{"report_id":"e133bc76-0efa-43ef-b1dd-eddcb34182ed","version":6,"status":"done","tags":[],"date":"2025-09-28T21:12:30Z","url":{"schema":"http","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"title":"228703--0b8ccbaa-8215-4e34-bfcf-02de30f20a0b--mlqw--1919810-streamwish"},"submit":{"url":{"schema":"http","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-02T21:12:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":10}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"mn.equerrywronger.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"topworkredbay.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"topworkredbay.shop","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ol.meaulcockups.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"larvatepharaoh.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"amt3.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"swiperessort.rest","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-21T22:11:31.071214Z","alert_count":0,"request_count":3,"received_data":1260439,"sent_data":1312,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"larvatepharaoh.cyou","ip":{"addr":"23.109.170.151","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2025-09-28T21:12:32.177197Z","last_seen":"2025-09-28T21:12:32.177197Z","alert_count":2,"request_count":2,"received_data":4768,"sent_data":1041,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"yuguaab.com","ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-17","domain_rank":208735,"first_seen":"2025-07-19T03:13:07.424723Z","last_seen":"2025-09-27T17:15:51.063781Z","alert_count":0,"request_count":8,"received_data":552594,"sent_data":3982,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Bootstrap:5.3.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"gd.orlcloop.com","ip":{"addr":"23.109.170.34","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-01","domain_rank":0,"first_seen":"2025-09-16T09:50:22.950967Z","last_seen":"2025-09-26T16:14:56.456187Z","alert_count":9,"request_count":3,"received_data":240219,"sent_data":4019,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-09-21T22:12:58.070161Z","alert_count":0,"request_count":1,"received_data":81731,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"mn.equerrywronger.click","ip":{"addr":"23.109.170.114","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2025-09-28T21:12:32.178344Z","last_seen":"2025-09-28T21:12:32.178344Z","alert_count":2,"request_count":2,"received_data":299320,"sent_data":1018,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"imasdk.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3922,"first_seen":"2014-02-25T09:02:53Z","last_seen":"2025-09-21T23:43:01.494052Z","alert_count":0,"request_count":1,"received_data":467347,"sent_data":426,"comment":"","tags":null,"fingerprints":null},{"fqdn":"bvtpk.com","ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-03-16","domain_rank":37068,"first_seen":"2025-05-21T11:34:02.786268Z","last_seen":"2025-09-23T14:20:40.270423Z","alert_count":0,"request_count":1,"received_data":111101,"sent_data":404,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"topworkredbay.shop","ip":{"addr":"212.117.186.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-05-13","domain_rank":28519,"first_seen":"2025-05-22T16:21:00.009933Z","last_seen":"2025-09-26T15:14:10.9645Z","alert_count":4,"request_count":2,"received_data":1071,"sent_data":1075,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ol.meaulcockups.com","ip":{"addr":"23.109.170.71","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-21","domain_rank":4083277,"first_seen":"2025-07-26T15:55:06.63734Z","last_seen":"2025-09-26T16:14:57.281414Z","alert_count":3,"request_count":3,"received_data":95883,"sent_data":3924,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"amt3.com","ip":{"addr":"139.45.195.9","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2004-03-18","domain_rank":8122,"first_seen":"2025-04-23T17:00:21.322227Z","last_seen":"2025-09-23T20:56:37.911128Z","alert_count":1,"request_count":1,"received_data":826,"sent_data":586,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"swiperessort.rest","ip":{"addr":"88.211.241.24","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2025-09-28T21:12:32.174625Z","last_seen":"2025-09-28T21:12:32.174625Z","alert_count":3,"request_count":3,"received_data":300790,"sent_data":1335,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-09-21T23:59:49.858604Z","alert_count":0,"request_count":1,"received_data":834,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"streamhg.com","ip":{"addr":"104.21.20.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":252467,"first_seen":"2024-12-13T22:04:19.168256Z","last_seen":"2025-09-26T16:14:56.601461Z","alert_count":0,"request_count":1,"received_data":5126,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-05-04T14:52:08.547326Z","times_seen":1825,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b26d6f86c4345f37c33c9b3b6dc9338b","sha1":"b92b66a7dadcc3acefe2c4cbd34f36c525ef4a24","sha256":"5b3474edb6863ae89e1cfe842fb92e8ffdb6d4084a837040d36d497c4a864216","sha512":"4a761629227e8640b5401c3d20d4c21820fde23b975ac94da139912a7a4ef592f86ae1117eaa52a510b7155e9ac3c1b8413c75d429e95ff473b0b9333946382e","ssdeep":"","tlshash":"1dc02b8c720a0cb041fb27408b3fbb00b002321495d56931494923048d30e03db54c14","size":153,"data":"","first_seen":"2023-05-25T01:59:38Z","last_seen":"2026-05-04T07:51:11.688583Z","times_seen":609,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-E2BG6CPV2J","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"713b9c62374d56e81fe2108edde279ef","sha1":"09db731485428401421e8e24eeee5fc4958a413f","sha256":"a78d725074eb597eff8f38c9aac23fb61a0baa5bf9a543f0bfbee5ffe5c00afc","sha512":"c422d1440d804bf5e7c3975d93ef6fb65a126176cc3f0e8485025dcf2eacc13f89d794d34559bc01d61c484b207d4f4540e7334d40e5df8ea7a81474dd9671b4","ssdeep":"6144:qBApmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:kOmLRYly/Lwr","tlshash":"db9409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","size":419446,"data":"","first_seen":"2025-09-28T00:21:20.803763Z","last_seen":"2025-09-28T21:12:38.234974Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-05-04T14:52:08.547326Z","times_seen":1825,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-05-05T06:12:53.987666Z","times_seen":18700,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"df59b89d2b10e781595a9bbb06b5fb1a","sha1":"7cba199aa8cc8b54628df40893b70ae37406097f","sha256":"1470685003608bc3294b12dab4323c2a1168b0dd52fbb1ac58db5e3a96beaca4","sha512":"61acf5be86e8a01ec47c278227bbfad14bf286481ba4823387fc7162b2904c07518b009e4907c20d44327f64ba2bbc8384826842e54e6955d15ee692232ad3a2","ssdeep":"1536:KORV5n7I9pN5MSlR8L6Ru5HjQdXog6wTEDtr0r0:KORVd4nWqvXoRGEhr0r0","tlshash":"25b30a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","size":109903,"data":"","first_seen":"2025-09-25T11:02:30.329168Z","last_seen":"2026-01-02T20:38:25.96051Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-05-05T06:12:53.987666Z","times_seen":18700,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-05-04T14:52:08.547326Z","times_seen":1825,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-05-05T06:12:53.987666Z","times_seen":18700,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/HG1/js/jquery-3.2.1.min.js","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","size":86659,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-05-05T16:13:59.017371Z","times_seen":84301,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-2TL7NH453R","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b775a53ccd8a5ef95749d0b1750bd6cc","sha1":"ee198a7fae2901221489ec37d519ca3599618ff8","sha256":"3e54839f3344b0617d337956d6d6e67c18a6eb925a6ad5b62467555bfddc4e38","sha512":"05e434210a7c9d5c2d602a591367dabe5824a82de64ac481016ec57cf00acd23d9e26c98c10f75aed607f31dd77ccfae2a942dd18538379d17c26aaefb547073","ssdeep":"6144:nB9pmM2/rNpvYqkD1g1/9G1SvuVcH9+23WBj:BPmLTYly/Lwr","tlshash":"1c9409ce73d674265396e078907f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","size":419736,"data":"","first_seen":"2025-09-28T21:12:38.26365Z","last_seen":"2025-09-28T21:12:38.26365Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"78c4cd0c84838bea16844c9f9ef24b83","sha1":"8cd7971318371ab3d16379df6cfb254a5c649fca","sha256":"ea8fe021a4ace4f6786fecc418f70b658fc2dc02d136e8fe5c6ab6b62a46d5d0","sha512":"bc80244dddc0af2f6bc1fd25adbf64222a722246af2a96069f2a29057b3a4a22df352cc0bc236fbd0bcac015795e56a0e0ef286696795399f86c7a04ac64318f","ssdeep":"1536:2Iif7R2qTTR2t4iYniNw+inrJuQolwxLBAF927wXtWJTI5TrtgK:gR2c7tLBW27wXtSTI5t","tlshash":"6573b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","size":80578,"data":"","first_seen":"2023-04-09T07:05:04Z","last_seen":"2026-05-05T16:02:46.999242Z","times_seen":4689,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/assets/jquery/styledl.js?type=mainstream\u0026u=306\u0026v=1.2","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dd00153cb393bcb91633c6e99cf6900","sha1":"9daaa1711f42b6a16226d4f7493456f8899f6c1e","sha256":"1fa037f8621424588266b51c7fc53204c60edfc0ed885cd876e1f1af4337bfd7","sha512":"02a9afe36d00a09d8029148a913ec4a9f747bf4190593d18888925ba20aa431d46560fc8feb3db1ec36dc8d8ae178abd2f752bafd1e9851c889791ffdf44c88e","ssdeep":"96:/71jqYG3NWBlfgayQFWB/fbayURWByfVUayUBWBifmayQGOHOCW3gkHoF0hCaCg:/71WYGilfgayQK/fbayUuyfVUayU+if0","tlshash":"ebc19dad1ff3106da563717eaf6f91187074a02b0806ea497c4c93d49f9087d2a76eac","size":5929,"data":"","first_seen":"2025-09-28T21:12:38.264937Z","last_seen":"2025-09-28T21:12:38.264937Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gd.orlcloop.com/gwF3keOX1dkEyzFR3/40913","fqdn":"gd.orlcloop.com","domain":"orlcloop.com","tld":"com"},"ip":{"addr":"23.109.170.34","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"907c81665b8e8aba469d76938caf5b7d","sha1":"24a9a3486d80bb3d0e132bbf9b44e9ce74f7ba83","sha256":"63fa1130f38b123a5f56b80064d8e1af59daade69bca059018b4bc7adfed348b","sha512":"12f6587f20e05d05fc8a9ba52f68d982a48e5e09bcfd08fb19ede493ac06edd26da0553abcea2c6d204cd04273788a115d32214bff606abec2e4cb6f254b2863","ssdeep":"3072:nVxgSKOEeS2oZl6uM2YTbVnB3cnH3nJu4xISGx4vnyfBUCV5QA:nVWSkeS2JVBMnH3Ju4GSGyyfbV5QA","tlshash":"56342be1f320f27d8b9780e2d53e9112d22d0b8131cd9ba0e269dd647f5964bc17e9e8","size":236922,"data":"","first_seen":"2025-09-28T21:12:38.27357Z","last_seen":"2025-09-28T21:12:38.27357Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imasdk.googleapis.com/js/sdkloader/ima3.js","fqdn":"imasdk.googleapis.com","domain":"imasdk.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d828da1a5e52ccd137d1536dfc2866a6","sha1":"3982d7db41ec59014544608e075f4edcff3b6593","sha256":"7d41f29cc3b08091129996fa65a323b4acec268219c41a5fe324719244dde07e","sha512":"3b2a4cb2fdb31858d03b95f686f0e324aba80100500b2ce07b6c3f04cde51fc36dde055b35a8506aeda770f9ecd65ecf1d2751b662e7f6872f8c972055cea57d","ssdeep":"6144:Zn6+nrFiMALh9ap3bKgXmTkdys2mu9dGh5dTQHLmzPsH:hrv5dysbu+hsLmzPsH","tlshash":"4ba4f9cdb6a674669363f4f5403f010bb23bb8a6f408886cb649d9e16e749094277f7c","size":466633,"data":"","first_seen":"2025-09-28T21:12:38.233911Z","last_seen":"2025-09-28T21:12:38.233911Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cb3a2f747e90c553769c2155d20f3ebf","sha1":"d10496bb17cb31e6c493f1429655fd723dfa3cfb","sha256":"79ac617398535f8ab3b7a4ec458a94ef2156acd847ff57111afef826d82d3742","sha512":"a1bc1a88e5a27e3270f872097bde105a03e1f7c2281f4067f2c81dee984a6be21d5e207d3237314315b7153d39c9805701b3c0486ac74137ff83230fff68540d","ssdeep":"","tlshash":"8cc09b8c251e5cb195f72740db7fb604b4423214d4d56a314d5d63845d30f17db55954","size":153,"data":"","first_seen":"2025-05-19T10:11:33.51975Z","last_seen":"2026-05-04T07:51:11.691793Z","times_seen":372,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b9a4a0464df7382770fdbb6120bb289d","sha1":"de4d12911183f9bfcf5ceccc00f5d46d170eda87","sha256":"6541e6c013e24c03ab4e6a3be5bd05923a5f87a2ead361aa1fa0a01a4b9db9ce","sha512":"d10b3b04fb5a78c4735168d2267e5abff619ae740d125c724d66dd7bd980b3ef8769a32444b61787ab09322462439268a4fbf147734ccf51466c797612267aec","ssdeep":"","tlshash":"91f00ea53cdc44248336022627bba548746a69392c0afd19f18d84822f9deac18bb88c","size":527,"data":"","first_seen":"2025-06-22T23:12:43.524632Z","last_seen":"2026-05-03T14:51:20.464042Z","times_seen":121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ol.meaulcockups.com/tBBGL9zd7m93sOmz/62124","fqdn":"ol.meaulcockups.com","domain":"meaulcockups.com","tld":"com"},"ip":{"addr":"23.109.170.71","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad4973a306c7f2d7db87ce595fbd7703","sha1":"aac54f3cbc1bddf5b5500199a7952bdcc90c59a9","sha256":"87b2aa0fc804dd4831b04d06dd245012d1bafe798898c039e1674152aadbd019","sha512":"1be641b231d9d5aa73926aa57fef71a1889791809f286e589378d1438aeccdee4ad2a782b7690566150448cbd69a8111db056a3b3a26413b2b70dfd0111000a4","ssdeep":"1536:90ZypD4MdNdzZVK+E0wlJQJ1jvokvSXBDYpK2:9Y+DwnOjFSs","tlshash":"cd934b42b651b03a07b244e5a17f4245f2372624784ed490f26decb12e7a58fa1b7fec","size":90952,"data":"","first_seen":"2025-09-28T21:12:38.243782Z","last_seen":"2025-09-28T21:12:38.243782Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"streamhg.com/js/jquery.cookie.js","fqdn":"streamhg.com","domain":"streamhg.com","tld":"com"},"ip":{"addr":"104.21.20.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae0c2c5d8f01f7d35bb698bb618a62f7","sha1":"63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20","sha256":"75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc","sha512":"eac94ca9d884692af8bdf12aa6e902a3be4eed0772ad8f2932ac1c3328b83a7351cdf743a409bbc0a3cd385956c08d3203d51c572bb1680489e37330fe27a2bb","ssdeep":"96:L4BZxb64Ng7V8cNwpGylRCsKZcj1JXulL6M/aGByLskPSP4lBCClf1wgCyC:LQnb6eg7DgCsk8fgZJkPSPa+gCyC","tlshash":"2e91fd293a0d231d149353f57aee10c8a930d632216ad46c744cb6b06f00c63ddfbbea","size":4331,"data":"","first_seen":"2023-03-07T01:03:07Z","last_seen":"2026-05-05T14:44:11.339624Z","times_seen":4409,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4a236aceb031d5e155da9ec1391ea600","sha1":"c7911fc272febf2d17ce9cea6dfdb68ff33d2526","sha256":"0c6a56ab6412fecb2f58122c7cebf169ef30c8f8e5470fbf16d34c1a8e015987","sha512":"4a7925c4a9f16b06801ac1d8e486f9c54691fe6e1e1fbe89627f812c1c7c729d05c94c94b6b71feab4e1d3ed799a2c78626cbc1c3cebd51cfc97eae59d37b504","ssdeep":"","tlshash":"fbe0e52722afd03cc522a9570f3eba97758911335251d6cc74cc616afa807da2c895f5","size":417,"data":"","first_seen":"2025-08-16T02:06:06.441045Z","last_seen":"2026-05-03T14:51:20.464787Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-E2BG6CPV2J\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"59cc9fb73a69c10e9007a2a39e8e6da3","sha1":"11332663d615496f18ea67e8231568b21f0eb645","sha256":"be1bbe651a78e4648260b830da2e19b06e8ea274eeda2e302891b530882f0c43","sha512":"ce17e24a258c5dcca0e63a70453971c78670f32f13ba3b9938d83860a1744166b1ad1c6541fae04e9eee76c09553e7afbb57c271a8b2efc13681625994b6057e","ssdeep":"6144:qBRpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBA:kLmLRYly/LwY","tlshash":"d69409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","size":419465,"data":"","first_seen":"2025-09-28T17:35:29.182553Z","last_seen":"2025-09-28T21:12:38.231981Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"streamhg.com/js/jquery.cookie.js","fqdn":"streamhg.com","domain":"streamhg.com","tld":"com"},"ip":{"addr":"104.21.20.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"streamhg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 09:37:13 GMT","end":"Thu, 25 Dec 2025 10:34:37 GMT"},"fingerprint":{"sha1":"90:6F:66:0C:56:EF:E3:AC:99:84:D3:2C:E2:68:A9:0F:88:74:CE:85","sha256":"60:9C:7F:C7:48:93:E3:A8:4F:84:94:77:FD:F7:89:CB:0C:64:F1:61:A8:BF:53:A3:0B:E7:7D:20:50:05:D3:99"}}},"request":{"raw":"GET /js/jquery.cookie.js HTTP/1.1\r\nHost: streamhg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Tue, 31 May 2011 13:53:00 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"4de4f2bc-10eb\"\r\nexpires: Fri, 03 Oct 2025 07:30:19 GMT\r\ncache-control: max-age=604800\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\nage: 222109\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NZw2IV%2FoJ3epZP1tH1HYrxkuPGVd%2BJJo2v6k8jfWbWgOUZ6m4OB6u%2Bf718c4K3cSN0j3VuAz9QCBEem2dbvnYcCXKq6l4Oyxs10%3D\"}]}\r\ncf-ray: 98663cbed976568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4331,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"ae0c2c5d8f01f7d35bb698bb618a62f7","sha1":"63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20","sha256":"75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc","sha512":"eac94ca9d884692af8bdf12aa6e902a3be4eed0772ad8f2932ac1c3328b83a7351cdf743a409bbc0a3cd385956c08d3203d51c572bb1680489e37330fe27a2bb","ssdeep":"96:L4BZxb64Ng7V8cNwpGylRCsKZcj1JXulL6M/aGByLskPSP4lBCClf1wgCyC:LQnb6eg7DgCsk8fgZJkPSPa+gCyC","tlshash":"2e91fd293a0d231d149353f57aee10c8a930d632216ad46c744cb6b06f00c63ddfbbea","first_seen":"2023-03-07T01:03:07Z","last_seen":"2026-05-05T14:44:11.339624Z","times_seen":4409,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":19,"dns":9,"connect":3,"send":0,"wait":12,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-E2BG6CPV2J\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-E2BG6CPV2J\u0026cx=c\u0026gtm=4e59n2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\nexpires: Sun, 28 Sep 2025 21:12:09 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 139989\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":419465,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"59cc9fb73a69c10e9007a2a39e8e6da3","sha1":"11332663d615496f18ea67e8231568b21f0eb645","sha256":"be1bbe651a78e4648260b830da2e19b06e8ea274eeda2e302891b530882f0c43","sha512":"ce17e24a258c5dcca0e63a70453971c78670f32f13ba3b9938d83860a1744166b1ad1c6541fae04e9eee76c09553e7afbb57c271a8b2efc13681625994b6057e","ssdeep":"6144:qBRpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBA:kLmLRYly/LwY","tlshash":"d69409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","first_seen":"2025-09-28T17:35:29.182553Z","last_seen":"2025-09-28T21:12:38.231981Z","times_seen":2,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":65,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mn.equerrywronger.click/tsk/Ti9JX1fr3Jn0b8XkTo1Ex4Pbd28RFH9O*cPt28X4FJpN8v*lTXZX85ydClbmqX6fjYmk5QYfefoF8eT67ecE0KUBxtn0CcfFqLGJfAq0iPw","fqdn":"mn.equerrywronger.click","domain":"equerrywronger.click","tld":"click"},"ip":{"addr":"23.109.170.114","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mn.equerrywronger.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 16:30:06 GMT","end":"Sat, 27 Dec 2025 16:30:05 GMT"},"fingerprint":{"sha1":"69:A0:6F:1E:4A:0C:C1:1D:CD:96:4C:A2:67:C3:C6:4A:BA:BB:B8:67","sha256":"C5:30:2D:DD:F1:2F:8C:E2:81:D4:D6:88:38:4E:A9:C0:79:9A:3D:AE:5C:DC:2A:93:DD:6F:69:43:20:66:AD:02"}}},"request":{"raw":"GET /tsk/Ti9JX1fr3Jn0b8XkTo1Ex4Pbd28RFH9O*cPt28X4FJpN8v*lTXZX85ydClbmqX6fjYmk5QYfefoF8eT67ecE0KUBxtn0CcfFqLGJfAq0iPw HTTP/1.1\r\nHost: mn.equerrywronger.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://swiperessort.rest/g/a8/7c/a87ca749079896b2b42e7a35c6888749217c3d26.jpeg\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\nreferrer-policy: no-referrer\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":128594,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T16:09:50.836081Z","times_seen":14695563,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":53,"dns":5,"connect":20,"send":0,"wait":26,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"mn.equerrywronger.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imasdk.googleapis.com/js/sdkloader/ima3.js","fqdn":"imasdk.googleapis.com","domain":"imasdk.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /js/sdkloader/ima3.js HTTP/1.1\r\nHost: imasdk.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\nexpires: Sun, 28 Sep 2025 21:12:09 GMT\r\ncache-control: private, max-age=900, stale-while-revalidate=3600\r\ncontent-type: text/javascript; charset=UTF-8\r\netag: 2640869790290655687\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\nserver: cafe\r\ncontent-length: 147304\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":466633,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2833)","md5":"d828da1a5e52ccd137d1536dfc2866a6","sha1":"3982d7db41ec59014544608e075f4edcff3b6593","sha256":"7d41f29cc3b08091129996fa65a323b4acec268219c41a5fe324719244dde07e","sha512":"3b2a4cb2fdb31858d03b95f686f0e324aba80100500b2ce07b6c3f04cde51fc36dde055b35a8506aeda770f9ecd65ecf1d2751b662e7f6872f8c972055cea57d","ssdeep":"6144:Zn6+nrFiMALh9ap3bKgXmTkdys2mu9dGh5dTQHLmzPsH:hrv5dysbu+hsLmzPsH","tlshash":"4ba4f9cdb6a674669363f4f5403f010bb23bb8a6f408886cb649d9e16e749094277f7c","first_seen":"2025-09-28T21:12:38.233911Z","last_seen":"2025-09-28T21:12:38.233911Z","times_seen":1,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":77,"dns":0,"connect":16,"send":0,"wait":52,"receive":56,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-E2BG6CPV2J","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-E2BG6CPV2J HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\nexpires: Sun, 28 Sep 2025 21:12:08 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 139844\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":419446,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"713b9c62374d56e81fe2108edde279ef","sha1":"09db731485428401421e8e24eeee5fc4958a413f","sha256":"a78d725074eb597eff8f38c9aac23fb61a0baa5bf9a543f0bfbee5ffe5c00afc","sha512":"c422d1440d804bf5e7c3975d93ef6fb65a126176cc3f0e8485025dcf2eacc13f89d794d34559bc01d61c484b207d4f4540e7334d40e5df8ea7a81474dd9671b4","ssdeep":"6144:qBApmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:kOmLRYly/Lwr","tlshash":"db9409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","first_seen":"2025-09-28T00:21:20.803763Z","last_seen":"2025-09-28T21:12:38.234974Z","times_seen":10,"resource_available":true,"data":null}},"time_used":428,"timings":{"blocked":164,"dns":0,"connect":16,"send":0,"wait":38,"receive":58,"ssl":150},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bvtpk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 16:15:33 GMT","end":"Mon, 08 Dec 2025 17:13:51 GMT"},"fingerprint":{"sha1":"57:53:1B:12:8D:B5:A7:B6:96:E2:B4:FE:90:A1:D8:FA:24:94:9A:B9","sha256":"4E:2A:10:4F:06:F6:4E:34:B3:5A:E6:9B:A2:C7:FC:B2:A4:7D:55:44:3D:06:2B:38:35:A7:52:1D:F2:4E:80:5E"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: bvtpk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-trace-id: 13ce1309cf474880ff9a98bc320ffc08\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 785\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 28 Sep 2025 20:59:03 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ozYuRkgQRg00JnqHRkcr0N%2B4knkiH%2B%2Fy5Heferld%2FZiXyojLYgxDu%2Bi3uSyS7iB6UragPoSUQnWUxf7key7bwRp5hSEERCwSAw%3D%3D\"}]}\r\ncf-ray: 98663cc08850b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":109903,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"df59b89d2b10e781595a9bbb06b5fb1a","sha1":"7cba199aa8cc8b54628df40893b70ae37406097f","sha256":"1470685003608bc3294b12dab4323c2a1168b0dd52fbb1ac58db5e3a96beaca4","sha512":"61acf5be86e8a01ec47c278227bbfad14bf286481ba4823387fc7162b2904c07518b009e4907c20d44327f64ba2bbc8384826842e54e6955d15ee692232ad3a2","ssdeep":"1536:KORV5n7I9pN5MSlR8L6Ru5HjQdXog6wTEDtr0r0:KORVd4nWqvXoRGEhr0r0","tlshash":"25b30a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","first_seen":"2025-09-25T11:02:30.329168Z","last_seen":"2026-01-02T20:38:25.96051Z","times_seen":81,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":43,"dns":0,"connect":2,"send":0,"wait":5,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"topworkredbay.shop/cuid/?f=https%3A%2F%2Fyuguaab.com","fqdn":"topworkredbay.shop","domain":"topworkredbay.shop","tld":"shop"},"ip":{"addr":"212.117.186.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"topworkredbay.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 22 Sep 2025 12:26:21 GMT","end":"Sun, 21 Dec 2025 12:26:20 GMT"},"fingerprint":{"sha1":"6B:D4:04:13:E7:7D:8F:FD:EB:02:5F:41:59:43:34:95:78:74:B9:4F","sha256":"E1:52:BD:26:BF:31:2E:01:93:48:BB:AA:A3:D7:99:68:3C:2A:80:BA:47:90:1B:0A:5F:C5:3A:92:10:13:F2:3F"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Fyuguaab.com HTTP/1.1\r\nHost: topworkredbay.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://yuguaab.com/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: application/json\r\ncontent-length: 32\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: a97fa794a0f9=6757eab79e24ba2ecfdef5; expires=Sat, 01 Feb 2053 13:39:16 GMT; domain=topworkredbay.shop; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4e04b9d1104afc8224688905a431ef62","sha1":"f2d40b8dd04181d1151fd405abd72f9ae3fe9eb6","sha256":"3e1dced93b5c0401386d531ce6213f9de8361c05242a5f60d043f2aad3fc5f07","sha512":"a421bf0ba92ad4fe8ae0c522bf2f00a73f0b469513826c4048147a54b5c8d095a4c8675d45d39aab5468774b074b279939db35cb371f0612909e9fbb25a8d0a7","ssdeep":"","tlshash":"4d80003aa2eca0aa0ac0000b0c22022b032222a0c020228822280380800cc203ae8cb2","first_seen":"2025-09-28T21:12:38.236033Z","last_seen":"2025-09-28T21:12:38.236033Z","times_seen":1,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":4,"connect":20,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"topworkredbay.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"topworkredbay.shop","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ol.meaulcockups.com/tsf/62124?md=eyJ6IjoyNDgwLCJhIjo4MjcwLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly95dWd1YWFiLmNvbS9mL21mZ2MyMnhudGZ0ciIsImgiOjE4MDIsImwiOiJlbi1VUyIsInQiOjAsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibzBwYmRlcjFzOXZnazRqIiwibyI6dHJ1ZSwibSI6MTc1OTA5MzkyOTEzMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyMjI4NzAzLS0wYjhjY2JhYS04MjE1LTRlMzQtYmZjZi0wMmRlMzBmMjBhMGItLW1scXclMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIyZG93bmxvYWQlM0ExJTIyJTJDJTIyc3RyZWFtaGclM0ExJTIyJTJDJTIyY29weXJpZ2h0JTNBMSUyMiUyQyUyMjIwMjQlM0ExJTIyJTJDJTIyYWxsJTNBMSUyMiUyQyUyMnJpZ2h0cyUzQTElMjIlMkMlMjJyZXNlcnZlZCUzQTElMjIlNUQlN0QiLCJ0cyI6MCwicHIiOjEsImhjIjozMiwiYmwiOi0xLCJiYyI6MywidnYiOiJNZXNhIiwidnIiOiJsbHZtcGlwZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjEyMCwiY2UiOnRydWUsImNkIjoyNCwib3IiOiJsYW5kc2NhcGUtcHJpbWFyeSIsImZzIjpudWxsLCJmc28iOm51bGwsImltIjp0cnVlfQ","fqdn":"ol.meaulcockups.com","domain":"meaulcockups.com","tld":"com"},"ip":{"addr":"23.109.170.71","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ol.meaulcockups.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 09:08:50 GMT","end":"Wed, 24 Dec 2025 09:08:49 GMT"},"fingerprint":{"sha1":"4F:1D:B5:29:32:54:88:FE:F4:1B:ED:05:80:96:64:47:1C:23:53:A3","sha256":"C2:25:DD:C3:3A:33:85:30:F7:71:8E:E8:3A:3E:09:3F:5C:9D:56:8C:4E:F0:0A:85:94:25:9C:71:D4:B8:35:CE"}}},"request":{"raw":"POST /tsf/62124?md=eyJ6IjoyNDgwLCJhIjo4MjcwLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly95dWd1YWFiLmNvbS9mL21mZ2MyMnhudGZ0ciIsImgiOjE4MDIsImwiOiJlbi1VUyIsInQiOjAsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibzBwYmRlcjFzOXZnazRqIiwibyI6dHJ1ZSwibSI6MTc1OTA5MzkyOTEzMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyMjI4NzAzLS0wYjhjY2JhYS04MjE1LTRlMzQtYmZjZi0wMmRlMzBmMjBhMGItLW1scXclMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIyZG93bmxvYWQlM0ExJTIyJTJDJTIyc3RyZWFtaGclM0ExJTIyJTJDJTIyY29weXJpZ2h0JTNBMSUyMiUyQyUyMjIwMjQlM0ExJTIyJTJDJTIyYWxsJTNBMSUyMiUyQyUyMnJpZ2h0cyUzQTElMjIlMkMlMjJyZXNlcnZlZCUzQTElMjIlNUQlN0QiLCJ0cyI6MCwicHIiOjEsImhjIjozMiwiYmwiOi0xLCJiYyI6MywidnYiOiJNZXNhIiwidnIiOiJsbHZtcGlwZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjEyMCwiY2UiOnRydWUsImNkIjoyNCwib3IiOiJsYW5kc2NhcGUtcHJpbWFyeSIsImZzIjpudWxsLCJmc28iOm51bGwsImltIjp0cnVlfQ HTTP/1.1\r\nHost: ol.meaulcockups.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://yuguaab.com/\r\nContent-Type: application/json\r\nContent-Length: 11\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; GL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_CA_62124=eJxjYGBgEmHkYhDatUiESZAxmY1RkLGEK%2BPmkpUAKucFQA%3D%3D; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_CA_62124=eJxjYGBgEmHiYhDatUiESZAxmY1RkLGEK%2BPmkpUgsQUiTHwMbIx8jGARAKeyCYk%3D; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1868,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JSON text data","md5":"7ac17a79d2ae9a88b937924364c81daa","sha1":"001ef93193166068758ce31ef95d309eb218c5ee","sha256":"dae0f765b9c846f2ffe4fb44b8166977227a168ee05d38d810070c6b46fd0613","sha512":"75eed49c026e3a2b5604d514468300df3c6e2a8c7b665143ec767220bbe11db529b7ddfa33ec0140fcc7f9865f5120ccfc9c829797ff29b243b567134864dcb2","ssdeep":"","tlshash":"ac31d952c797be4786cd229a38764ec8c5d3564ba1c447f5e686de8c00fcac55b58780","first_seen":"2025-09-28T21:12:38.238843Z","last_seen":"2025-09-28T21:12:38.238843Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ol.meaulcockups.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"larvatepharaoh.cyou/tsk/Ti9JX1fr3Jn0b8XkTo1Ex9VLc3eOtN22QNKYtZh7r*EL8RqdBHuLPxYVWB2xMQcLrLMBjnzLoqM6dVyOgNjR_sni5CbXA_9wwwms*MFpc_A","fqdn":"larvatepharaoh.cyou","domain":"larvatepharaoh.cyou","tld":"cyou"},"ip":{"addr":"23.109.170.151","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"larvatepharaoh.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 16:26:47 GMT","end":"Sat, 27 Dec 2025 16:26:46 GMT"},"fingerprint":{"sha1":"AF:DA:04:75:0E:31:E2:25:09:EB:E5:73:20:FA:C2:F8:14:F8:19:B3","sha256":"B7:31:A5:91:86:72:BC:BB:7E:5F:2D:05:B9:1D:50:F5:BA:1A:99:59:C2:03:C1:E6:04:99:D4:13:EE:79:C7:AD"}}},"request":{"raw":"GET /tsk/Ti9JX1fr3Jn0b8XkTo1Ex9VLc3eOtN22QNKYtZh7r*EL8RqdBHuLPxYVWB2xMQcLrLMBjnzLoqM6dVyOgNjR_sni5CbXA_9wwwms*MFpc_A HTTP/1.1\r\nHost: larvatepharaoh.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://swiperessort.rest/g/0e/ee/0eee5af461bb607a76e9a0871ab97f7ad329d213.jpeg\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\nreferrer-policy: no-referrer\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3338,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T16:09:50.836081Z","times_seen":14695563,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":48,"dns":4,"connect":20,"send":0,"wait":22,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"larvatepharaoh.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/HG1/js/jquery-3.2.1.min.js","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /HG1/js/jquery-3.2.1.min.js HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/f/mfgc22xntftr\r\nCookie: lang=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 03 Jun 2023 09:33:43 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8A1kVJBh%2Bc18lovNvpG3EPqY7y3cw9G%2Bsm8NF7PVigyjpYti5RIGOxBUEeT2WWXOLygTFp7q57Xci8wY9WmcXtaRAMpxKYo%2FrQ%3D%3D\"}]}\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 6782\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"15283-5fd365d994940\"\r\ncontent-encoding: br\r\ncf-ray: 98663cbeba1456cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86659,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32058)","md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-05-05T16:13:59.017371Z","times_seen":84301,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ol.meaulcockups.com/tBBGL9zd7m93sOmz/62124","fqdn":"ol.meaulcockups.com","domain":"meaulcockups.com","tld":"com"},"ip":{"addr":"23.109.170.71","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ol.meaulcockups.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 09:08:50 GMT","end":"Wed, 24 Dec 2025 09:08:49 GMT"},"fingerprint":{"sha1":"4F:1D:B5:29:32:54:88:FE:F4:1B:ED:05:80:96:64:47:1C:23:53:A3","sha256":"C2:25:DD:C3:3A:33:85:30:F7:71:8E:E8:3A:3E:09:3F:5C:9D:56:8C:4E:F0:0A:85:94:25:9C:71:D4:B8:35:CE"}}},"request":{"raw":"GET /tBBGL9zd7m93sOmz/62124 HTTP/1.1\r\nHost: ol.meaulcockups.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Mon, 29-Sep-2025 21:12:08 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Mon, 29-Sep-2025 21:12:08 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90952,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"ad4973a306c7f2d7db87ce595fbd7703","sha1":"aac54f3cbc1bddf5b5500199a7952bdcc90c59a9","sha256":"87b2aa0fc804dd4831b04d06dd245012d1bafe798898c039e1674152aadbd019","sha512":"1be641b231d9d5aa73926aa57fef71a1889791809f286e589378d1438aeccdee4ad2a782b7690566150448cbd69a8111db056a3b3a26413b2b70dfd0111000a4","ssdeep":"1536:90ZypD4MdNdzZVK+E0wlJQJ1jvokvSXBDYpK2:9Y+DwnOjFSs","tlshash":"cd934b42b651b03a07b244e5a17f4245f2372624784ed490f26decb12e7a58fa1b7fec","first_seen":"2025-09-28T21:12:38.243782Z","last_seen":"2025-09-28T21:12:38.243782Z","times_seen":1,"resource_available":true,"data":null}},"time_used":352,"timings":{"blocked":154,"dns":115,"connect":20,"send":0,"wait":39,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ol.meaulcockups.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/HG1/fonts/Toroka-Medium.woff","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /HG1/fonts/Toroka-Medium.woff HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/HG1/css/style.css\r\nCookie: lang=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: font/woff\r\ncontent-length: 54132\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 03 Jun 2023 09:33:42 GMT\r\netag: \"d374-5fd365d856b51\"\r\naccept-ranges: bytes\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 5660\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JYpqEALoUpyWZAfrwvy2%2FgAcnRZTkZsVdsfMLWZCtSqIG5JJnew7%2FLmf%2FiDYGlqfaM9JNt%2BmSM77xDFdI1rCLiAJyv%2FUlBc6tg%3D%3D\"}]}\r\ncf-ray: 98663cbefa7256cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54132,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, CFF, length 54132, version 1.0","md5":"3b0fb50671cb93ea5bb9d2dfc2a2ad25","sha1":"74207bd92588f1af384731dcbab84f9b0a0b3504","sha256":"4ec30b02c21af727daffb6ed85cd0dda85a29f515116b801d69e4e60e2afb6d5","sha512":"3f9bb7764772f51377949e52ac20b6fe0d09c93bc35c02156867445b21802ea7b70ef0ab33051a197815db377ac9d95856d4e629be387ac798f3a438b4601ce1","ssdeep":"1536:inffdZRMGqRrO0QJPIJNjjWPTJCUAeZTJ:4XdEtHQxIJ8PlCuZTJ","tlshash":"413302853d351d2ddaa9ea3fb4cac29c2cf31424610d73749bf5a393c556f2806a23c2","first_seen":"2024-12-14T00:38:50.475951Z","last_seen":"2026-05-03T14:51:20.458038Z","times_seen":126,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amt3.com/5/9636562/?oo=1\u0026js_build=iclick-v1.1578.0\u0026userId=080252480d7d491ae4798303c9a76635\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0","fqdn":"amt3.com","domain":"amt3.com","tld":"com"},"ip":{"addr":"139.45.195.9","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"amt3.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Jul 2025 05:21:33 GMT","end":"Thu, 09 Oct 2025 05:21:32 GMT"},"fingerprint":{"sha1":"4F:52:B5:E1:62:6B:8E:6A:12:14:9C:87:72:1B:0C:49:B6:1B:B3:DD","sha256":"60:A1:B7:F3:D5:3A:87:F3:6A:F6:90:C5:70:D6:FD:50:C1:44:A8:9F:C9:62:EA:57:E1:E2:29:B4:19:91:E9:F5"}}},"request":{"raw":"POST /5/9636562/?oo=1\u0026js_build=iclick-v1.1578.0\u0026userId=080252480d7d491ae4798303c9a76635\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0 HTTP/1.1\r\nHost: amt3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2594\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T16:09:50.836081Z","times_seen":14695563,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":86,"dns":3,"connect":27,"send":0,"wait":31,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"amt3.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gd.orlcloop.com/sbf/40913?md=eyJ0dmMiOjAsInoiOjc2OTUsImEiOjMzODYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL3l1Z3VhYWIuY29tL2YvbWZnYzIyeG50ZnRyIiwiaCI6NzQ1LCJsIjoiZW4tVVMiLCJ0IjowLCJrIjowLCJ1IjoiNjc1N2VhYjc5ZTI0YmEyZWNmZGVmNSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiI5ZzhvZDU0MmFmbXR5eDYiLCJvIjp0cnVlLCJtIjoxNzU5MDkzOTI5NTIxLCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIyMjg3MDMtLTBiOGNjYmFhLTgyMTUtNGUzNC1iZmNmLTAyZGUzMGYyMGEwYi0tbWxxdyUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJkb3dubG9hZCUzQTElMjIlMkMlMjJzdHJlYW1oZyUzQTElMjIlMkMlMjJjb3B5cmlnaHQlM0ExJTIyJTJDJTIyMjAyNCUzQTElMjIlMkMlMjJhbGwlM0ExJTIyJTJDJTIycmlnaHRzJTNBMSUyMiUyQyUyMnJlc2VydmVkJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026cr=38790\u0026crp=9","fqdn":"gd.orlcloop.com","domain":"orlcloop.com","tld":"com"},"ip":{"addr":"23.109.170.34","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gd.orlcloop.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 06:32:35 GMT","end":"Sun, 30 Nov 2025 06:32:34 GMT"},"fingerprint":{"sha1":"B0:EF:E5:71:06:04:4F:24:07:7A:AA:D6:12:C8:CE:B4:04:66:24:03","sha256":"0B:C0:F3:27:C5:DF:B1:F0:8B:B7:27:5B:1F:72:37:A1:F4:B0:51:26:9B:02:57:70:54:F2:4E:69:3B:EF:C2:67"}}},"request":{"raw":"OPTIONS /sbf/40913?md=eyJ0dmMiOjAsInoiOjc2OTUsImEiOjMzODYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL3l1Z3VhYWIuY29tL2YvbWZnYzIyeG50ZnRyIiwiaCI6NzQ1LCJsIjoiZW4tVVMiLCJ0IjowLCJrIjowLCJ1IjoiNjc1N2VhYjc5ZTI0YmEyZWNmZGVmNSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiI5ZzhvZDU0MmFmbXR5eDYiLCJvIjp0cnVlLCJtIjoxNzU5MDkzOTI5NTIxLCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIyMjg3MDMtLTBiOGNjYmFhLTgyMTUtNGUzNC1iZmNmLTAyZGUzMGYyMGEwYi0tbWxxdyUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJkb3dubG9hZCUzQTElMjIlMkMlMjJzdHJlYW1oZyUzQTElMjIlMkMlMjJjb3B5cmlnaHQlM0ExJTIyJTJDJTIyMjAyNCUzQTElMjIlMkMlMjJhbGwlM0ExJTIyJTJDJTIycmlnaHRzJTNBMSUyMiUyQyUyMnJlc2VydmVkJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026cr=38790\u0026crp=9 HTTP/1.1\r\nHost: gd.orlcloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://yuguaab.com/\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d7a61a5ae2424f444691dfa38e694ae","sha1":"dfb2f770cb7740844d94d2a2517af244b34c56ae","sha256":"e3c083d0e62029a9fc90700e7effced43eb213718ad4e7517e5b05a5a0ad9e49","sha512":"dc4531ceee0347383f28990bd01470ce323b0338a83b5b51e2640e3a9d1509346e23fe490ebfaeb4d7a86fd8ef22d2d6465990e6cb6583468d47174b97d25d03","ssdeep":"","tlshash":"8a30000000000000000000c0000000000000000000000000000300000c0c000c000000","first_seen":"2025-06-10T16:02:54.181066Z","last_seen":"2026-05-04T17:03:58.320387Z","times_seen":1579,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":45,"dns":0,"connect":22,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"swiperessort.rest/g/0e/ee/0eee5af461bb607a76e9a0871ab97f7ad329d213.jpeg","fqdn":"swiperessort.rest","domain":"swiperessort.rest","tld":"rest"},"ip":{"addr":"88.211.241.24","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"swiperessort.rest","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 16:04:48 GMT","end":"Sat, 27 Dec 2025 16:04:47 GMT"},"fingerprint":{"sha1":"7B:78:DD:EE:E7:17:D0:3B:84:34:59:E7:7F:07:82:47:67:D7:5F:89","sha256":"33:7E:E0:13:71:4D:8C:E3:D2:00:2E:C0:E2:28:43:D6:20:D0:8F:86:D6:DD:C4:4D:A4:E4:DC:54:55:BC:DE:2C"}}},"request":{"raw":"GET /g/0e/ee/0eee5af461bb607a76e9a0871ab97f7ad329d213.jpeg HTTP/1.1\r\nHost: swiperessort.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 21:12:09 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 3338\r\nLast-Modified: Wed, 02 Jun 2021 09:59:14 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"60b75672-d0a\"\r\nExpires: Wed, 08 Oct 2025 21:12:09 GMT\r\nCache-Control: max-age=864000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3338,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85\", progressive, precision 8, 200x200, components 3","md5":"eb8c9a0b7497d31a838b15f47be8a615","sha1":"952609cf4aa1958be46b70afa9f2c8e67171a4f7","sha256":"f4ae19d31171b66093a190a1fcc2aad2c5af5cca8395dbe7d7e404ebcc20c22d","sha512":"6b47b3a7d7c224014a249729bb16aa21f8d9e9f9e9de9760b73d590e0760976b49b91880251b99cafd7f0d908542698e7c027f5e00dabf7f1da63f548fa7f6a3","ssdeep":"","tlshash":"d86128873421b952d93ca7367f8f4a49bb956d8276ca4a0fced962b81f6f27848411c0","first_seen":"2025-09-28T21:12:38.250598Z","last_seen":"2025-10-02T11:23:28.033418Z","times_seen":2,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"swiperessort.rest","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/bootstrap@5.3.0-alpha3/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 24750\r\ncf-ray: 98663cbefa6856cb-OSL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.3.0-alpha3\r\nx-jsd-version-type: version\r\netag: W/\"13ac2-jNeXExg3GrPRY3nfbPslSlxkn8o\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-eddf8230059-FRA, cache-lga21961-LGA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nage: 312490\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=cuxo5h897hKF1UFC%2BbXu4btUNsPX6s77e1%2BQ%2BRaef5Mk1Q2NRlm8Zws8xHgfiFL19OxPQ38SepQBU5srmVthzj3eDisIrsudhvAJwAvxQMbVmHdgFZJwOJaZbiM9M70reJM%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80578,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65292)","md5":"78c4cd0c84838bea16844c9f9ef24b83","sha1":"8cd7971318371ab3d16379df6cfb254a5c649fca","sha256":"ea8fe021a4ace4f6786fecc418f70b658fc2dc02d136e8fe5c6ab6b62a46d5d0","sha512":"bc80244dddc0af2f6bc1fd25adbf64222a722246af2a96069f2a29057b3a4a22df352cc0bc236fbd0bcac015795e56a0e0ef286696795399f86c7a04ac64318f","ssdeep":"1536:2Iif7R2qTTR2t4iYniNw+inrJuQolwxLBAF927wXtWJTI5TrtgK:gR2c7tLBW27wXtSTI5t","tlshash":"6573b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","first_seen":"2023-04-09T07:05:04Z","last_seen":"2026-05-05T16:02:46.999242Z","times_seen":4689,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":39,"dns":3,"connect":2,"send":0,"wait":16,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ol.meaulcockups.com/tsf/62124?md=eyJ6IjoyNDgwLCJhIjo4MjcwLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly95dWd1YWFiLmNvbS9mL21mZ2MyMnhudGZ0ciIsImgiOjE4MDIsImwiOiJlbi1VUyIsInQiOjAsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibzBwYmRlcjFzOXZnazRqIiwibyI6dHJ1ZSwibSI6MTc1OTA5MzkyOTEzMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyMjI4NzAzLS0wYjhjY2JhYS04MjE1LTRlMzQtYmZjZi0wMmRlMzBmMjBhMGItLW1scXclMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIyZG93bmxvYWQlM0ExJTIyJTJDJTIyc3RyZWFtaGclM0ExJTIyJTJDJTIyY29weXJpZ2h0JTNBMSUyMiUyQyUyMjIwMjQlM0ExJTIyJTJDJTIyYWxsJTNBMSUyMiUyQyUyMnJpZ2h0cyUzQTElMjIlMkMlMjJyZXNlcnZlZCUzQTElMjIlNUQlN0QiLCJ0cyI6MCwicHIiOjEsImhjIjozMiwiYmwiOi0xLCJiYyI6MywidnYiOiJNZXNhIiwidnIiOiJsbHZtcGlwZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjEyMCwiY2UiOnRydWUsImNkIjoyNCwib3IiOiJsYW5kc2NhcGUtcHJpbWFyeSIsImZzIjpudWxsLCJmc28iOm51bGwsImltIjp0cnVlfQ","fqdn":"ol.meaulcockups.com","domain":"meaulcockups.com","tld":"com"},"ip":{"addr":"23.109.170.71","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ol.meaulcockups.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 09:08:50 GMT","end":"Wed, 24 Dec 2025 09:08:49 GMT"},"fingerprint":{"sha1":"4F:1D:B5:29:32:54:88:FE:F4:1B:ED:05:80:96:64:47:1C:23:53:A3","sha256":"C2:25:DD:C3:3A:33:85:30:F7:71:8E:E8:3A:3E:09:3F:5C:9D:56:8C:4E:F0:0A:85:94:25:9C:71:D4:B8:35:CE"}}},"request":{"raw":"OPTIONS /tsf/62124?md=eyJ6IjoyNDgwLCJhIjo4MjcwLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly95dWd1YWFiLmNvbS9mL21mZ2MyMnhudGZ0ciIsImgiOjE4MDIsImwiOiJlbi1VUyIsInQiOjAsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibzBwYmRlcjFzOXZnazRqIiwibyI6dHJ1ZSwibSI6MTc1OTA5MzkyOTEzMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyMjI4NzAzLS0wYjhjY2JhYS04MjE1LTRlMzQtYmZjZi0wMmRlMzBmMjBhMGItLW1scXclMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIyZG93bmxvYWQlM0ExJTIyJTJDJTIyc3RyZWFtaGclM0ExJTIyJTJDJTIyY29weXJpZ2h0JTNBMSUyMiUyQyUyMjIwMjQlM0ExJTIyJTJDJTIyYWxsJTNBMSUyMiUyQyUyMnJpZ2h0cyUzQTElMjIlMkMlMjJyZXNlcnZlZCUzQTElMjIlNUQlN0QiLCJ0cyI6MCwicHIiOjEsImhjIjozMiwiYmwiOi0xLCJiYyI6MywidnYiOiJNZXNhIiwidnIiOiJsbHZtcGlwZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjEyMCwiY2UiOnRydWUsImNkIjoyNCwib3IiOiJsYW5kc2NhcGUtcHJpbWFyeSIsImZzIjpudWxsLCJmc28iOm51bGwsImltIjp0cnVlfQ HTTP/1.1\r\nHost: ol.meaulcockups.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://yuguaab.com/\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d7a61a5ae2424f444691dfa38e694ae","sha1":"dfb2f770cb7740844d94d2a2517af244b34c56ae","sha256":"e3c083d0e62029a9fc90700e7effced43eb213718ad4e7517e5b05a5a0ad9e49","sha512":"dc4531ceee0347383f28990bd01470ce323b0338a83b5b51e2640e3a9d1509346e23fe490ebfaeb4d7a86fd8ef22d2d6465990e6cb6583468d47174b97d25d03","ssdeep":"","tlshash":"8a30000000000000000000c0000000000000000000000000000300000c0c000c000000","first_seen":"2025-06-10T16:02:54.181066Z","last_seen":"2026-05-04T17:03:58.320387Z","times_seen":1579,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":46,"dns":1,"connect":20,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ol.meaulcockups.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 28 Aug 2025 13:14:02 GMT","end":"Wed, 26 Nov 2025 14:13:48 GMT"},"fingerprint":{"sha1":"7A:B2:21:7F:72:E3:39:3E:95:5D:FB:ED:BB:1C:7E:88:C4:7A:B1:B3","sha256":"FB:1D:6D:AF:DA:57:8D:9A:8B:B2:CC:FF:A2:55:C8:F3:71:3D:49:77:06:FC:4D:6F:16:91:61:6F:89:1C:A3:CB"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=080252480d7d491ae4798303c9a76635; expires=Mon, 28 Sep 2026 21:12:09 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 98663cc1cd957131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"35dd2c34406a0170dd2d8960cefd2410","sha1":"4bc6013f2544aee942ee341a545ecf80647912e8","sha256":"63dcf6a1bb57a8d4c254a641f4c8bf6137ac4905b1f2ec63a160bad438e67ba7","sha512":"807859875eafb5e437a8dd5cd359a08ea1547b43911cec18e2b40c98cc13a6331af62e3ba1d058de1eb6f6cabb4526110017127ef827192723b0e694e98fc8b1","ssdeep":"","tlshash":"55a002510718498d50e22d5a1d9787a1a21135636408b30491d69322798778c45c7659","first_seen":"2025-09-28T21:12:38.254079Z","last_seen":"2025-09-28T21:12:38.254079Z","times_seen":1,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":43,"dns":0,"connect":2,"send":0,"wait":34,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mn.equerrywronger.click/tsk/Ti9JX1fr3Jn0b8XkTo1Exwp*9b_3Fb8ekk2CbfiVmQNS4Vpow2WBnwq5te*8k3wLTnaGeyqHr8Qzbibn*gL9eQJWlNg4kNLnbljVkXmEo2c","fqdn":"mn.equerrywronger.click","domain":"equerrywronger.click","tld":"click"},"ip":{"addr":"23.109.170.114","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mn.equerrywronger.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 16:30:06 GMT","end":"Sat, 27 Dec 2025 16:30:05 GMT"},"fingerprint":{"sha1":"69:A0:6F:1E:4A:0C:C1:1D:CD:96:4C:A2:67:C3:C6:4A:BA:BB:B8:67","sha256":"C5:30:2D:DD:F1:2F:8C:E2:81:D4:D6:88:38:4E:A9:C0:79:9A:3D:AE:5C:DC:2A:93:DD:6F:69:43:20:66:AD:02"}}},"request":{"raw":"GET /tsk/Ti9JX1fr3Jn0b8XkTo1Exwp*9b_3Fb8ekk2CbfiVmQNS4Vpow2WBnwq5te*8k3wLTnaGeyqHr8Qzbibn*gL9eQJWlNg4kNLnbljVkXmEo2c HTTP/1.1\r\nHost: mn.equerrywronger.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://swiperessort.rest/g/33/2c/332cb477b2c0128d2396c436377d8cd631ef8eda.jpeg\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\nreferrer-policy: no-referrer\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":167866,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T16:09:50.836081Z","times_seen":14695563,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":51,"dns":5,"connect":20,"send":0,"wait":24,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"mn.equerrywronger.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"swiperessort.rest/g/a8/7c/a87ca749079896b2b42e7a35c6888749217c3d26.jpeg","fqdn":"swiperessort.rest","domain":"swiperessort.rest","tld":"rest"},"ip":{"addr":"88.211.241.24","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"swiperessort.rest","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 16:04:48 GMT","end":"Sat, 27 Dec 2025 16:04:47 GMT"},"fingerprint":{"sha1":"7B:78:DD:EE:E7:17:D0:3B:84:34:59:E7:7F:07:82:47:67:D7:5F:89","sha256":"33:7E:E0:13:71:4D:8C:E3:D2:00:2E:C0:E2:28:43:D6:20:D0:8F:86:D6:DD:C4:4D:A4:E4:DC:54:55:BC:DE:2C"}}},"request":{"raw":"GET /g/a8/7c/a87ca749079896b2b42e7a35c6888749217c3d26.jpeg HTTP/1.1\r\nHost: swiperessort.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 21:12:09 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 128594\r\nLast-Modified: Fri, 26 Jul 2024 13:08:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"66a39fd0-1f652\"\r\nExpires: Wed, 08 Oct 2025 21:12:09 GMT\r\nCache-Control: max-age=864000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":128594,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85\", progressive, precision 8, 900x600, components 3","md5":"4755f42cecc9dac79b2dbb3d34f20e0e","sha1":"2c486d8c42f0b2fc35e3f7d4d7f5294f54846c35","sha256":"2da963b2e7e606b15440da35cb50e38f25e14e99a9d45029fa8f65d3d42ad4a8","sha512":"98953d7365c112ac37b8e8773458fdbd0d5fbafc52c83aa305609587edf643f7b6fae87f514a3cf96a1670c5288ddcebaa2d2b70bcdbd0200205f485deafb403","ssdeep":"3072:oqps1HN5+bCht8aHEAiLQVGRP1MKnN4tPtjr3ZpY9zIMDRhKT:fpkGbr/92PtXHY9LDRo","tlshash":"e7c312c47c2e94c5ea9b18ffdeae13186344db9533b1c4040f92eba9eb0465a68c5671","first_seen":"2024-08-19T13:22:43.021909Z","last_seen":"2025-11-28T00:28:01.240812Z","times_seen":46,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":134,"dns":73,"connect":20,"send":0,"wait":38,"receive":39,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"swiperessort.rest","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/f/mfgc22xntftr","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-28T21:12:07.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /f/mfgc22xntftr HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Sat, 27 Sep 2025 21:12:08 GMT\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CNpcFM9QdEw5Ky8I8sVbB%2BRpQBemcXqoyTpBwZmcvGA0M8MNMLHJNuf7EhSmJQUZcjizGTBJ63C7CZH%2BJABWvYUzAMwJ954WCw%3D%3D\"}]}\r\ncontent-encoding: br\r\nset-cookie: lang=1; HttpOnly; Path=/; Domain=yuguaab.com\r\ncf-ray: 98663cbafed456cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Bootstrap:5.3.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":9705,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1452)","md5":"b059466d5fe495bb95b61618be308373","sha1":"fb5d259d555e4d412f104d11ccd368da66bb87c4","sha256":"5f323abe5e81ed9d8557acc6a08c98464a7385a37f16a63e8ca5ec852e1a9a27","sha512":"29b607d31f9ab0579618c4ecf68b0bd0c52fd5d4d6eca51e7a33665b465a37d86fd9c6e5edcb4bcfbec69a3dd7c466fbdb9ea3c6020d2dd818cfd6a5c537da2a","ssdeep":"192:x10SUttMp0bT9od6MBF23F20PnvMMT6MBF23F20ynvMMKrwhpbYOOh4xbF7Ki+u:x10SUzMpQgq9PnvMMZq9ynvMMKrw/sOR","tlshash":"5b12627e5bac283e404352547e60b244629f9437f4bbcb943abf9b1d6f83e46e847844","first_seen":"2025-09-28T21:12:38.261753Z","last_seen":"2025-09-28T21:12:38.261753Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1088,"timings":{"blocked":269,"dns":0,"connect":1,"send":0,"wait":550,"receive":0,"ssl":267},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-2TL7NH453R","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-2TL7NH453R HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\nexpires: Sun, 28 Sep 2025 21:12:08 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 140095\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":419736,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"b775a53ccd8a5ef95749d0b1750bd6cc","sha1":"ee198a7fae2901221489ec37d519ca3599618ff8","sha256":"3e54839f3344b0617d337956d6d6e67c18a6eb925a6ad5b62467555bfddc4e38","sha512":"05e434210a7c9d5c2d602a591367dabe5824a82de64ac481016ec57cf00acd23d9e26c98c10f75aed607f31dd77ccfae2a942dd18538379d17c26aaefb547073","ssdeep":"6144:nB9pmM2/rNpvYqkD1g1/9G1SvuVcH9+23WBj:BPmLTYly/Lwr","tlshash":"1c9409ce73d674265396e078907f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","first_seen":"2025-09-28T21:12:38.26365Z","last_seen":"2025-09-28T21:12:38.26365Z","times_seen":1,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":74,"dns":0,"connect":15,"send":0,"wait":56,"receive":56,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/assets/jquery/styledl.js?type=mainstream\u0026u=306\u0026v=1.2","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /assets/jquery/styledl.js?type=mainstream\u0026u=306\u0026v=1.2 HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/f/mfgc22xntftr\r\nCookie: lang=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Sat, 27 Sep 2025 21:12:08 GMT\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sun, 28 Sep 2025 21:12:08 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kbhlXtWXciL7ggNPlnnGUW6yvf5FTXeNUNMekMKm5pughIcDI34sA20k2Ki4Noy%2FoD3FBzmxOtJrzxPyQ1Q5sWlKw336k0epyw%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 98663cbeba1656cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5929,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"9dd00153cb393bcb91633c6e99cf6900","sha1":"9daaa1711f42b6a16226d4f7493456f8899f6c1e","sha256":"1fa037f8621424588266b51c7fc53204c60edfc0ed885cd876e1f1af4337bfd7","sha512":"02a9afe36d00a09d8029148a913ec4a9f747bf4190593d18888925ba20aa431d46560fc8feb3db1ec36dc8d8ae178abd2f752bafd1e9851c889791ffdf44c88e","ssdeep":"96:/71jqYG3NWBlfgayQFWB/fbayURWByfVUayUBWBifmayQGOHOCW3gkHoF0hCaCg:/71WYGilfgayQK/fbayUuyfVUayU+if0","tlshash":"ebc19dad1ff3106da563717eaf6f91187074a02b0806ea497c4c93d49f9087d2a76eac","first_seen":"2025-09-28T21:12:38.264937Z","last_seen":"2025-09-28T21:12:38.264937Z","times_seen":1,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/HG1/fonts/Toroka-Regular.woff","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /HG1/fonts/Toroka-Regular.woff HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/HG1/css/style.css\r\nCookie: lang=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: font/woff\r\ncontent-length: 53652\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 03 Jun 2023 09:33:42 GMT\r\netag: \"d194-5fd365d864229\"\r\naccept-ranges: bytes\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 5660\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PWm49lDj4rZDJ0Wca%2BIct5PKu%2FyGVxefGmzqBrKDsIqZj6rhiFlfRfJ7%2FZbNu9WhIzQauQbTe6j7WNjaziz04atcqbaxnLaC%2FA%3D%3D\"}]}\r\ncf-ray: 98663cbefa6d56cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53652,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, CFF, length 53652, version 1.0","md5":"bab07f48345f390d8ea28d00f4771e34","sha1":"4998d8ee76133c9246290ef2f7e19eedeaa669d3","sha256":"6176d18bda6fff5825e2af23ddcbcaf342b226d8c4a686f9af5d8b5a801397b4","sha512":"1eef2218d639fbf30b54f8ffe3d9b719008d4b184c07a030fdcc6402d3c92e7786947b39a5a93651ed71f6b24d09e0b77e75661d6e4a88a79837f96c8b5b5edd","ssdeep":"768:/Gwz6JKNlC4CXvUQekXzBfRDGqoTNIdj8q0VT256iS6+LHBMQGXPFco8TVvNKeA:/Vz641KvUQZXNfRDGqsWCq0VM63G/sHs","tlshash":"39330283e79883b74710d93a74899d7ffde2b2c7401d3aed0fe69f9a600244928495b6","first_seen":"2024-12-14T00:38:50.474063Z","last_seen":"2026-05-03T14:51:20.461694Z","times_seen":136,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"swiperessort.rest/g/33/2c/332cb477b2c0128d2396c436377d8cd631ef8eda.jpeg","fqdn":"swiperessort.rest","domain":"swiperessort.rest","tld":"rest"},"ip":{"addr":"88.211.241.24","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"swiperessort.rest","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 16:04:48 GMT","end":"Sat, 27 Dec 2025 16:04:47 GMT"},"fingerprint":{"sha1":"7B:78:DD:EE:E7:17:D0:3B:84:34:59:E7:7F:07:82:47:67:D7:5F:89","sha256":"33:7E:E0:13:71:4D:8C:E3:D2:00:2E:C0:E2:28:43:D6:20:D0:8F:86:D6:DD:C4:4D:A4:E4:DC:54:55:BC:DE:2C"}}},"request":{"raw":"GET /g/33/2c/332cb477b2c0128d2396c436377d8cd631ef8eda.jpeg HTTP/1.1\r\nHost: swiperessort.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 21:12:09 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 167866\r\nLast-Modified: Fri, 26 Jul 2024 13:11:14 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"66a3a072-28fba\"\r\nExpires: Wed, 08 Oct 2025 21:12:09 GMT\r\nCache-Control: max-age=864000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":167866,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85\", progressive, precision 8, 900x600, components 3","md5":"b2d534fbd43e4a00179b53c774d7f076","sha1":"3eee3bf5536228fbde0198a368aa501868454d9b","sha256":"7ad6ba8d8a6cf114a9b423418072f1c23b2aad56f192797208d8ead349f49577","sha512":"b1004e535f1c8a8d5bec782e63ff45f30bae6008c3842ecbde5ba8dfb9578d764a8d960f975617061200c943aee113b1a16ffc72daaac388e2f287c6babfa8a8","ssdeep":"3072:jBtr8XqLS+3ULwtZoF04CNcT6J+FxF4kdBVmQhY+BTwDRvK6mh+L3SjUqWE:jBFtS+6w43P6uxdBwiDBTwNvHLijDWE","tlshash":"89f3236b481a3569789b93179c370a2e6cf0006b6b75b3cf27802e687737142c9bc6c6","first_seen":"2025-02-05T12:28:32.167103Z","last_seen":"2025-12-01T00:23:49.476347Z","times_seen":44,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":139,"dns":80,"connect":19,"send":0,"wait":38,"receive":42,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"swiperessort.rest","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"topworkredbay.shop/cuid/?f=https%3A%2F%2Fyuguaab.com","fqdn":"topworkredbay.shop","domain":"topworkredbay.shop","tld":"shop"},"ip":{"addr":"212.117.186.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"topworkredbay.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 22 Sep 2025 12:26:21 GMT","end":"Sun, 21 Dec 2025 12:26:20 GMT"},"fingerprint":{"sha1":"6B:D4:04:13:E7:7D:8F:FD:EB:02:5F:41:59:43:34:95:78:74:B9:4F","sha256":"E1:52:BD:26:BF:31:2E:01:93:48:BB:AA:A3:D7:99:68:3C:2A:80:BA:47:90:1B:0A:5F:C5:3A:92:10:13:F2:3F"}}},"request":{"raw":"OPTIONS /cuid/?f=https%3A%2F%2Fyuguaab.com HTTP/1.1\r\nHost: topworkredbay.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://yuguaab.com/\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-length: 0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T16:09:50.836081Z","times_seen":14695563,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":49,"dns":4,"connect":20,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"topworkredbay.shop","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"topworkredbay.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/favicon.ico","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/f/mfgc22xntftr\r\nCookie: lang=1; _ga_2TL7NH453R=GS2.1.s1759093929$o1$g0$t1759093929$j60$l0$h0; _ga=GA1.1.1700658877.1759093929; _ga_E2BG6CPV2J=GS2.1.s1759093929$o1$g0$t1759093929$j60$l0$h0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Fri, 06 Dec 2024 03:40:36 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lPbU7AdYtE9Q9ZP%2FOJtXhHmdxqPH6uphZs7U8b8CoR2SExtPDSc9pWzrIk5fz5s6UYyoPXQaeDNP%2BaAQ2Fb%2FrIQaNbDWfici7g%3D%3D\"}]}\r\nexpires: Tue, 30 Sep 2025 17:46:21 GMT\r\ncache-control: max-age=604800\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 444348\r\ncf-cache-status: HIT\r\netag: W/\"67527234-3c2e\"\r\ncf-ray: 98663cc25d9d56c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"b2c5203adab5e7b787bdb86d1c00f44f","sha1":"e12ac26f0ad579e2e32d36b00fb58867cd11a46c","sha256":"6ce20250cd83244a68b895f2aeeba18ff240c0988cd8adba70d8afa4be0b5ff5","sha512":"8784c9956ceda82d804c08d0bad22a5e23dd64b1abf767f0b1d4c324b2123f2c49a10c994f05c7ab4c0b121256b43e8cb67837c7627bf0854efa98747e54d5e2","ssdeep":"192:r0muBBo8m8ztSQdGJkh84D+N7UAPbEbs:4muDogztSHm84D+N7XJ","tlshash":"1c62f8ab7d72850ec4a9c3712cb52cee3de4fc0f9148179781d4363b6a1b9b406aa4d7","first_seen":"2024-12-18T23:10:44.072182Z","last_seen":"2026-05-03T14:51:20.458579Z","times_seen":268,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gd.orlcloop.com/sbf/40913?md=eyJ0dmMiOjAsInoiOjc2OTUsImEiOjMzODYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL3l1Z3VhYWIuY29tL2YvbWZnYzIyeG50ZnRyIiwiaCI6NzQ1LCJsIjoiZW4tVVMiLCJ0IjowLCJrIjowLCJ1IjoiNjc1N2VhYjc5ZTI0YmEyZWNmZGVmNSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiI5ZzhvZDU0MmFmbXR5eDYiLCJvIjp0cnVlLCJtIjoxNzU5MDkzOTI5NTIxLCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIyMjg3MDMtLTBiOGNjYmFhLTgyMTUtNGUzNC1iZmNmLTAyZGUzMGYyMGEwYi0tbWxxdyUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJkb3dubG9hZCUzQTElMjIlMkMlMjJzdHJlYW1oZyUzQTElMjIlMkMlMjJjb3B5cmlnaHQlM0ExJTIyJTJDJTIyMjAyNCUzQTElMjIlMkMlMjJhbGwlM0ExJTIyJTJDJTIycmlnaHRzJTNBMSUyMiUyQyUyMnJlc2VydmVkJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026cr=38790\u0026crp=9","fqdn":"gd.orlcloop.com","domain":"orlcloop.com","tld":"com"},"ip":{"addr":"23.109.170.34","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gd.orlcloop.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 06:32:35 GMT","end":"Sun, 30 Nov 2025 06:32:34 GMT"},"fingerprint":{"sha1":"B0:EF:E5:71:06:04:4F:24:07:7A:AA:D6:12:C8:CE:B4:04:66:24:03","sha256":"0B:C0:F3:27:C5:DF:B1:F0:8B:B7:27:5B:1F:72:37:A1:F4:B0:51:26:9B:02:57:70:54:F2:4E:69:3B:EF:C2:67"}}},"request":{"raw":"POST /sbf/40913?md=eyJ0dmMiOjAsInoiOjc2OTUsImEiOjMzODYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL3l1Z3VhYWIuY29tL2YvbWZnYzIyeG50ZnRyIiwiaCI6NzQ1LCJsIjoiZW4tVVMiLCJ0IjowLCJrIjowLCJ1IjoiNjc1N2VhYjc5ZTI0YmEyZWNmZGVmNSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiI5ZzhvZDU0MmFmbXR5eDYiLCJvIjp0cnVlLCJtIjoxNzU5MDkzOTI5NTIxLCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIyMjg3MDMtLTBiOGNjYmFhLTgyMTUtNGUzNC1iZmNmLTAyZGUzMGYyMGEwYi0tbWxxdyUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJkb3dubG9hZCUzQTElMjIlMkMlMjJzdHJlYW1oZyUzQTElMjIlMkMlMjJjb3B5cmlnaHQlM0ExJTIyJTJDJTIyMjAyNCUzQTElMjIlMkMlMjJhbGwlM0ExJTIyJTJDJTIycmlnaHRzJTNBMSUyMiUyQyUyMnJlc2VydmVkJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026cr=38790\u0026crp=9 HTTP/1.1\r\nHost: gd.orlcloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://yuguaab.com/\r\nContent-Type: application/json\r\nContent-Length: 19\r\nOrigin: https://yuguaab.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; GL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":565,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JSON text data","md5":"551ed32ad2e75c3eff1571b7490c2741","sha1":"573aa816512bdd85f83734b564746572b93ef761","sha256":"b846a9db1ffa3c46003e6de775edfca6725ac0291fd84819c48b8c7495e4a979","sha512":"610cf202615c648f69ef6763061baeab5161d79790eab1f721e18ea058055b0f8650c8d57b5370899b1819ed8ae91ddcb1854e9545ccb53f9bac640a29539bef","ssdeep":"","tlshash":"7ff0aca3f76b2e3aabac64e8449966a4e1a711054803f4e2c084ec6004ec4c34e2a5f1","first_seen":"2025-09-28T21:12:38.27023Z","last_seen":"2025-09-28T21:12:38.27023Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/HG1/css/style.css","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /HG1/css/style.css HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/f/mfgc22xntftr\r\nCookie: lang=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 09 Jun 2023 22:43:37 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CR93Gq1F9w7lefPqkrAKR2k1v8dDSu9%2BwSeVBGr0ZXRTA7GRoK17lHuxBGwgSFrJhsKahDKzVM%2BxVG1raO1T7Uwvn9ZY5q8Drg%3D%3D\"}]}\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 6782\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"4b05c-5fdba1984cd4a\"\r\ncontent-encoding: br\r\ncf-ray: 98663cbeaa1356cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":307292,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF, LF line terminators","md5":"d1461d62815948cd0bd5e8c10a92f619","sha1":"6bb029f373652784c5231c462233aaa7c95aecca","sha256":"ba94d1e713cc58c3523c9fc373b079479e7a7c675d69864928a8c1ca5513666d","sha512":"3f217c933b2e2d0b85c6f867726fae281975a04ca8cf8febe9984f4807012043b50479fca7b58e9a8f6808c3521e49f44fb106137df4179e37179b77ae3e0678","ssdeep":"1536:b06vofpL1+RI6l6WigViauN3IjNbPZMoa5SJJ2MNjR2bUA0F2c+szW:bK1+RI6l6NxauN3IjNbPZ1WSJJ/a","tlshash":"a464312afde11518342b495866cabff97f7c80878609ddb678df2224cf467d148d2ac8","first_seen":"2024-12-14T00:38:50.495113Z","last_seen":"2026-05-03T14:51:20.459175Z","times_seen":136,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yuguaab.com/HG1/images/logo.svg","fqdn":"yuguaab.com","domain":"yuguaab.com","tld":"com"},"ip":{"addr":"172.67.174.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:08.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yuguaab.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 22:16:18 GMT","end":"Sat, 13 Dec 2025 23:03:16 GMT"},"fingerprint":{"sha1":"4F:2B:F6:8C:B8:55:A0:AF:45:25:F9:75:81:AB:88:F1:AA:D1:E0:5C","sha256":"06:5D:3A:08:94:CB:72:97:36:3F:C7:41:20:46:10:47:57:C7:29:6A:96:6C:9C:2E:71:02:C8:7F:38:24:00:D8"}}},"request":{"raw":"GET /HG1/images/logo.svg HTTP/1.1\r\nHost: yuguaab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/f/mfgc22xntftr\r\nCookie: lang=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 21:12:08 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 03 Jun 2023 09:33:42 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hJKq2vzTVMJIr0Yh5HNFTFN0oueCyT8MNhoeKgC3kjblZa3O9AptsiVMaVxNkcWg7cRGMlkISan9x3hEhREZTH%2F1fj74kEokVw%3D%3D\"}]}\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 6782\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"360d-5fd365d8a12b9\"\r\ncontent-encoding: br\r\ncf-ray: 98663cbeba1556cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13837,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5dd2e5f8cfd76e5d763cb4c3768fc713","sha1":"72b460b966cb2bee28672197aaea6e62a2186671","sha256":"6c0d5b9417d7ab991e9d848f8b6dac094062f6a0e34fd14daf352da9a50793cf","sha512":"6e81c13131a805f91ba48b9eb941683d534c12b0bafed37864c5a8a45151747cd66a2892e77f58f26b69401a80e9c263ff707e595d2a5c2cd1f3ad9b29cc41b7","ssdeep":"384:198T98FlulXjXhWJmxHY0AcYp7963kBGV:D8Z8/ZJmxHY0AcYp8kg","tlshash":"6b5298c61770a7dda9cdc9aeef31d5a4a14a90fe75b7d5c18a9e8f08184fc84f608c50","first_seen":"2024-12-14T09:22:28.587422Z","last_seen":"2026-05-03T14:51:20.447924Z","times_seen":161,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gd.orlcloop.com/gwF3keOX1dkEyzFR3/40913","fqdn":"gd.orlcloop.com","domain":"orlcloop.com","tld":"com"},"ip":{"addr":"23.109.170.34","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gd.orlcloop.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 06:32:35 GMT","end":"Sun, 30 Nov 2025 06:32:34 GMT"},"fingerprint":{"sha1":"B0:EF:E5:71:06:04:4F:24:07:7A:AA:D6:12:C8:CE:B4:04:66:24:03","sha256":"0B:C0:F3:27:C5:DF:B1:F0:8B:B7:27:5B:1F:72:37:A1:F4:B0:51:26:9B:02:57:70:54:F2:4E:69:3B:EF:C2:67"}}},"request":{"raw":"GET /gwF3keOX1dkEyzFR3/40913 HTTP/1.1\r\nHost: gd.orlcloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 28 Sep 2025 21:12:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yuguaab.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Mon, 29-Sep-2025 21:12:09 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":236922,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"907c81665b8e8aba469d76938caf5b7d","sha1":"24a9a3486d80bb3d0e132bbf9b44e9ce74f7ba83","sha256":"63fa1130f38b123a5f56b80064d8e1af59daade69bca059018b4bc7adfed348b","sha512":"12f6587f20e05d05fc8a9ba52f68d982a48e5e09bcfd08fb19ede493ac06edd26da0553abcea2c6d204cd04273788a115d32214bff606abec2e4cb6f254b2863","ssdeep":"3072:nVxgSKOEeS2oZl6uM2YTbVnB3cnH3nJu4xISGx4vnyfBUCV5QA:nVWSkeS2JVBMnH3Ju4GSGyyfbV5QA","tlshash":"56342be1f320f27d8b9780e2d53e9112d22d0b8131cd9ba0e269dd647f5964bc17e9e8","first_seen":"2025-09-28T21:12:38.27357Z","last_seen":"2025-09-28T21:12:38.27357Z","times_seen":1,"resource_available":true,"data":null}},"time_used":286,"timings":{"blocked":124,"dns":80,"connect":20,"send":0,"wait":39,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"gd.orlcloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"larvatepharaoh.cyou/tsk/Ti9JX1fr3Jn0b8XkTo1Ex9VLc3eOtN22QNKYtZh7r*EL8RqdBHuLPxYVWB2xMQcLrLMBjnzLoqM6dVyOgNjR_sni5CbXA_9wwwms*MFpc_A","fqdn":"larvatepharaoh.cyou","domain":"larvatepharaoh.cyou","tld":"cyou"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yuguaab.com/f/mfgc22xntftr","date":"2025-09-28T21:12:09.627Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tsk/Ti9JX1fr3Jn0b8XkTo1Ex9VLc3eOtN22QNKYtZh7r*EL8RqdBHuLPxYVWB2xMQcLrLMBjnzLoqM6dVyOgNjR_sni5CbXA_9wwwms*MFpc_A HTTP/1.1\r\nHost: larvatepharaoh.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yuguaab.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T16:09:50.836081Z","times_seen":14695563,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"larvatepharaoh.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}