{"report_id":"d8149c25-e417-414c-92b8-bbf95f43bf52","version":6,"status":"done","tags":[],"date":"2026-04-06T18:53:41Z","url":{"schema":"https","addr":"win138bonus.com","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"104.21.29.128","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"win138bonus.com/","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"title":"a7bet ❤️ Máquinas de Slot Como Jogar para Ganhar","dom":{"size":55199,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1127)","md5":"ee21ddc49c26351a6652922d2ae00874","sha1":"21ed9432597ad3230d4085946a61c6776b01e258","sha256":"80c1d0d88fc70c91c9f6a8beb7d38d0105886a60e027a32502c7052a7977d4ad","sha512":"8586370622a2a090b2d0d5572f5f4c91d597893e1749bd4236958ab7c9d62d4fc094238375d03e1adf6440a3b707f9b26cbde33fc3efabb2603535c8aeec32ee","ssdeep":"768:FOOyABey0AqpZXJ1W32zQPVk3U73cxlSBl0CoqtMP1gIjhRzePOppnLFBkQwB2mm:FOOBBrqm2KmSpU1R/qC5rwBxA7Oih","tlshash":"2c43093198e4221701a313c13792d6079e94d543b60ac687fafe47899bcee91d63fb2d","dom_hash":"domhash8b8d905a286ebfec28d5238a1edbc3ab","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"win138bonus.com","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"104.21.29.128","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-11T18:53:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"win138bonus.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-10-11","domain_rank":0,"first_seen":"2025-01-26T07:52:01.392563Z","last_seen":"2025-03-24T10:03:58.525993Z","alert_count":18,"request_count":18,"received_data":1137140,"sent_data":8475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"win138bonus.com/static/js/nav.js","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd2a622efe6d24ca0f26f76ddcb26376","sha1":"07b8860f3244b1414fb7b758cf1e4b85bb5ece39","sha256":"b62b2e8be83f9f32f59f2a6491a56771d4bc6296ab827adf4f5678d5a9693b59","sha512":"840706350e761b6f016ae34636b9e76c14a51a7299234531914976c26df78f48c778a333076316c6cc6a4117009070d3ef7cb655a4373efa9d04b33c17b7df48","ssdeep":"","tlshash":"9a51f259e4f226774077196ae3efd1d676a0000b9d41cc0375ac9f482f819261af3eea","size":2641,"data":"","first_seen":"2026-03-23T14:49:05.956825Z","last_seen":"2026-04-06T18:56:18.511574Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/js/script.js","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"98c719ed1872d12b4c2dac206d91c145","sha1":"9131b8220ff48f6eb25ae3951df0dadea9d7d4dd","sha256":"6d9906e313c70233ff233a9b2b55eeb0fe8c7ecdb63ae7cbf1d0f4960da8f20e","sha512":"25a4e7823e5c39ff0a7b79dd81e1bbaaef529d435d7e7d1fac1798e659f8528993e8bf209d3bcdbc0ab5cb88a2d217d183583b3d73348a60180f9f1de319a240","ssdeep":"","tlshash":"dc118c7a3052357580bf34b593cb84e03d10a0cbbc5790a3754cce892f41aa56877de7","size":874,"data":"","first_seen":"2026-02-27T10:01:55.118793Z","last_seen":"2026-04-06T18:56:18.512583Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"win138bonus.com/","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-06T18:53:19.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:19 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jiDz8QuTLcEgYYQyVLOsy3rZukzDONHra%2BIGXNAtZGT3CP40%2FkPMEWKwNKARfdfhBY2Y23V5IDWaoeGoEsQW0U5SCMytLr2TOeA7xf4aOLKokP0uwuEJ7Rq5Lg6KGkU37sg%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9e82fea3ab6256c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55075,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1127)","md5":"56d1e9df347012d22c777b15faf24dce","sha1":"bc15111513ffdc325028bd8f12afcc8c0cbbec6c","sha256":"486e8584c2e7799ff34a9cd636c0bf5bf7591b5cc5d757d457d9aafc296e7799","sha512":"267a986b1b66811c78c9f690452cf9721a04ebc2cb512de84698148aa1894c5a7d1b940f9a1303e42a4686106dd2a4a459c2a0abbc1143f11b98cbafe36a46ad","ssdeep":"768:pOOu7z4yeAqpZXJ1W32zQPVk3U73cxlSBl0CoqtYP1g6jhRzebOppnLFabQwB2mb:pOOyzbqm2KmSpw17/qG5FwBxz7Oib","tlshash":"7b330a3198e4221305a313c1379296079e94d543b60ac686fafe478a9fceed1d63fb1d","first_seen":"2026-04-06T18:53:52.392146Z","last_seen":"2026-04-06T18:56:18.499789Z","times_seen":2,"resource_available":true,"data":null}},"time_used":458,"timings":{"blocked":43,"dns":28,"connect":1,"send":0,"wait":367,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/css/styles.css","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/css/styles.css HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67741-5245\"\r\nexpires: Tue, 07 Apr 2026 06:53:20 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TfTDsUib6NQ4%2BERWdWuN3DMu6BmuweZtHZXyxsmrjT16Hlof%2BvRgceHO20ZYesFcs9ajzKNDqIFccddwo8EDowCe8478uZ7APn2AkASB8fAIeGLlpqg2RYSPvTF7Ygh6AwI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea74caa0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21061,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"ec07d9aaa7d1b7ada342cabccfc7f5b3","sha1":"73f2366f27ccda591861f5aa4112820588ca1728","sha256":"a68f813365fad587aaeb57c088afb49225d2afcfc575caffffdbcdc47e9c7e3f","sha512":"29ecf02c83373ee077c446dec407edad9368146ad25ebd93e9d85012c2366cc6eca77bf30e9644ce2b4d913458991e6dff0c374132b72c1add524ab547257fe2","ssdeep":"192:ARdbEKv9iAkUcb+PmVzUaHbUUZElMMjyqSI93Xfs4GEam8Ja70Spodjz5DYz6ghI:AIKiQjCJ97BdA4E1F0rp","tlshash":"e1920e029a6366716837921d6bdfab6d3768ac438e14dcdd3add52009fc83fbd111b88","first_seen":"2026-03-23T14:49:05.965562Z","last_seen":"2026-04-06T18:56:18.514549Z","times_seen":4,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/images/index_4_br039.png","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /images/index_4_br039.png HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:41 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67745-6e0ad\"\r\nexpires: Wed, 06 May 2026 18:53:20 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=G4r4ZZ3R4ij1ZuAzqrmRwbvfi%2FOE17HapWeXsz%2Fu5%2FS4%2B21%2FYx9C5sPBhvr79XEPEvPMY8YO7hDkSbQORsPO2l%2FLEefSWCUl6WbfpElQIECHLF0WkWWbjxWzTpH8DwbgJAk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea74cb10b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":450733,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 303, 8-bit/color RGB, non-interlaced","md5":"39cfdf32f136e01e665aa9853155f1f6","sha1":"6baf2d43ee64714cd19fa338b802b9d3ff82957d","sha256":"0286baeb6a1010ceafc79bf0aa365f0c7f0dda6c1254626dd030da76bd3e452e","sha512":"2514f82b4a816dfe0c9f501257328208a23b64e3de0c19c2ca7c4ecce3229fb1d850ee8b8586a4f445e621cc73afb0fb51f5e35d480d27495829018fe81e6d76","ssdeep":"12288:NKvJ8xbIob0/yuK17NF2vjej2q6boX/A8L:QCbIoMC1BCj1sPAc","tlshash":"28a423d2f9488988d0a28431d90915051bfca7e04f958f666ed597fef20fcb84b24ede","first_seen":"2026-04-06T18:53:52.39353Z","last_seen":"2026-04-06T18:56:18.505454Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":367,"receive":882,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/images/index_6_informaoes-gerais-sobre-a-experiencia-com-jogos-de-cartas.webp","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /images/index_6_informaoes-gerais-sobre-a-experiencia-com-jogos-de-cartas.webp HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: image/webp\r\ncontent-length: 39426\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:41 GMT\r\npriority: u=4,i=?0\r\netag: \"69c67745-9a02\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fxDQYHW%2FdXzkaIV23h1%2Bp%2F7u7Gz1zyH0apVtnZWlIHLZQb2IxCs6z%2BP4NEQKi4UUEbkj2wWhhWE8vvYNf%2FSYp%2BidsY25XT8bpr0FUQjXWQlX4jYOuTYO4SpFtcqJCN%2Fi31Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea75cb40b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39426,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 800x370, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e186d0f68c9a61489dae797498df1c80","sha1":"0a78bef44cb7a1de3aea317f6fb2c1f3662ab2cc","sha256":"8b53f1d48d49b8e8d33804e858a11cc44831220c544c97f51b8e0f4672afdc60","sha512":"99ad339e3343b5041ad842b1d5b97dc521e69483b38ef5ceb3140d17f4e78ea59074bea2cdfcefc18e1bd882b63cb71cc79dce1b0eae2b46207418ed2298ca04","ssdeep":"768:YdTOgkfici+W7W0QjHxO7/xw3CCcC3D4f22qhx9E8ntrdCklDQ9xq23+zpQ:YdTOhvWurxOiyC6DsE8ZM48+G","tlshash":"3d03f1b94d52fc02a584e11c1cb2ef84d4fd81247d16d922fa58cd237a25b9b7a4eec2","first_seen":"2026-04-06T18:53:52.394479Z","last_seen":"2026-04-06T18:56:18.509895Z","times_seen":2,"resource_available":false,"data":null}},"time_used":532,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":174,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:20.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/static/css/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 40128\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=4,i=?0\r\netag: \"69c67741-9cc0\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7aCv2TUiMyAWgt1a7G4CxH83AeIschlPA7Q905rOp6XiZ%2FGuDlNyXjHw%2Fxm8SrJ8FS%2FksoFzh2u6Pe16HtJJDfkVOiO2w%2FmNODV49V32mARAG3zH5z3ZjNPvpMsm2FT945E%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea9debf0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-21T21:06:14.829138Z","times_seen":753502,"resource_available":false,"data":null}},"time_used":540,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":363,"receive":177,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:20.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2 HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/static/css/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:21 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 40688\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=4,i=?0\r\netag: \"69c67741-9ef0\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IK%2F8U6vMnoof%2BX8yEakKsNdEjf86WIAl%2BHoTahYKTv7wcxcakpPtL3xJ2Oj0VmLkaOf8UO8%2BwYiJ1STaMbvxcJ3hU4NfKOu4WosX5lEQmwQNqt6gc2ZUXiTPjihvdiyfvWg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82feadfa380b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40688,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40688, version 1.0","md5":"c2110c4e3bb5388e5dde190a6f732b70","sha1":"980adaf6f9b3fe70a95494ebc40dd13151533366","sha256":"0ac2bd2955bce37b4b57866fb20d9b2a9d40efe46eafc7276a9995b36dc4b34a","sha512":"3502853dde0e4032b350c80e015823042985b82097eacba12b9ce3852ca37b1c76b24aea4bfae4fb351935e01dae55790159bd5ab6ea5925b29aee30dbcd4424","ssdeep":"768:5HzWnpfBrQBT/nZyGY8OyYgBlyz9LVm3I7Rv+A1n49NfG37v7R+G:5sfBaF5rOhkly5LyGN+Mh37DR+G","tlshash":"9b0301eef3f58673fd1d9224f25284ef602e9744004d64b5ac2243734eda6b1f1e46a5","first_seen":"2025-11-19T00:33:03.039122Z","last_seen":"2026-04-19T13:04:51.123442Z","times_seen":16934,"resource_available":false,"data":null}},"time_used":350,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":172,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/logo.png","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:21.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:21 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67741-273d\"\r\nexpires: Wed, 06 May 2026 18:53:20 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nage: 1\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kzXV75PPuAtzvAO52QFKTAfQoRYjsjnInS62pZri%2FHqwpjucRweKGfK8gymGirZaAldWPAeKhahoOAWO%2BJWbNRkxdlPIrzypclpifTFID4t%2FeVemcdW2vV0v9BV2dcmErVI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82feb06c580b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10045,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"23296abcea3895640a7a063b8aae4c3d","sha1":"7e8f25bc702422366e0acbc2cea26bd1eba5dc16","sha256":"2ca12976be9d8e46c5a38f73d6df4b9347ad4744cd9433a54f0d2c8a9482c933","sha512":"1fda3e84da4975235b01655a6765f7c41e2a0c2e7969665852e4a0a474565f504159ec992a9d67667d13e55a26213bdd1f23805765d3348bacc0c569727d616b","ssdeep":"192:HS69o6tLE5CRRAA6WapfraAm7/EFHXIOqReA:yQs6A3fmv7sFH4FReA","tlshash":"0822bff0b79eaccde09158aa0fc8909f160a6d41da6815d32f195dbe2e4f24c10497f9","first_seen":"2026-04-06T18:53:52.396495Z","last_seen":"2026-04-06T18:56:18.515528Z","times_seen":2,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/css/css2.css","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/css/css2.css HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67741-52eb\"\r\nexpires: Tue, 07 Apr 2026 06:53:20 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gU%2FtjaTvaGyCziFFaW87q2tQrQxMAk9WIGZnz%2BT10vU8L4YXKoW8w73S3puSSQwFK1FO7vqZF8N3DMF9EpYFitNsXznO%2BejNt59jtMq%2BYuKj3UEobhUjkE3IeosKu1q4d%2BE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea74cac0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21227,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1572)","md5":"b4b5c1dc7566deb6c78b9254e7ea888c","sha1":"ec752b80c4b064bb415ffddac2458feb823faf32","sha256":"4a6296caddfb8fd67a4cd936e02b8c7a005b63bb57161544e20bd4e1982bbbb1","sha512":"433b9ab10493575693c7b0c70e2d572416be2a2771c019517832b76698f064692ba0211d765a7813b77f6e9affa2899fbfc9062bcda916611cc3ad025729ac4b","ssdeep":"384:VflY/bys/qY4ygAVfUR6Oyd/qY4XZ5mfjCp9yu/qY4IqKgfp8j3yI/qY4uEkq:tcHxNWUoG","tlshash":"dd92fb90041710019b839ce223cebf75fe1e92407145d0b6abfd572badcfda652a93ad","first_seen":"2025-07-08T02:37:06.289248Z","last_seen":"2026-04-19T23:26:24.81839Z","times_seen":23,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":361,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/css/enhanced-styles.css","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/css/enhanced-styles.css HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67741-1472\"\r\nexpires: Tue, 07 Apr 2026 06:53:20 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ygu8resp%2Be2fdoIy5o3wjMQawhDgTRe4W2thBVSyIGYvfdwQ7dFtCvXQLORlLSPv6lTgg%2F0ZQDDdM19mIFkNmjse2MBDWWJlhzSFMKq0xw%2BNgjzaSSWy33%2Bv6uCTMmsK58M%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea74cae0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5234,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"c9ba7700e8909f44e1a39b50a4e64a69","sha1":"d43d4f246f99dade7af2b3aefad491dc72dc5540","sha256":"c73a80c51f892a31d969f4a01858c01d8b8433eb1d1a6c98502c189a3b2047f8","sha512":"07b8eeca41292aeca3deb7695085767650ae2fc9d6a1e93d5f3825f5edc70586d118095239c5672c174eae00b65bb745dff0058ed13c73e4530a003cce3711ae","ssdeep":"96:Ks3y6sW+NL/Sv2TCxxMIPIIgD0dF2DwluyNXVIPCKkMZ3f123jSP7nXQ1:Ry6qIDDPzceuyS3fgjSPDXQ1","tlshash":"cdb1445866b09134342fd6697a9bcf4e33ace015880bde39fbe9109d5f843fc91a2658","first_seen":"2026-03-23T14:49:05.966407Z","last_seen":"2026-04-06T18:56:18.509002Z","times_seen":4,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/js/script.js","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/js/script.js HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 07 Apr 2026 06:53:20 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0LukE1JsOL3M4kf6oYVQrnpJUvtwvJcS%2BprH%2BFs5BOAttuOFIIOdYUfhWBG%2B90Qdp7e%2BKXg9HMAo0P%2FNwT%2FdON0TAXIDHr5zmeg3SO5e92N3QV12U7e7qP4b6flq%2FwQVT6U%3D\"}]}\r\netag: W/\"69c67741-36d\"\r\ncontent-encoding: br\r\ncf-ray: 9e82fea75cb50b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":877,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"98c719ed1872d12b4c2dac206d91c145","sha1":"9131b8220ff48f6eb25ae3951df0dadea9d7d4dd","sha256":"6d9906e313c70233ff233a9b2b55eeb0fe8c7ecdb63ae7cbf1d0f4960da8f20e","sha512":"25a4e7823e5c39ff0a7b79dd81e1bbaaef529d435d7e7d1fac1798e659f8528993e8bf209d3bcdbc0ab5cb88a2d217d183583b3d73348a60180f9f1de319a240","ssdeep":"","tlshash":"dc118c7a3052357580bf34b593cb84e03d10a0cbbc5790a3754cce892f41aa56877de7","first_seen":"2026-02-27T10:01:55.118793Z","last_seen":"2026-04-06T18:56:18.512583Z","times_seen":7,"resource_available":true,"data":null}},"time_used":352,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":350,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:20.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2 HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/static/css/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 20408\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=4,i=?0\r\netag: \"69c67741-4fb8\"\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kta2TnVkIp%2F4rDJly27dogpPX8OmY2p9yf2UnxfZHuvNQTZboFtYUqPXIad9Fs1ahe1BVgzZ6uDmxkHP5Qap%2FDnwHu17YaoEwXfazkMRxL3q7JhvAkf%2F4GgepuOptkMOIaQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82feaa0ee60b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20408,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20408, version 1.0","md5":"e8730678d4610fa908d3cba1ef0b4ddf","sha1":"1efcbee909ce74bf04878d74867f12a1e41ae7a4","sha256":"e921785496ed2d98c2257c88a6f838afa6acbee05cb8467048501bfe2a301461","sha512":"d7c3f81ad11ac5b3e6f454fbbb9be0940b3e8da93cde0b80f9a91a8259966be466b4d6a0fd5527fcc6c8f218aad8ffd0124bb29dfa08f6ca658ce49fe9e37e6c","ssdeep":"384:D+h1xN53scre+kLtT5+wpcR98ffVvdSMyNaHAUvLFNPBtn2aotFn9mTCAKDi055c:Ss/XRT5+wpM98ffxd6uZZRXnemWDj5WL","tlshash":"fa92d1cdfc0e5797a8e14ee93c0a7a4dd76f438af366a94b25e66122e67a55c040320c","first_seen":"2025-01-09T02:30:28.977279Z","last_seen":"2026-04-21T20:45:11.390443Z","times_seen":56716,"resource_available":false,"data":null}},"time_used":516,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":162,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/css/index.css","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/css/index.css HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67741-2612\"\r\nexpires: Tue, 07 Apr 2026 06:53:20 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TzuSt38oc0clyLd%2Bn3QIkCbUfbrjsI2VzE07x8wDpTM%2FpfEfhGTz2BMPC%2FpHiSe2usoW7F3eSmjVnlsdek9nQedpsJHx0XCqcQ2vYVomBkzl1g6aCJsTXkvPhx5mebvwA7E%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea74ca90b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9746,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (9743), with no line terminators","md5":"7889263097e43c3e757365f4ce161733","sha1":"5e2890766ca887cd8a0808f1b4e1687708483d00","sha256":"483fbf80e13e2038c58a77df2e363505af52f1521b5691f6a0328b2fb193f900","sha512":"1baf9ee542aa80fe67ced4989bbabf6c15f62f1b8685a29893202683302c56f2a133185d0cb54de1c331e4012e9be5175d55e5def8fcf06cfde9f31b7565fd12","ssdeep":"192:tWhNWwy8Nd+ZGAdKUSgeG3sSKIbXoudvkxRBlBPlIL5:esleuRERBlBW","tlshash":"491292e1f21170796cdf886ea195fceb87658407ce190a99f04332a8f7ca6d30a527c8","first_seen":"2025-06-20T23:14:43.216099Z","last_seen":"2026-04-06T18:56:18.502741Z","times_seen":12,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/images/index_5_Screenshot_99.png","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /images/index_5_Screenshot_99.png HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:41 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67745-1f51c\"\r\nexpires: Wed, 06 May 2026 18:53:20 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jY2V1k3l6bAHASzm23AU%2Fkfd0vYH1IXxnMIMgCyIFgdYzCdB7gRSXHLz5D2xGGc%2B4f8q3E2Ke7BMLX%2BPG6xIPxzzTOLlMldhV%2B%2Fr3RLvpgmlEpLABAdGqgvle8A%2FO%2BYt9Ow%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea74cb20b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128284,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 259 x 348, 8-bit/color RGB, non-interlaced","md5":"52e57a7a2936be1a35a4f85f3a4c573a","sha1":"1ffb66f8e484bebe67ffd75c1c8779728eb0647a","sha256":"8bcb00bd3ed45bd99f94c2cce120edfa26025617b8ac503d93d13cb32eb45c13","sha512":"cddcde593b07827484d33abd3c08f3070cf115e9f3fa12467acbb5044451a1cad04e94808ef2e57721f393486487b5f5f09a2bcfa8872564651df198aee16683","ssdeep":"3072:3iy115V3h7C+f62DQ4w4/0/YE80MLkUPmBAt/bnFTcunaUqQvP1:3iy1xhtT89+4pMkUeBATnFIunse","tlshash":"d7c31254b2f527bec453461b0961a9b0b79bc2f0ff09e016e34ca35955f43ba0928ed7","first_seen":"2026-04-06T18:53:52.40007Z","last_seen":"2026-04-06T18:56:18.507247Z","times_seen":2,"resource_available":false,"data":null}},"time_used":893,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":528,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/js/nav.js","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/js/nav.js HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67741-a51\"\r\nexpires: Tue, 07 Apr 2026 06:53:20 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N91bgvI51qqyVdKXoso3qcZx6yd1qSe%2FywXvxZ6b4mUGrOvbfDOBUH6Q3E55mvnnIF%2BBE6AqNYvAJwwkrsX6aVCjeDWz7urOJG2%2BsBzNeLHWMFFhqL3rr6hB9k9C0Wp%2BmDo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea79cf30b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2641,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"bd2a622efe6d24ca0f26f76ddcb26376","sha1":"07b8860f3244b1414fb7b758cf1e4b85bb5ece39","sha256":"b62b2e8be83f9f32f59f2a6491a56771d4bc6296ab827adf4f5678d5a9693b59","sha512":"840706350e761b6f016ae34636b9e76c14a51a7299234531914976c26df78f48c778a333076316c6cc6a4117009070d3ef7cb655a4373efa9d04b33c17b7df48","ssdeep":"","tlshash":"9a51f259e4f226774077196ae3efd1d676a0000b9d41cc0375ac9f482f819261af3eea","first_seen":"2026-03-23T14:49:05.956825Z","last_seen":"2026-04-06T18:56:18.511574Z","times_seen":4,"resource_available":true,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":345,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:20.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/static/css/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 40128\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=4,i=?0\r\netag: \"69c67741-9cc0\"\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LxoUAXfxRBGp%2B3N0nmAdJ4QrT%2FpQgHecu51JvvI%2F51gVFHeYzVOJnAx5EHZrlWad%2BdB%2FSsvYosZWNwOnLSenMA9axw5ePaQgJC8pL9%2Fty9a3TNRgyLROOwr5TwXziEKQppk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82feaa0ee00b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-21T21:06:14.829138Z","times_seen":753502,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":334,"receive":176,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/logo.png","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:19.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67741-273d\"\r\nexpires: Wed, 06 May 2026 18:53:20 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CuSRdOF2XwCFT50U6vntvz8J8NeWTK7GlozWDdMipSdLCFxvOx4vjOu%2FXgFxMVgon3qTubg7YENAjAzzK0I7O64Wd87g2yzvDUD4hStI1dreconFMBaPsVhPQ2cYTE3lVWE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82fea74caf0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10045,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"23296abcea3895640a7a063b8aae4c3d","sha1":"7e8f25bc702422366e0acbc2cea26bd1eba5dc16","sha256":"2ca12976be9d8e46c5a38f73d6df4b9347ad4744cd9433a54f0d2c8a9482c933","sha512":"1fda3e84da4975235b01655a6765f7c41e2a0c2e7969665852e4a0a474565f504159ec992a9d67667d13e55a26213bdd1f23805765d3348bacc0c569727d616b","ssdeep":"192:HS69o6tLE5CRRAA6WapfraAm7/EFHXIOqReA:yQs6A3fmv7sFH4FReA","tlshash":"0822bff0b79eaccde09158aa0fc8909f160a6d41da6815d32f195dbe2e4f24c10497f9","first_seen":"2026-04-06T18:53:52.396495Z","last_seen":"2026-04-06T18:56:18.515528Z","times_seen":2,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:20.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2 HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/static/css/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 20408\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:37 GMT\r\npriority: u=4,i=?0\r\netag: \"69c67741-4fb8\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BMaXSYtsc20AdAfvs7iQ90aVXzLlkiE6gj5nN2l7402eskx020soJ8klQJlI0kluUym%2BvQcdEtwQP1DI7jPLHf9Th%2FmTOX3SyJY7tm5yethJNb%2F0x3%2BNJNygQkmL4WKSSok%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82feaa0edc0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20408,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20408, version 1.0","md5":"e8730678d4610fa908d3cba1ef0b4ddf","sha1":"1efcbee909ce74bf04878d74867f12a1e41ae7a4","sha256":"e921785496ed2d98c2257c88a6f838afa6acbee05cb8467048501bfe2a301461","sha512":"d7c3f81ad11ac5b3e6f454fbbb9be0940b3e8da93cde0b80f9a91a8259966be466b4d6a0fd5527fcc6c8f218aad8ffd0124bb29dfa08f6ca658ce49fe9e37e6c","ssdeep":"384:D+h1xN53scre+kLtT5+wpcR98ffVvdSMyNaHAUvLFNPBtn2aotFn9mTCAKDi055c:Ss/XRT5+wpM98ffxd6uZZRXnemWDj5WL","tlshash":"fa92d1cdfc0e5797a8e14ee93c0a7a4dd76f438af366a94b25e66122e67a55c040320c","first_seen":"2025-01-09T02:30:28.977279Z","last_seen":"2026-04-21T20:45:11.390443Z","times_seen":56716,"resource_available":false,"data":null}},"time_used":521,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":167,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"win138bonus.com/images/index_2_br027.png","fqdn":"win138bonus.com","domain":"win138bonus.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://win138bonus.com/","date":"2026-04-06T18:53:20.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"win138bonus.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:44:57 GMT","end":"Wed, 24 Jun 2026 11:44:56 GMT"},"fingerprint":{"sha1":"0E:60:0B:47:7E:74:20:E4:E3:C1:CD:14:6F:A6:D2:C5:CB:F3:F7:6B","sha256":"57:6F:06:A0:C6:FE:D5:E4:26:85:AC:4E:55:DD:80:C0:C0:B0:09:4F:0C:02:04:98:B9:CF:70:78:B2:9F:99:9F"}}},"request":{"raw":"GET /images/index_2_br027.png HTTP/1.1\r\nHost: win138bonus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://win138bonus.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 18:53:20 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Mar 2026 12:25:41 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69c67745-32c86\"\r\nexpires: Wed, 06 May 2026 18:53:20 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O%2FHwVoh2oaZc4V%2FxNAjzuaVDeoCiuB8%2F7kDjlcjbYdoVadau7tyaMQJaNj3yPx5uvaJlWZ9Q7r6Vr5fiyOPOhaQpncuM0Shm0XyjFaoIoYfvLQy6evf8pm8VzDAklACuD6g%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e82feaa7f290b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":208006,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 342, 8-bit/color RGB, non-interlaced","md5":"79bfe09331a9836b2e89b1308607e7c7","sha1":"888e0fbaab2f8e86133f7204cf8097167e8bace0","sha256":"857b3f47347600534df12a889c412656bce2249cbbd44eba6b5e763c8ad7ab3f","sha512":"68ea26709eaf73e8ddd7c02006e60a82a9a94a66c7454a9d95f4d81fd48b9a5b515e1d8d9a608bebd56240dcb7edf3e8920bdaeb742ce40bbaea0fbf6dd1a4d9","ssdeep":"3072:z3N7eiqFvuG2ZzojcB2FqCPzr/C8hGpOhp2Y51Zgs5R1lmKVqw/zO+fvAAViQ:zFTqF/JtqSr/C8z2YTesf1A2FO+HAzQ","tlshash":"d814239cd31c8f99c8d7f1fe81826174dace1e764e10b1907c6ab780ba137a2b6516dc","first_seen":"2026-04-06T18:53:52.401962Z","last_seen":"2026-04-06T18:56:18.497782Z","times_seen":2,"resource_available":false,"data":null}},"time_used":902,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":371,"receive":531,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"win138bonus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}