc8118bec25d83eff4077ed24e67a20ddb945","ssdeep":"1536:DUXY7qLtpHt2P0e1mZ8I6H82RaLPMBlo5VV2B/S/r:SYeJpN28efKMBlmV00/r","tlshash":"c29308dc7299b07157eb31f1107f140bf2365a19ac0ec194b222e4e67cb984d92abe7d","size":93674,"data":"","first_seen":"2025-12-05T15:25:52.043787Z","last_seen":"2026-06-08T13:13:59.367888Z","times_seen":21973,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-SI7D3PZW.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"4915cbe555f5ca0aa6534f7592c55fd1","sha1":"01683f93f73717af0c3fbb9a6aba1c1cc72188e6","sha256":"30fd7438846b02993a472074e050860ad1b4638f5f36a9f07940fdd741aaab85","sha512":"eb5f9b688df0c4e82837699361394f865eb2736882f3b5d8f46fab3c58384c805ebe827297941144bbc2dc11dbf7f04c3429a53a8d774ee6e4f836c35b81ff2b","ssdeep":"384:fHOyHjPQ5GnHixKWPY1rVdeqGRUkKpvKtvV3jM4:vD3nHixKWP+rVdgrKpvKlVw4","tlshash":"16a2d88076f994b34ad582d6dc79460fe250349c682e846dfa7ca6ef1938f41a1ec732","size":23376,"data":"","first_seen":"2025-08-04T13:12:55.035191Z","last_seen":"2026-06-08T13:13:59.389263Z","times_seen":8886,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"330f0a651d2a14889d9ca443aeb2599f","sha1":"4f3965b63826fb10cb3cda48f5bd0c159d3c9adf","sha256":"a00e0636e1cb0622d7a15e787f2ed4afe0b336b56dc4c2b9bd7a1632ed4b2f64","sha512":"1844ff0f534241d7bb716ac1bb70e626964b8372d232eab384bedfd5d6c73e5ca7057d14dcce2993d03cba5cfba0927e1441e24d651de07a8d1fed4d19c0c2f9","ssdeep":"","tlshash":"d8d0972aba502c3032b3983faedf7b043a3701832c02cc21197c8b54af305c700e29e8","size":257,"data":"","first_seen":"2026-04-02T16:12:25.230893Z","last_seen":"2026-06-07T06:03:21.388501Z","times_seen":8296,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T09:19:02Z","timestamp":1780391942,"ip_dst":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.17","port":46842,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-06-02T09:19:02.294274+0000\",\"flow_id\":1356074183962323,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46842,\"dest_ip\":\"188.114.97.1\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"t-mobile.ugamtw.top\",\"url\":\"/pay/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://t-mobile.ugamtw.top/pay/\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":680,\"bytes_toclient\":994,\"start\":\"2026-06-02T09:19:02.274131+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/static/js/common.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"11bc430ea0744025255479ef2b10e7a4","sha1":"0be79c6cf7a72087b5ebaeddfafbbe3fb0db3b02","sha256":"04c41f93da87bbadffc2cfeca91e958c6e1645ecd751e94db05ebbda362894a1","sha512":"87986c65ccf6a8f9049c9edd34e365a07049c0ec30ceb89a65818b0f46445ce6b3012c2b2f9a28bd6e8da75b2ea03ea4dd491ddc469abd442b09e8100166d55d","ssdeep":"","tlshash":"f6113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","size":998,"data":"","first_seen":"2026-04-22T13:58:31.569315Z","last_seen":"2026-06-08T13:13:59.37863Z","times_seen":6656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/common.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"11bc430ea0744025255479ef2b10e7a4","sha1":"0be79c6cf7a72087b5ebaeddfafbbe3fb0db3b02","sha256":"04c41f93da87bbadffc2cfeca91e958c6e1645ecd751e94db05ebbda362894a1","sha512":"87986c65ccf6a8f9049c9edd34e365a07049c0ec30ceb89a65818b0f46445ce6b3012c2b2f9a28bd6e8da75b2ea03ea4dd491ddc469abd442b09e8100166d55d","ssdeep":"","tlshash":"f6113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","size":998,"data":"","first_seen":"2026-04-22T13:58:31.569315Z","last_seen":"2026-06-08T13:13:59.37863Z","times_seen":6656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"fac4a5d1a80b033d00af734f380773e1","sha1":"49e13c1fd0445ac0cb246e7369d34809ab858b99","sha256":"ffa15a3fcbfe7aafe01b24346e81dc11e680a3677234f0f9109f4face95e6a0d","sha512":"a9095527fb760aab345c5d19322d209e8070483a3a9b7da4a982fd73cdd411100db42b4f3a6d94d3fe83c67d8372eaf3a21f6dac01522808894b3b2982d6b79d","ssdeep":"","tlshash":"b2e0c0427dad5979f6871461610dfed4b10d34d2227487c8fc518d1890ec1309f1d281","size":364,"data":"","first_seen":"2026-04-22T13:58:31.596011Z","last_seen":"2026-06-08T13:13:59.393619Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"505375313aa692d3e2bfdd5db1e6dfd6","sha1":"9a786a64ee387cdfa5c2f2ee2533652be41e9b89","sha256":"3256521f1fbbd927ee033888414242ff8165c0f13f8af7e12c90074bf05d3959","sha512":"ecbe7448957d4a1ea17b0878b2e008041e1d8405ea4d8ff9244e166ce768d6b0ff63f130d26c406c94a7cb2c355dd251fd0105100713cb75c216c447bd82611b","ssdeep":"","tlshash":"53e02095f56d6872fdd70511731d7f54650d249255b44ac8a891cd04a0fc1398f2e259","size":347,"data":"","first_seen":"2026-04-22T13:58:31.601109Z","last_seen":"2026-06-08T13:13:59.392318Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"41deda792475703b92059b83651a2e1a","sha1":"f4187058a8be3d3a231ce5b318813a560e076768","sha256":"a61a61b0a4a9a134e4758ad8c0c22ae940480591c7f75f9e38f79b8cab0b9274","sha512":"6a07fe7b502cfa83df0130ca96d44fcab1bc8fd7161a895c8d73152c3a7dafd3ef3e8222fad3a487c339d4bfa3afa0278ecea99cf4eeac1289bf2c09bc61247e","ssdeep":"","tlshash":"ca118ea1785d943dfe4b41916129bfe0f44f94e4e2b80eccfda58c2460dd0648f1e385","size":863,"data":"","first_seen":"2026-04-22T13:58:31.588951Z","last_seen":"2026-06-08T13:13:59.397147Z","times_seen":6663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-B6AP7WKV.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"aea1f7a12b77f053393b67da3d1b2d3f","sha1":"7e8a73d43eb55f2c71d13462612b76ff1ca25868","sha256":"616548b059f0f23b65788280822758eb77f06ef32e87bb5c0a5f095c551c8ded","sha512":"7e54a44f9323341e085f6fb3e9827317a02e6860ade964878538b7a61c2d86ec0ac519fa88b298d01445792e818db67e9f0b704e20240dc1e65d91b7627ec7a8","ssdeep":"1536:LRmQu62qGsOOAPqfsPSQVLOavQuwQh7qsu/2/eC//m1P67tOTcMUPvEsjJwyHiDr:VmQTuifsPbzw","tlshash":"c4a4e5b2738817a6e5480ae94164a20bd4fad42d342525ccebf6b797f43d9a2fc1c374","size":474281,"data":"","first_seen":"2026-03-05T17:25:09.904767Z","last_seen":"2026-06-08T13:13:59.388639Z","times_seen":8767,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/favicon.ico","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:04.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.ugamtw.top/pay/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Tue, 02 Jun 2026 09:19:04 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X96opnZIzcHbBQo%2BRQy2wSVkXUAWIChl10gUmRmiCDWn5k%2F3qoT3B8T3TitnKUlnddinX0DaO4cI1fNsOAwBsdvcMEc4uVMd%2BtfoF4k8kuJ1fmUTRb97xzllm3dx6xsGmxLvlpEy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: a0555fd479960731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9dfbd7e99e132fd86ed8ff3d66904eae","sha1":"3b6cfd18c7f229cd1528e11a1fcb54866eb3f8ee","sha256":"758ffcf079c7b23a158749ccb1b86332638b7d351ca78d8786b1b44728147cac","sha512":"2c4132a687c3490beb3f4567eb448fb1f00675a03a31e92b12751d7d1876b2761f6def087974d293b7e89de1dae44bb61f7cd7e6d0fd47a346ddc9ed52166504","ssdeep":"","tlshash":"85c02b6d6413bd0c8663307676c370a0c1978337f57f41214440805730cf2998ac33ab","first_seen":"2026-03-29T21:20:52.625242Z","last_seen":"2026-06-08T13:56:06.284034Z","times_seen":8349,"resource_available":true,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/img/img_4f8a997287f0_enw7i2.svg","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/img/img_4f8a997287f0_enw7i2.svg HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\netag: \"27dc79c0cd6657cbd004e11b685e766f\"\r\ncontent-encoding: gzip\r\nage: 1382\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wxf4LyRh87BkhN0zhAUQeudw3nmmb3zwXMlbq45yic8VEBasB3b6f3MNsgklSv1SsK61VSmg28LBFyADfeLVEPFsBQ0x9SoEwd3bhSReBRXKgD%2BlWL%2B5Rm%2FIo4HQQpzz8SaLj6kt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fdedc910731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":619,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fdd33df4ffa57fedd898b0eba7d03161","sha1":"ed766c35d5f28916440c869eb35b9f9fea1a51fd","sha256":"35c7dab49ed926b15da52e696311911e95d9a3a44ccfea0896b61e25eabefaa0","sha512":"f598c93eba458fa5fd57a43b216ec2c3646934fe59d40c1097884fa4430f9b131bbd61a88ccf24c4d69d2e221980c62498cce1c9b9be37a5b8eb96113b6d7b9b","ssdeep":"","tlshash":"ccf04c90b6c43859c75a0e358d1ebcc71b9b35a9a6a058bca04c184a34e3982bd8a5dc","first_seen":"2023-05-01T16:32:11Z","last_seen":"2026-06-08T13:13:59.389837Z","times_seen":12938,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/img/img_12b4cf3cd4ac_74bqpd.svg","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/img/img_12b4cf3cd4ac_74bqpd.svg HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\netag: \"891f9ff71147a98e439653d34ca6c4e7\"\r\ncontent-encoding: gzip\r\nage: 1383\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L1gQoxmPJUCdOY0A0AXPxE3lpMwr0%2FQoCDiAyV1unEcgKTrZhmB%2FB%2BIjLN9dKEC6a%2BjX0IVNZVH383iWCJV72bhmHw3j4n8ycvy7C0UFoKO6afUec2sdqQhgSdQmqldhW74bFLn4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fdf9ee40731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7002,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dd113a4a8f65fc8090a2ca3fe449616e","sha1":"cb541cbddae2c4402de47f9ddcdf97700b4aefa8","sha256":"d668fe7e2cb2720b0a3f77f441a0b9e8045ced8de9e25726f8586cd35a27e270","sha512":"957e5c6a084c89bd7a374cea03de65a868296005652771d65adbaffff5685b2207bd7b9c5e944169edbdc46ebd5f941726a0a2c28738d42d7bf27390af853cd1","ssdeep":"96:pvDBc6X9Qfih19OH7WMu+Yk6nJFZHdC1f1Y3JwraNlx4qHdCwV1YvbVlyh0Y4rc:pvm6NQfih1Y+JFZ9B3+aj90vbG0xc","tlshash":"a3e132518220e27d1947c518cf6b82f02a1f90e9f75fa39976e3d775a08bdd9f800a78","first_seen":"2023-07-14T05:43:07Z","last_seen":"2026-06-08T13:13:59.3766Z","times_seen":12761,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/common.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/js/common.js HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1383\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EDta5APd%2FueS11sQ6btWsgejQwsGpNAl9O3LYRPCeD0NrfK24pL2Kc6p5OTRHdEdjqnQorrrPmRGrgGC676NbANBfQ0sb0uGmM53XLDEdmoaf5VQam3Y1ksGL1yZnCBpFpn%2BrO%2Fw\"}]}\r\netag: W/\"e04fd8ec70c1f2a9683cd239babee24e\"\r\ncontent-encoding: br\r\ncf-ray: a0555fdfaf040731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":998,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"11bc430ea0744025255479ef2b10e7a4","sha1":"0be79c6cf7a72087b5ebaeddfafbbe3fb0db3b02","sha256":"04c41f93da87bbadffc2cfeca91e958c6e1645ecd751e94db05ebbda362894a1","sha512":"87986c65ccf6a8f9049c9edd34e365a07049c0ec30ceb89a65818b0f46445ce6b3012c2b2f9a28bd6e8da75b2ea03ea4dd491ddc469abd442b09e8100166d55d","ssdeep":"","tlshash":"f6113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","first_seen":"2026-04-22T13:58:31.569315Z","last_seen":"2026-06-08T13:13:59.37863Z","times_seen":6656,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ipinfo.io/json","fqdn":"ipinfo.io","domain":"ipinfo.io","tld":"io"},"ip":{"addr":"34.117.59.81","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipinfo.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 16:36:00 GMT","end":"Sat, 01 Aug 2026 16:35:59 GMT"},"fingerprint":{"sha1":"06:75:C4:FB:38:6E:E1:2E:FA:EB:1F:53:64:D4:A8:68:81:AA:9A:4A","sha256":"74:4A:07:24:C9:DA:4C:BA:4E:1D:C1:1D:2D:9D:6B:AD:65:55:3E:08:89:78:B2:E0:36:DF:14:3D:B1:7E:BD:21"}}},"request":{"raw":"GET /json HTTP/1.1\r\nHost: ipinfo.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://t-mobile.ugamtw.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-type: application/json\r\ncontent-encoding: gzip\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\nvary: accept-encoding\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":280,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"adf22d9a8ca3a97a9ff78909b8702358","sha1":"f5046826566a7e98d6b5e5c7b0a65677c3bde708","sha256":"756edd1454b049c1370e83c864bc93dfdd82f44d8f9752b3068e5a11867a5de3","sha512":"182391c8c01e54481853a09aa4cf8072496850e45863b198721d0d572e3aa93d8fe11a90bfb24cf97fa64cc132f1594c379474db65db5a1d2207694f770443b9","ssdeep":"","tlshash":"c3d02b6621341b37aeed455c8406960622656e1f1642369f0fe72b0c100c87334f03ae","first_seen":"2023-04-17T17:28:07Z","last_seen":"2026-06-07T07:46:18.554959Z","times_seen":58786,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":67,"dns":19,"connect":16,"send":0,"wait":142,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:06.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: gc4eFxEcyljTIWKOyXSYCA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:07 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=GPvLZWxG8xUj8z3fMfnfsR7MRsYeKFTtq8wVaXCqUSxntbX0sXS4saVZkw2JBlDe2nKlHca%2FuwlwxKIBrq8YlS032oj3JzfDUig6gbkbfc5WKGVJ4qWeQlIkRDChU8gGrKeL1G1M\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0555fe22e3b1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1001\u0026min_rtt=500\u0026rtt_var=1010\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2416\u0026recv_bytes=1383\u0026delivery_rate=1094482\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=f57265ee6f64a1b7\u0026ts=686\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":703,"timings":{"blocked":-1,"dns":4,"connect":5,"send":0,"wait":667,"receive":1,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-SI7D3PZW.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-SI7D3PZW.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://t-mobile.ugamtw.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a0555fe24c894c11-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KQKWWZNXRCFCJ761TVPXY2VH-fra\r\naccess-control-allow-origin: *\r\nage: 43540\r\ncache-control: public, max-age=31536000\r\nexpires: Wed, 02 Jun 2027 09:19:06 GMT\r\nlast-modified: Fri, 29 May 2026 18:02:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:MP10OIRrApk6RyB04FCGCtG0Y49fNqnweUD910Gqq4U=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23376,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (11535)","md5":"4915cbe555f5ca0aa6534f7592c55fd1","sha1":"01683f93f73717af0c3fbb9a6aba1c1cc72188e6","sha256":"30fd7438846b02993a472074e050860ad1b4638f5f36a9f07940fdd741aaab85","sha512":"eb5f9b688df0c4e82837699361394f865eb2736882f3b5d8f46fab3c58384c805ebe827297941144bbc2dc11dbf7f04c3429a53a8d774ee6e4f836c35b81ff2b","ssdeep":"384:fHOyHjPQ5GnHixKWPY1rVdeqGRUkKpvKtvV3jM4:vD3nHixKWP+rVdgrKpvKlVw4","tlshash":"16a2d88076f994b34ad582d6dc79460fe250349c682e846dfa7ca6ef1938f41a1ec732","first_seen":"2025-08-04T13:12:55.035191Z","last_seen":"2026-06-08T13:13:59.389263Z","times_seen":8886,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-B6AP7WKV.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-B6AP7WKV.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://t-mobile.ugamtw.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a0555fe24c854c11-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KJQ8X5ED1557NAS2RRARVX05-fra\r\naccess-control-allow-origin: *\r\nage: 43540\r\ncache-control: public, max-age=31536000\r\nexpires: Wed, 02 Jun 2027 09:19:06 GMT\r\nlast-modified: Thu, 21 May 2026 20:43:47 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:YWVIsFnw8jtleIKAgidY63fwbvMuh7tcCl8JXFUcje0=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":474281,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21615)","md5":"aea1f7a12b77f053393b67da3d1b2d3f","sha1":"7e8a73d43eb55f2c71d13462612b76ff1ca25868","sha256":"616548b059f0f23b65788280822758eb77f06ef32e87bb5c0a5f095c551c8ded","sha512":"7e54a44f9323341e085f6fb3e9827317a02e6860ade964878538b7a61c2d86ec0ac519fa88b298d01445792e818db67e9f0b704e20240dc1e65d91b7627ec7a8","ssdeep":"1536:LRmQu62qGsOOAPqfsPSQVLOavQuwQh7qsu/2/eC//m1P67tOTcMUPvEsjJwyHiDr:VmQTuifsPbzw","tlshash":"c4a4e5b2738817a6e5480ae94164a20bd4fad42d342525ccebf6b797f43d9a2fc1c374","first_seen":"2026-03-05T17:25:09.904767Z","last_seen":"2026-06-08T13:13:59.388639Z","times_seen":8767,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/amex-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/amex-card.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:07 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:51 GMT\r\netag: W/\"e8ae6611b3b32bed0bff1e9023d30cc3\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7IYhzn24Yy3T96L6ZIoiBjgQAevAQScWOCfVMfE2c15B7EZMcWUpmNrb0%2BRbpSw2LjGpO54MCiGrj7A6UTfdQa1epIjuaNAc0cj0H8Zis0ZK0zkBj1NbaAzS8mhJ7CKhsZH3Oxcy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe369f30731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2166,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"5e09aa53ccdb2de94e4093d3c52b466c","sha1":"b3d7cfc8788bc9a17a509bfbe34a097de7355554","sha256":"d77fe435701de13d2dac9cfc1f66ed1469a862e0c55a89a45db432652ba059ae","sha512":"bdf88bc17c1389d4650d572f01c01d4c1ab01b868a774863f3b56b535fb6acc9554ff4b586b74e145b6c875531b22438a35bb32e50816ff0c20410d10f96921b","ssdeep":"","tlshash":"0e5119984516d7f2c6a6a2b4e6b78a822d7c220096c2ac91f90dc755ab69d9d248f0c0","first_seen":"2026-03-07T22:46:23.63844Z","last_seen":"2026-06-07T06:03:21.364267Z","times_seen":8629,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/maesteo-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/maesteo-card.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:08 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:50 GMT\r\netag: W/\"3ce76fca14aab23555370ce949f7129c\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q0Rv69KtRavMzUQ9lJFklFILmzmJr4KYkgkEhVSWeAJYNuiUd2FeHapJ%2F5FrUEzXnI%2BiwC4oLayUPPcLCBc2lbPSVLdcl%2F0aETo44vwl0gFu0o%2BP6lwim878k6q%2FGNlbFlOXLshZ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe369fb0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1558,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"0321fb9bd8d28f6be9155b77acf17796","sha1":"1302e19d1355d631045ce5baab59725c75ee7a3a","sha256":"042935812e0fb44617d7cbb2f32bd6693c6a33377630554ed79e1fad7d877d9c","sha512":"58a3e38ccdf76ab61b0348bcca5a7b9c181ffeaa5067b951ff917c3b0cf9c59f48742fd524df3c0c994b4a2803ee17b6c4f4737061e8ddb2c954adba1a85b5ae","ssdeep":"","tlshash":"c74109169be18f69e1d2273844e34c8358791351e0d6ec56dc45a414a936774ee8d234","first_seen":"2026-03-07T22:46:23.635014Z","last_seen":"2026-06-07T06:03:21.380963Z","times_seen":8636,"resource_available":false,"data":null}},"time_used":1407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1407,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/img/img_326865703d0f_4uk8ra.svg","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/img/img_326865703d0f_4uk8ra.svg HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\netag: \"630a32ce7ecdb022db75cf8fdabab0b5\"\r\ncontent-encoding: gzip\r\nage: 1382\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GV3H%2BMWFAFlA%2BQfcnlc%2B95UKmWrayms27myG4l4rZkKVHaWJ%2B2fkzUwj71QfY27EMUgcX2JBtmRfRBdtW6GAuhqG7qdxemyoRvHGj0EcyT%2BNPzGkwpOqGdIQgyG3HJUpiRfJaVWi\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fdf9ee70731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5927,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1ca722900e870f6a187940962e40e3b5","sha1":"6cafa77a6b0906eb8ac5c9561d241b19953167d1","sha256":"3cce84d34c3f04a3d2f337e6c9fca5f2daac9bbf26b1139cb2c7afb209900b06","sha512":"f9e1ec955b7e02e169685c44f1d9ea17cddddbdc7efca08e2545f75cad18dc05bf36be595f91f0d98f4adeba58e1bdfb1d6befea19754ed19bb58935bafef485","ssdeep":"96:pGTOuRVWi3V+bB/ZK0XpZSUe7SBeyUV5ELrlRnrX955kzdQM0LhB99V:pf6ra/ZdSUe7SBeuHnJV9LhBV","tlshash":"acc17555a205e87bd55bc32ccf7a82f1232f50dbb64d53a872b6cb369018ad2dc01f68","first_seen":"2023-07-14T05:43:07Z","last_seen":"2026-06-08T13:13:59.382062Z","times_seen":12755,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T09:19:01.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Tue, 02 Jun 2026 09:19:02 GMT\r\ncontent-type: text/html\r\nlocation: http://t-mobile.ugamtw.top/pay/\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=REFcSl%2FDSnTtPh7fzn8PZfkaQSuDVlWIkr%2BS2Dc1z1Z3u6lCVYziCzZrbJORRbqBv0jYc2N92nvJ00ZbyjkpeDZqj1mBNpqeyyCN46gGlXCgcntfN7wRCg3Vdz49AH780U9DJS9k\"}]}\r\ncf-ray: a0555fc598073181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1541,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":354,"timings":{"blocked":55,"dns":36,"connect":1,"send":0,"wait":244,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:05.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: 3gByLge+vrtC0c7HgezKAw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:06 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=G%2Fg%2FwokuuADaa16wG4UVcfpYEP7eGhYJieixuHSxJItlKBjBuI3Kov2osvV2DgdL01Z61isGjpK%2ByhAz2hbgFi%2Bq%2BShjFDDLBxfu1OYMmxKgaoJLmeBfSzlf5DQbJuSUNiWUarYr\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0555fdbf8e6b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=2888\u0026min_rtt=2563\u0026rtt_var=1009\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2342\u0026recv_bytes=1254\u0026delivery_rate=1125972\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=5f1d3f05447ff0e3\u0026ts=430\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":438,"timings":{"blocked":0,"dns":1,"connect":3,"send":0,"wait":410,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/font/img_703fe0b04e0a_kgxkvs.woff2","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/font/img_703fe0b04e0a_kgxkvs.woff2 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.ugamtw.top/pay/_frame/static/css/docaflld7944.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 52788\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\netag: \"5ad8af9d1ac433ac90ef64a15b0c1661\"\r\nage: 1382\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7ringeiII9CBeiCtJKd6uuco0Ov0YTaznaemNmNd6%2FN9t6RSnhqeo97w0gpT40mruhOo2Vddj0GkIioWRDmE8JEQxlldfeEWsoeDpD89LAzbPfg2XWXAVt%2BfIMY6Hzwbr1unTzf0\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fdff80b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52788,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 52788, version 1.458","md5":"d8842e36f35731681aba49045b6cca9e","sha1":"3596365c47164d04b52e4baefdb618b29f22fea6","sha256":"c71a1aed463745d39ba361341c9274210142537418e4129708fdf83e20807ed5","sha512":"e9b382ba06b9d9212022d6633e4b6ac4482402c103a9d8a1b6867334ffe22e0b352b8914340151aeb5cc5cfd7982eb6346d0241eb2dcab1e40dca2c5c71e936d","ssdeep":"1536:KpsrYGE2WIStZnXnO33nV+S/WMnme9Zmxfp:Y2+k3vOle9Zmb","tlshash":"b7330183daf4fba53f6ed5cc106e447b45136e8fc1e51b22b61e97ea440017ad341b26","first_seen":"2024-11-27T04:08:46.934326Z","last_seen":"2026-06-08T13:13:59.386157Z","times_seen":12858,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-F5EFWER6.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /@lottiefiles/dotlottie-wc@0.6.0/dist/chunk-F5EFWER6.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://t-mobile.ugamtw.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a0555fe24c844c11-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KPV1Y1CS5AH9PAS12WMRKQWT-fra\r\naccess-control-allow-origin: *\r\nage: 43540\r\ncache-control: public, max-age=31536000\r\nexpires: Wed, 02 Jun 2027 09:19:06 GMT\r\nlast-modified: Thu, 28 May 2026 15:29:55 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:Y2rkAx89TOwGaTUEKTvNVdXqQqACLledbC0BYgAkBU0=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}],"data":{"size":672,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (629)","md5":"e404af09dd04bf3f85ef25ff477f2235","sha1":"c01a359668d3860945f3c1ef49b66bd623ab25e0","sha256":"636ae4031f3d4cec06693504293bcd55d5ea42a0022e579d6c2d01620024054d","sha512":"a49dea23ac5ed1b82c7edaa62d0fbed4195bb48aff92378adcda6891c8d581aba45590892137f314a12e4f881daead6ff63d51696b1075c8f7e1041c1d694b00","ssdeep":"","tlshash":"1d019ecc78b8bef287d25859405feb02e6265451d56a405022edaed4d07c8d789a982f","first_seen":"2026-03-05T17:25:09.886647Z","last_seen":"2026-06-08T13:13:59.36941Z","times_seen":8766,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/api/open/addClick","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:08.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"POST /pay/_frame/api/open/addClick HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 268\r\nOrigin: https://t-mobile.ugamtw.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:09 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 119\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: WWW-Authenticate, WWW-Authenticate-username, WWW-Authenticate-userid\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9bk0t2wvnC1tIBKsLwa2m%2FNdDoZ1tmveTd1Tew7KT0pg%2BuFvUV3I0LKl2Z6ukvhwvJfPvZ431B%2FLi%2FhbzXnmjOJlRSTpuYj94HbBOmOm%2BFrvssqOBcM%2BRgQUTHo5I4XefkAV2B55\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fed9a480731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":119,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"fde105fd05a900357d0bc7acf9e25937","sha1":"ecec730888be7597981aaef89229c93d0abb2c38","sha256":"f9ecede8151ed957ba03872251893eb8cbc6cb88f250cf1a04e67d04950b49c2","sha512":"c535ca7d145e974e9fb67e5465ea9fd8d970da77ad25e50a8b2eba984f44530624fe98a4ea24f67f8b745706db615ba3205fea97406e9e30bf05891dc4fb0aab","ssdeep":"","tlshash":"b0b02b006330340c4748b40818512005f9f846558111834510a101c4100cc6f000e47f","first_seen":"2026-06-02T09:19:27.370162Z","last_seen":"2026-06-02T09:19:27.370162Z","times_seen":1,"resource_available":false,"data":null}},"time_used":926,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:15.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: qFcKrBT9TWNKZZSNFqBT+A==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:16 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=DGMqifSpCkurCBTVyjf1tycuwtCRl6Lypr9iHLYo940lzib0PBTl1IB4oz1qfBogMIGGnW35eQTWf1sXa8850EoLahhYQcFJs6AtaVXEold%2Bd%2FvPW1U1uOrqStTzd%2Fz3c%2FBWeltr\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a055601bb84b5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=554\u0026min_rtt=517\u0026rtt_var=211\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2341\u0026recv_bytes=1254\u0026delivery_rate=4221574\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=dc5164327e75ab35\u0026ts=901\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":908,"timings":{"blocked":3,"dns":0,"connect":1,"send":0,"wait":890,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/axios.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/js/axios.js HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 00:21:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1382\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J3fxnhUmCIZwdPKfGO9PoTrkt5Dbvp2jOhE6p3K5l2jTGRakQkL2sqJ1eFCT0tJfXSMfYy2qgkKqCqv2E5DLacEqk0KYGy1NZCmxdNpUB0gU7T3Ed89KIf7FuPWvhbjn8VJw6OIr\"}]}\r\netag: W/\"71dde40d8ba45ce99df015e131e46e85\"\r\ncontent-encoding: br\r\ncf-ray: a0555fdfaf080731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42736,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"1eb8e8e2284670dc214a3e70c25992b8","sha1":"94ece417aa560aa8de906e8f54c0985da90364cc","sha256":"96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455","sha512":"ae6cce74fa46a0ee1b00245f7da885ace7bd608d96152f3b4d9b2c1e66d53cbf5c1f298d1eb60cdf4a17a14296edc2fec63c22a7cf968025911ebe9272f7d49e","ssdeep":"768:iE/e1fRWqcYe4Q2q3jetDArR2d1mP2EduTgeIQN/s:VGoqcY22q3GASme1k","tlshash":"0a1385c6fbd57803b51630a98e8f754a76b4d05374046ca5bc4cb9e83fd883c86e6a89","first_seen":"2023-03-08T19:53:18Z","last_seen":"2026-06-08T13:13:59.385572Z","times_seen":25369,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/dotlottie-wc@0.6.0/dist/dotlottie-wc.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /@lottiefiles/dotlottie-wc@0.6.0/dist/dotlottie-wc.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://t-mobile.ugamtw.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a0555fe1cac54c11-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KQM273C31QMZ7DG39842JETZ-fra\r\naccess-control-allow-origin: *\r\nage: 43540\r\ncache-control: public, max-age=31536000\r\nexpires: Wed, 02 Jun 2027 09:19:06 GMT\r\nlast-modified: Thu, 07 May 2026 04:55:06 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:cb1dPG4JbIpumjo/CssNzVz8YQrFcG/wJRlk7DS8ceU=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}],"data":{"size":187,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"05981be59a26970fbca1e5a8c7634336","sha1":"579e7098232d88c3a0cb8101b9ad9bd45a3c9f40","sha256":"71bd5d3c6e096c8a6e9a3a3f0acb0dcd5cfc610ac5706ff0251964ec34bc71e5","sha512":"4d31793eb824fbfec3447fd7a4a709d7605e7dcd276c710d599de8c2b059c3935922d3f78a3999ba095ed47eb92df069bbc5d9bb3a98a649aef2c15c4e54feac","ssdeep":"","tlshash":"31c0127be8f0eeb359728c5a80a6c3212a1a88d3d361037491881aac41208db9918ca7","first_seen":"2026-03-07T22:46:23.632504Z","last_seen":"2026-06-08T13:13:59.386782Z","times_seen":8764,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":24,"dns":1,"connect":1,"send":0,"wait":19,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/visa-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/visa-card.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:09 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:50 GMT\r\netag: W/\"80142bea315608e5cc389ee8d42c347c\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fg69XP9GnKweOSVyZLRTx6aHM1DtjEHMMA0W2VXG2yACNY1PZBHj6N7UfN1r2MEZHGy3Agbigga80HUUqCPq2M8DaDx%2BF5NcgxwI%2BpYpK3EToc9DWiehOyvZw1gAGxmKHkYX6Z5G\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe369ee0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2052,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"65e5ef6e1e662df2dfb177d738a34736","sha1":"52300d2f11f13d5ec7694b78951ef029eed486af","sha256":"ed2f990ced5ea2b6e51167148a75ec39a9c3e98e2e16259f31cbf3806d4403a7","sha512":"ee36269a8aecb4af648fbc8c5993f2489e0e0134080c6cb3afa2f365c6227ce8eccc3d21a07f6627bf38cb4e05c31cbd52afd8bccbe9a8bf497e364d9af60c8f","ssdeep":"","tlshash":"c4515a181450b319e8b1a3ff38ca1d03f68fce46d5428d02d010d2f132ad70a8eeec95","first_seen":"2026-03-07T22:46:23.592793Z","last_seen":"2026-06-07T06:03:21.380256Z","times_seen":8636,"resource_available":false,"data":null}},"time_used":2556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/master-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/master-card.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:07 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:50 GMT\r\netag: W/\"976282e8217350df0f06d540ec756257\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PplR%2B8odrNw8TiQxFUHGqFdIesOi23ct%2Ft8PnfMZZNaxEtBjyge2FvFJSnYqr9BT05hI3ltqTuxw3Jbj5YHW4zosVVvwCr4fhcQQtdvaSNhkn%2F6PcQSnIFGTZNVnlGQyroP%2Fu25n\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe369f10731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1551,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"d33ae09835512c6dda3a7e1410958d7c","sha1":"8991716009f54f23ef048250d6ca523bbfa8f56c","sha256":"ce6bc7ce48c390f25d28e6c2c490afd824ae644054b6f5e11c12db8ec1cc581d","sha512":"47b65e36a445cf66ee3ef42470caf83b275b35d3e024d00d043530ff9e0d6e0819ea293aa4539cd190fb8cfffde8c686e32d9ba7529590bfd3305b6e93215710","ssdeep":"","tlshash":"f5412bd34418138afc89953c7cff2a52ba2b8d2c039790ded546a550266d97c16ad1e4","first_seen":"2026-03-07T22:46:23.62688Z","last_seen":"2026-06-07T06:03:21.372591Z","times_seen":8633,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/card-refresh.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:07.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/card-refresh.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:09 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:51 GMT\r\netag: W/\"176365d5a62e8a175a3ae9085db64a6f\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mi2VooYojD%2FeRWfekJYGOvoS7mOdLNxrORrj07eXdFHAez2kmpEhEtiF%2BRbOQa8vZXunCNrKul8S27zXqKZVrOi8q7gt5jgI%2FjinBnhRkndkGsAjwJD9dBjL9L%2FWjj0mR6OCn2zg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe5e9f10731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"4c8d90fb3ea4c2d57299eedb41a2e20d","sha1":"d22bd75e679fd93d69269939d855435b87453c0f","sha256":"7a0822eefcd060a8fa86ee2c2e778f59c5eb11e5cd41818f5059aea5c3da3f7b","sha512":"5a4cb1819a56e40527070a8e6613ca2f523a61e989f1c7148023c327f6eae3b124537880b1ad6678e1def808a0e4cbd3f58dea9c363675f3f7a876c81bb60075","ssdeep":"","tlshash":"3b31fa39e13a434cce4ae9b8301738c7b755c7012981204bd63b54a4d5e51ac37fdc21","first_seen":"2026-03-07T22:46:23.623456Z","last_seen":"2026-06-07T06:03:21.360225Z","times_seen":8616,"resource_available":false,"data":null}},"time_used":2159,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":2157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:07.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: mcDVvlN29ahXFFtWItMHQQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:08 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=3Dr0w5K6sPS7JEbGJkRblt2ys5vDDQkzkHZMn9Z54mds1BhQmJznldyHNfLWFNkBf6KI3iKijj3Xul0fOO%2F7voy36jpG0EMM34Rvp4INc8Nm7E0rFTN90Y9FDOQhjDxNf7oJGopl\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0555fe9af2eb28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=2208\u0026min_rtt=2160\u0026rtt_var=692\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2340\u0026recv_bytes=1254\u0026delivery_rate=1221940\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=a324f4762db7db22\u0026ts=517\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":528,"timings":{"blocked":2,"dns":2,"connect":3,"send":0,"wait":505,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:12.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: CS9XEVi6b/+0n+ic8tua+Q==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:13 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=xBoPQrB8ET3rPsXJjQ2VAPSDiqrPVRSdutCBC5ac%2BaqmENNpikJmj8J4Bloh84PPT9QxVZCth9zi7lhml2xnEiMGoRAk5%2F2ISmNJRRks0xgeAEiUSz0vBoSybhT4U%2BeIanAosHlz\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a055600a0e932efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=555\u0026min_rtt=554\u0026rtt_var=158\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2415\u0026recv_bytes=1383\u0026delivery_rate=5153024\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=bc9eed3ce5a46dbe\u0026ts=462\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":469,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":450,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/static/js/main.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:04.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/static/js/main.js HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.ugamtw.top/pay/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:04 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nlast-modified: Wed, 06 May 2026 01:18:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1381\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9O0k8qYuSTWZ9cMJTImYOYY%2BifVXTYNDRPfzqWiLKUWsKYu9o4Wv9cxLtY3MW7TNygOKM4SBgBxjY0GG34os6WwvZFbmKWZsjKsL3JVrfQpKGotQ1Z6Ew77ep8z8OfQ5gSHqZbEz\"}]}\r\netag: W/\"027c81f918e84c980cee0c16308374c0\"\r\ncontent-encoding: br\r\ncf-ray: a0555fd38e180731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":185481,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65218), with no line terminators","md5":"5cf5cebedf8ec64d3161e568dc6a6bf6","sha1":"5c9dbbb4e83c72ca1adaf1294c47f2657bc01295","sha256":"6922b69f12163337cbd0ed8be71babe7a717c488e5db389f09618d8efd23a9c2","sha512":"2756056c50398b2d70e66f3f87a2cb333cb95a31b9d5ddad0ca92c4bebe7eeee6fc12113a2da9dccc751d0ed12a460989d2725821dde4d3eec8e80ab1e49bf52","ssdeep":"3072:N5i2qY4caSkTc4m8RB59oI5bkZj30lDGzDK1My5vU1izImNlTEmG2bwqm5RvWIyW:K2qY4caSkTc78RB59oI5bkZj30lDGzD1","tlshash":"e804a60125cc540223064efb765e76e5da293f9fb8090d9ad668bc34b9d6123fee9334","first_seen":"2026-05-06T14:21:54.430556Z","last_seen":"2026-06-05T01:47:59.127483Z","times_seen":2071,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:04.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: caGWiKGWtCETRaB6LRO/6g==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:05 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=JjIcQK1%2BVZ8C2S3Xq2XIuM%2B7m%2B2XCYW1%2BIOgzcxMDViMw6AlccQliAmWI55tS9mSEtxE4kKRnXIIgHQIQGUkz8UBaECEPnPPa8xLOBO%2ByGsa7vAnfOgI1Rp0GmbPXOtPwuBMFIRv\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0555fd518a956c0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1809\u0026min_rtt=630\u0026rtt_var=1102\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2341\u0026recv_bytes=1254\u0026delivery_rate=4322388\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=bfe262b8c5a363f6\u0026ts=542\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":600,"timings":{"blocked":1,"dns":24,"connect":25,"send":0,"wait":530,"receive":1,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:08.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: nJnVWyqZD7y+btRZnws/DA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:09 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=A%2BaL%2FhZ3QoPl3d5EHxClZ0vi%2F544lzEH%2FO%2FWG9g2FaT%2FulHPzboyiBkql4tSWHHKCLfIN0ryoc%2BhOR5dYiWrwV2IO4mZn2nMtUNacdad3JlyLLoAlXbF4fyE0q4egvbEEstQOLJR\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0555ff14d51b4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=606\u0026min_rtt=484\u0026rtt_var=349\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2342\u0026recv_bytes=1254\u0026delivery_rate=2867326\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=a9bf27c701c6a62b\u0026ts=343\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":329,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/static/js/ws-worker.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:04.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/static/js/ws-worker.js HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.ugamtw.top/pay/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:04 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Tue, 05 May 2026 00:21:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1381\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L1%2BkBbW00K6SpD5EkvuWgN5619JFnDFE9Zj9cWK41HG2l5XAId%2FWeAGbrAwIZ5l6GfdDJ8ppzuqtcTHUWAoGcO8RR%2B5c2U2Vl1T%2BtwJ3ZNrXkfZFbueVeyRqzJBA74WzihOPELYC\"}]}\r\netag: W/\"4c7b07cba5e23b6bc37f81be1b3d9b19\"\r\ncontent-encoding: br\r\ncf-ray: a0555fd489c90731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18325,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (18325), with no line terminators","md5":"a4b1d45c0ae50cc78fb95cd14ac5d729","sha1":"251f1ae04547d5e7963964a06dd662db269aecc8","sha256":"acb27669bdfa7c5e1fcfdc72c8e5ebf26ee6dd44ae754cd46477d291f237b6e8","sha512":"0eec215862b6249859c2ab7e9bddcaa37a400760c61de3a3b5166bb972b66c19d97a15b6ef9fdffd8c18a5b01519c2c120c632a02474bc19643bca4670019f3f","ssdeep":"384:oysQgbkJv8BnxLvM5N44G/5KDosMQ5sylkefA55bN2GJMT5R7zV2aIwRVR6e+ZJ2:oysQgbkB8BnxLvM5N44AKDosMQ5sylkQ","tlshash":"e782a8547fc035a037476fbbb13b70e0e92b0d8a3d49065fc618bc58ba6135ad5e2a39","first_seen":"2026-05-05T10:48:14.896087Z","last_seen":"2026-06-07T01:54:41.988428Z","times_seen":3190,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/diners-club.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:07.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/diners-club.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:08 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:51 GMT\r\netag: W/\"fc66052d25a8f8f77bd3232ddd28fbbb\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2GQb86H5zu4zJba76zD%2Fup6FBPO1ZxdsWQFDf1gSzhp7Qft8GrWAoZCtuzeWUsmhRyhunV%2FxFXU0hwmjmFJgjk91jBltVWM3krbcFbSoUD94JZxdZkDFIRFIOIACU7dMWjF1Tke3\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe5e9ee0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1438,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"aec125624de33fa15362b62be9a1f673","sha1":"02a558c2ff1a97d388042f0f9bbb4778dbe6e79d","sha256":"ae61a1834e7ba18e6abaf0316e33f743f711e2ca007f61ed1b65ccb77ca47c83","sha512":"8f05c54d359b19db112d14009603ecd3d9a1306e891a000e6a60ea953861cc69653a3479f70a02a8e3ef6f7c065eb41127bab60dacc47043fae27124365215a6","ssdeep":"","tlshash":"68410a66d918d395d4beb0f60b3a01e46224fb04a50e9c02c86b9d72796437e3f9f0b3","first_seen":"2026-03-07T22:46:23.616138Z","last_seen":"2026-06-07T06:03:21.374196Z","times_seen":8615,"resource_available":false,"data":null}},"time_used":1012,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":1008,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:20.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: NetKIvjdQF5kwHXJffRf+Q==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:20 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=E%2Fp4ru3rIPLsiyV5HsQyzHQQWUneOUmMpJ6EhEFCxvYASLy95AHN2CvBja8ezViKTLWa6ZQTABs8gUWzr4tFcD04veNtYmaKd5NQ%2Bk0pzd7P2uPmnk7%2FEJpevca7DELbnUcqlyMq\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0556037698a5690-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=507\u0026min_rtt=484\u0026rtt_var=178\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2340\u0026recv_bytes=1254\u0026delivery_rate=4859060\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=853a154a5b2633dd\u0026ts=657\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":663,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":645,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T09:19:02.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/ HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:04 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\npriority: u=1,i=?0\r\nvary: Accept-Encoding\r\ncache-control: no-cache, no-store, must-revalidate\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ww3wgsyV8myx8H3L5qFB4BZx6fMNQFZ%2BCUaNc3GJekt5OdU9TaXPynQ2wHZutwPonejwTNINZnnlyfi%2Fx2wYoDgd9IsXnJGrIsAx2IrrmOQx8NQr%2B0EpY8mw9Wmx69COiJgbEW62\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: a0555fc76f3a0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1541,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"af873b31e67efdd07d45e131658ee252","sha1":"21329b11404ed02a6f0f8024a80150ff346547cb","sha256":"76d6be6041cb4a9303472c6c7258b84808223eb24a32c0352a2302dd79b54988","sha512":"9476890666bcaced5ff5771bdfd5bcf586423abea60500638cc71a0fee158c6638173895e19cef9e770439fe4e7b4064ba3bfdfc759590572fcfebec1317ee18","ssdeep":"","tlshash":"e83155577d92683a9133d64715fba20c3477c1577f12d90035fd52b08f647852ca2af8","first_seen":"2026-04-02T16:12:25.172631Z","last_seen":"2026-06-08T13:13:59.384891Z","times_seen":8348,"resource_available":true,"data":null}},"time_used":1709,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1708,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T09:19:02Z","timestamp":1780391942,"ip_dst":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.17","port":46842,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-06-02T09:19:02.294274+0000\",\"flow_id\":1356074183962323,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46842,\"dest_ip\":\"188.114.97.1\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"t-mobile.ugamtw.top\",\"url\":\"/pay/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://t-mobile.ugamtw.top/pay/\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":680,\"bytes_toclient\":994,\"start\":\"2026-06-02T09:19:02.274131+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/jcb-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/jcb-card.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:08 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:51 GMT\r\netag: W/\"aba8d44326c3ca3820896d108d28c55d\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EMBBe%2FjdAbDbyLr8Rhrd81G1VNivmPNuS5MmKc%2Fp5s9NSHL3kHcUh3uZMd1yq5tH6b7H49ReznWn1dEahfkCJBLh4lwc9MOSOG9jIhxN3IsCiXS4LgT0IOj9POYn0%2BBMU7Oz0d1v\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe36a070731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2379,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"79a5f1fda4790f8900e278fa7c7d907a","sha1":"34624cbd1976f030b11e49811d02da1121593a4d","sha256":"2889851f4d97b538b546aa51a676dc2100c8fa5710187de45e2875bfbc21ee57","sha512":"34730569aa90502c0ad9238e3fa524af812407639f9c4167a635db169f7b49ceed8d0d499538f1501d21328921a4a2ac6901fa52b44ebaf58325884f976ad0d8","ssdeep":"","tlshash":"6c616b0a4ba4c324c0d5b076ea600673648904e636cbb8d9f539b48c5406ebfb5df2d2","first_seen":"2026-03-07T22:46:23.621023Z","last_seen":"2026-06-07T06:03:21.359667Z","times_seen":8642,"resource_available":false,"data":null}},"time_used":1409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1409,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"t-mobile.ugamtw.top/pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:10.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/webSocket/QT/JWRCVV-1780391944382-w1iapcveko-9xslm2jje3m/khkjsahfjkwhakjlsdwdddddd88 HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://t-mobile.ugamtw.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: k/TiAcp7hKuvY9VMVZ/9xQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 02 Jun 2026 09:19:11 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ZBIJ%2F3Rgl%2F6mqbobXsDB%2F%2FR0At5dpkLMe2L2PacENV8xvwVMNpWC8dYXETop3ZPq8EdmgJQuRgxh4gECPYTAyg2l%2F1UnLkL343cu3XIFp4t01GwVylS0EzdmeCAUCNyrRAFvGela\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0555ffa09b10b49-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=534\u0026min_rtt=476\u0026rtt_var=237\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2417\u0026recv_bytes=1383\u0026delivery_rate=3845949\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=868b178d19b04dce\u0026ts=981\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":986,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":968,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"t-mobile.ugamtw.top/pay/","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T09:19:02.269Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /pay/ HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Tue, 02 Jun 2026 09:19:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: https://t-mobile.ugamtw.top/pay/\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jIY5eF1%2BrD%2FOTxr3DXuZG83qMP7JGGG574nZrIcNjgsaUUT2ZSDp0%2BTHBAT9FMbRJsy9KmUwlu8jqW2ZEJCUZYudugniB%2BB%2BXNDtTyriRWtmZsgQImfHbkaHG8R7%2FQB19GEjTBAo\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0555fc73aef56ca-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1541,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":6,"dns":2,"connect":1,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T09:19:02Z","timestamp":1780391942,"ip_dst":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.17","port":46842,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-06-02T09:19:02.294274+0000\",\"flow_id\":1356074183962323,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46842,\"dest_ip\":\"188.114.97.1\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"t-mobile.ugamtw.top\",\"url\":\"/pay/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://t-mobile.ugamtw.top/pay/\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":680,\"bytes_toclient\":994,\"start\":\"2026-06-02T09:19:02.274131+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/static/js/common.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:04.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/static/js/common.js HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.ugamtw.top/pay/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:04 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1383\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VpBop4c3cMx1qd64n6JPxKs7BXrbTtzSPNJUhlN1Da%2BCTAnjLVWIeUEyOfnXzwsugrtU95DsWWMeErEnKH%2BwvQH5vNMOuyc58RrGI8o7CZ6TAGWdmnUPJapaMkxlGGpQB7sCalLY\"}]}\r\netag: W/\"e04fd8ec70c1f2a9683cd239babee24e\"\r\ncontent-encoding: br\r\ncf-ray: a0555fd38e140731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":998,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"11bc430ea0744025255479ef2b10e7a4","sha1":"0be79c6cf7a72087b5ebaeddfafbbe3fb0db3b02","sha256":"04c41f93da87bbadffc2cfeca91e958c6e1645ecd751e94db05ebbda362894a1","sha512":"87986c65ccf6a8f9049c9edd34e365a07049c0ec30ceb89a65818b0f46445ce6b3012c2b2f9a28bd6e8da75b2ea03ea4dd491ddc469abd442b09e8100166d55d","ssdeep":"","tlshash":"f6113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","first_seen":"2026-04-22T13:58:31.569315Z","last_seen":"2026-06-08T13:13:59.37863Z","times_seen":6656,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/img/img_04ff157e5d9e_kaldad.svg","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/img/img_04ff157e5d9e_kaldad.svg HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\netag: \"bcd75d7efbb2dff31c796bc213f4de5d\"\r\ncontent-encoding: gzip\r\nage: 1383\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6%2BfXvqJhZkKAwP%2BqH8gxAqYCyS%2FwqMLt4J7S3FojJzXmi4Q%2BD2xZH9GuCMA0JC6Bh05d6SeRxkz1Jfsnwb8hxrp7SUMoRxvTBAZ%2FYSmmEKiVak6HOkLUy9zypyjZOcLT1WJKYxQW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fdf9ee90731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":576,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"da22a7f68789a5ac597fb908ac7b2496","sha1":"30aa5326be9ca4f73b0efc9881090e23bfdd0135","sha256":"a58df955d1e5f78fafe028b6b404ecdc558bbba91a7d5b508f13e5ddffc5d2c9","sha512":"e937a2a0ecd6a1b7e1a2425382f90a525851c5d242b0ca9743de11c5b8bebd4561507e2f0b9d4612a4312e758f835f2d4eb11578de8d8b9fa4bb96625eefee91","ssdeep":"","tlshash":"adf0e1d481d9686ccd00077c64c2fd631468b38ae6200ba3d1b001a7b2b125f94e43fa","first_seen":"2023-05-08T02:59:22Z","last_seen":"2026-06-08T13:13:59.366133Z","times_seen":13067,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/main.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/js/main.js HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nlast-modified: Wed, 06 May 2026 01:18:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1382\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hwDTb%2BlRitPKTs%2FuX3mkAdnqN%2FpC%2BBYZwN%2BAKn1%2FPTTUevmg57fjdwCjMB%2BDS1lD4D6F%2BhP1XclF0g1hrdcBlXG83cj%2FpDzh8DDFmya6vFWxXCbjwGX4IOHnBuPL53AH5%2BAtDR6l\"}]}\r\netag: W/\"027c81f918e84c980cee0c16308374c0\"\r\ncontent-encoding: br\r\ncf-ray: a0555fdfaf1c0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":185481,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65218), with no line terminators","md5":"5cf5cebedf8ec64d3161e568dc6a6bf6","sha1":"5c9dbbb4e83c72ca1adaf1294c47f2657bc01295","sha256":"6922b69f12163337cbd0ed8be71babe7a717c488e5db389f09618d8efd23a9c2","sha512":"2756056c50398b2d70e66f3f87a2cb333cb95a31b9d5ddad0ca92c4bebe7eeee6fc12113a2da9dccc751d0ed12a460989d2725821dde4d3eec8e80ab1e49bf52","ssdeep":"3072:N5i2qY4caSkTc4m8RB59oI5bkZj30lDGzDK1My5vU1izImNlTEmG2bwqm5RvWIyW:K2qY4caSkTc78RB59oI5bkZj30lDGzD1","tlshash":"e804a60125cc540223064efb765e76e5da293f9fb8090d9ad668bc34b9d6123fee9334","first_seen":"2026-05-06T14:21:54.430556Z","last_seen":"2026-06-05T01:47:59.127483Z","times_seen":2071,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/js/vue.js","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/js/vue.js HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 00:21:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1383\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hrks63MTNkmcKgwVYDuo2RnXh1IFwQJtmWn%2FKe8chioyoc%2FjT3HL5SQVxanWDSM93z9OE%2BYK4c5vhHPeqotSubiC83zzUjts0GdFN5%2FFQmewfm5vkWZ7l7vxLaKgt20K1DOX5VHA\"}]}\r\netag: W/\"21d149b67435bd144d4f85b12280d12d\"\r\ncontent-encoding: br\r\ncf-ray: a0555fdfaf190731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":93674,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65445)","md5":"d510c12b589a26e2c72f65a1e726a347","sha1":"61131c8e8cc4151fdc2d89e21f95ee27a76710c1","sha256":"d535a5f003b5350e4753025226c81f30cf883edb0ddc01901a31e49f0a9740b5","sha512":"a31326ea137759a06e3c7d26f26ca4adfe31bcc7b96cf24710bf6ef0cc1ae778b883f2f838145e8c615dcaeff42fc8118bec25d83eff4077ed24e67a20ddb945","ssdeep":"1536:DUXY7qLtpHt2P0e1mZ8I6H82RaLPMBlo5VV2B/S/r:SYeJpN28efKMBlmV00/r","tlshash":"c29308dc7299b07157eb31f1107f140bf2365a19ac0ec194b222e4e67cb984d92abe7d","first_seen":"2025-12-05T15:25:52.043787Z","last_seen":"2026-06-08T13:13:59.367888Z","times_seen":21973,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/user-img/discover-card.lottie","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/user-img/discover-card.lottie HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:08 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 05 May 2026 00:21:50 GMT\r\netag: W/\"143d15061f3d07f0bda1b270f7257850\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gKsgjrrSqwPYvSKunDroOWbvLA7iJZQxuJc5Kipl4WodjijHM6lf19AwwVhp6UMfOtxx6GoosgtToXgsg7VWn69xsX4p6AXBHNHm1ubfYTCtpFYre7BHxmgg71xNv5UPSDCAK194\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe36a0b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3638,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"a737c47eb9e414d0de0195b5c56a2c6e","sha1":"682755372ff57c42620bb9b7d453c9339df6dc36","sha256":"6cb862862fc8536523b9f6041c8e15ae015d64ce82e062297ec8662017b11819","sha512":"b07d00d705acccca7ac9169a4436c106305b9c720e23715cf630cb26a15680a1562666ab8870a26b8fbcff830dcf20a72686dc6acef0d885c4b1015c0e872d03","ssdeep":"96:sa+YveJC78aX1ddhtn7FTgXTCYKsDmTeyMbXQuOllcPMl3minwE0oB:s/YD1Lbn7FELkNuOllrpNww","tlshash":"feb16d2306a0b725de0279b57c906efda09dadeed6c16707ea42902633231ec675dd48","first_seen":"2026-03-07T22:46:23.628415Z","last_seen":"2026-06-07T06:03:21.378972Z","times_seen":8612,"resource_available":false,"data":null}},"time_used":1406,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1406,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/api/open/getSyncSettings","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"POST /pay/_frame/api/open/getSyncSettings HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 50\r\nOrigin: https://t-mobile.ugamtw.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:08 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 14505\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: WWW-Authenticate, WWW-Authenticate-username, WWW-Authenticate-userid\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WQ8mT04HSmXZiD1%2FBAAePw76m4mYoXA5r32vTqwuk3joQ%2FAJkDhjm0SD%2FdK4rD8IZKudKrJmipXheyr5gcdZ%2BzP2TNKWLejnVew20Kraj9Y%2BUrvddU3IRg3ostBy3Iinw%2B2S1u5Z\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fe38a4b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14505,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"9d047721230f6698f2ae273e775f2218","sha1":"52e056cb8b530b1add23152afcb4dea4807718a6","sha256":"615f4f1a74751ec16c2a5401e42c41896c04fae0cc9b8a8f6b0888e62c86725e","sha512":"807eeb73fa8d26d80b0b4559115f393675c0b0e4700816dc07a907446fec53ff0e547515a19302b83c87f31a2b4638f681510862a952c3d748ae16a7c5083ea2","ssdeep":"384:toTgaLnp/sZOay+E7qYtdX0QfVIAroaKUCk:toUmp/sZOmadtB6aKE","tlshash":"7752e00875420db36525be1e60fd71e6efa50c72caaef0224320765354a67e963f8a46","first_seen":"2026-06-02T09:19:27.392755Z","last_seen":"2026-06-02T09:19:27.392755Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1514,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1397,"receive":117,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/static/css/docaflld7944.css","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://t-mobile.ugamtw.top/pay/_frame/a_index.html","date":"2026-06-02T09:19:06.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/static/css/docaflld7944.css HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 22 Apr 2026 16:53:29 GMT\r\netag: \"52c93f06e6a71188c47603e9a0ce431b\"\r\ncontent-encoding: gzip\r\nage: 1383\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BrHYfzqzpzFWs3Bvef5dHevNZp6QUzxsma2TRIFSMxkk5EUbf3tBo7Fs1DTfw2sFq9XyjIGPvhIVJwx4GS4GAqbrhJbT%2BKFU88Ou3GMp%2F75V9Zs3dXPiwK%2Fk8TDl2l7YfzEz4%2Bs5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0555fdedc890731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":139691,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (19050), with CRLF line terminators","md5":"3b62f8f51d6d027364ae6094596f300d","sha1":"a2c292af4fc00724957628c6e7a89e7fa2c10a9e","sha256":"420db130158a782a951af4dce4f4de3714c0a12661db2cd6686c76812e10bf24","sha512":"e50461f1bdd8d3a6b2e2f60c204b782d88f4c7ee409a3d68f6a4dac082396013b42854cf0ea9d4df681d5389a9007b30c8982b8cefe0ad9fbc674198e41f8e7c","ssdeep":"3072:olI+lA2ppxNVGNvRpKE4pO9pHSppppUOWNu2Vupp4p4pppepnzGb:olI+lA2ppxNVGNvRpKE4pO9pHSppppU0","tlshash":"e7d3a6c5ba43b23f6827642d43b9a56c4f082985fb0b7fd6798574144bc6be38031b9e","first_seen":"2025-11-01T19:42:23.001647Z","last_seen":"2026-06-08T13:13:59.381349Z","times_seen":12743,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.ugamtw.top/pay/_frame/a_index.html","fqdn":"t-mobile.ugamtw.top","domain":"ugamtw.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://t-mobile.ugamtw.top/pay/","date":"2026-06-02T09:19:04.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ugamtw.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:31:14 GMT","end":"Tue, 25 Aug 2026 16:31:13 GMT"},"fingerprint":{"sha1":"81:4F:01:44:EF:B2:3C:41:37:13:B2:F4:19:B4:61:C2:B6:93:A0:EA","sha256":"4C:82:45:F6:D6:64:0D:0A:96:7B:2F:E4:0B:9D:E0:D4:34:90:FB:04:07:D0:88:15:D1:56:22:A1:46:76:64:C3"}}},"request":{"raw":"GET /pay/_frame/a_index.html HTTP/1.1\r\nHost: t-mobile.ugamtw.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.ugamtw.top/pay/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 02 Jun 2026 09:19:06 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncache-control: no-cache, no-store, must-revalidate\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XbN3ocmV9G17ex0QsOfiCwapDk9TqpXay1UTxtxNvR0Edk0fvmvhN8JdrA%2FTnUOyUaxCJBv3343P%2FBCqClSdjJGokAMFEDdvPMOQ%2FzCOQr%2FcRinzKcqT1sd%2BbQPBlJo6e23W12DB\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: a0555fd38e240731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]},{"name":"Adobe Experience Manager","description":"Adobe Experience Manager (AEM) is a content management solution for building websites, mobile apps and forms.","website":"https://www.adobe.com/marketing/experience-manager.html","common_platform_enumeration":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*","icon":"Adobe Experience Platform.svg","categories":["CMS"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":110447,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"0f3a72b6956a6e467bcbb9a72390a00a","sha1":"3f8cbb8062934e370788b575a153ed5e6aed837a","sha256":"9a66ebfa3bfa7d832721374c6352adcb1c4233ba41f6d5fd43ac6d2af807d971","sha512":"117e82cd998b352684bc41c01fd020d2e789f10f1973ce624e07082e7e6e9233b97fe60eef0a3c6da6b2a5256cbc4e8358fea7a70387d5eb0409d1fe83f1dd4d","ssdeep":"1536:YX9cWQ7/lWQ2xfGXB+yQ7t3qDpgCWas197pijcOMOgO8OEOoOMOIOMOFrji:SaWQ7/sQh+yQ7tqgCWasXp0/i","tlshash":"fbb31871f194303390174fe8f934ee89b273f65acf492656a6e4577026c7cb1780aaac","first_seen":"2026-04-22T13:58:31.581125Z","last_seen":"2026-06-08T13:04:53.026797Z","times_seen":5974,"resource_available":true,"data":null}},"time_used":1916,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1798,"receive":118,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"t-mobile.ugamtw.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"t-mobile.ugamtw.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}