{"report_id":"e3e5261e-e5a6-4b16-abf6-574d45083dd2","version":6,"status":"done","tags":[],"date":"2026-04-15T19:01:37Z","url":{"schema":"http","addr":"go2wa.cc/NYnDzEOt/?leclerc-boncarburant-2026.html","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"ip":{"addr":"104.21.81.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"go2wa.cc/NYnDzEOt/404.html","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"title":"404 Not Found","dom":{"size":138,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"bc0703be001240bdd8a6e6ff16f19596","sha1":"7c799396b652deaf4fd4f48d01a332f11053388d","sha256":"af4a14c499b3b3e29c366984c00d84d24a78c69975055354cfa0f093f436c1bc","sha512":"f05fa334d0fa4afaee7f0b4688b895c409d25d69014088e876201824f3d60311b0f4df366aec96f260110936704205ff9f5a84e8470bd441dec4b62ad0575da5","ssdeep":"","tlshash":"38c02b0d74636148dd03115017c33240c488c33f685ac01008028483b0cf2bac4c23a5","dom_hash":"domhash18da208b3b39949e9ba09528a720f5c0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"go2wa.cc/NYnDzEOt/?leclerc-boncarburant-2026.html","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"ip":{"addr":"104.21.81.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-20T19:01:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":8}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-04-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"go2wa.cc/NYnDzEOt/global.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-04-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"go2wa.cc/NYnDzEOt/index_files/config.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"go2wa.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-12T22:33:20.808909Z","alert_count":0,"request_count":1,"received_data":64481,"sent_data":419,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"go2wa.cc","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-25","domain_rank":0,"first_seen":"2025-11-10T19:08:33.66097Z","last_seen":"2026-04-10T20:44:14.93134Z","alert_count":18,"request_count":3,"received_data":77461,"sent_data":1452,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:4.6.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"OneSignal","description":"OneSignal is a customer engagement messaging solution.","website":"https://onesignal.com","common_platform_enumeration":"","icon":"OneSignal.svg","categories":["Marketing automation","A/B Testing"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"go2wa.cc/NYnDzEOt/global.js","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1d1f28729b06b549eddc9c34bf4843d5","sha1":"d7e505afacb6a1d9994dbb76fcbb0f2b64dc1135","sha256":"c0d22cf33e294a9ede47994990d0bc2cbc79b9693cf23156a4aca669425edea2","sha512":"96fcf3d4c601e19bbfc7b67e9db719eea724b3102e7a4136729cfac4f2174de70b1c88ab94af5179628a4b0addfa37a622ed36c133b11669f8acc639ecd020f7","ssdeep":"768:0fIlcJogvvJFnvpEF8pzUHdtVwPIJmI3+EKYbNjjciM92:0fIyJtXJ1vGF8pzU9AMM92","tlshash":"67f2b6e867d2d10f36cf0f47ae115bea8ca68ad670c5750b8368766d38ad14fc16dca0","size":36029,"data":"","first_seen":"2026-04-15T19:01:38.357547Z","last_seen":"2026-04-15T19:01:38.357547Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-04-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"go2wa.cc/NYnDzEOt/global.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-15T22:27:05.110349Z","times_seen":450381,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0c2bcf5ef0c4476508d79ec9cdcce07","sha1":"3beed68ed7d753c6bf4f61c26386ddd7929ba030","sha256":"edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba","sha512":"5ca6bd1de99dcb5522dca486809760332625520d6033e4212fa7279724dedaaccc0989b89c06753ec55ead0cd34d7ce89d447e766b301ea8093eec02ab531a02","ssdeep":"768:0KD1OYYUhTVvO1Nn6u7MTLOarIkSsBAiAH0FcQ2K8FXsb6mH/3bz5vhCG:0G1T145KVdsXc/hhCG","tlshash":"a453750672a4f472059fa176803b0a0bb7362c9de506b16cbad998dd1f7cd443267f3a","size":63467,"data":"","first_seen":"2023-03-07T01:03:47Z","last_seen":"2026-04-15T19:01:38.354393Z","times_seen":9438,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.onesignal.com/sdks/OneSignalSDK.js","fqdn":"cdn.onesignal.com","domain":"onesignal.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"d28d42a8f9dcde456b178a7b87e6e139","sha1":"40fb899978e9411b0794248dfc188e8a36535d0d","sha256":"264a84e138e9f97ca169107e0e1496fbbe1b9992645c170b435815a469a0e481","sha512":"b5a1ee12fbe70675d7cab18be1a7ffa8fa4624a7a945229ca54ca0131cabfccbaaac9e4ad1b85c25a9057da64f8a1d9c772d1de0fad7bb44890587e2a1cca4f8","ssdeep":"96:/snIQgDVFrK3RJ1oauMhfVoqA/HnUvoQI7+AnJqPeGZftsFDV81zIJqPm84Biobc:sIKNoqh9oJTntWftsFZWzIicig1tI","tlshash":"1b22635bb930f5f253d358f6802f200ae37b993954b9a4909b85c8e09c7161f9337f6a","size":10007,"data":"","first_seen":"2026-02-26T07:38:54.437403Z","last_seen":"2026-04-15T20:01:36.616458Z","times_seen":1562,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go2wa.cc/NYnDzEOt/index_files/config.js","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"8aeec5cf18ea271ae0493c5233087e2a","sha1":"5d51f89a2a8083760c938fd0ccaed3f0ea07a979","sha256":"4ac7b31e8fa1ac565729f514059a282d855e1ec90bdf27a8a3a62aa800043b91","sha512":"f7bff37ca4a64107dc3e07813b82982c3347891c82139ac04aa66d4a11fa8a22dbd6aec7c018a9d4a6072dfb3167a7b5e8e9fe31b36490294780d762f2eca7c8","ssdeep":"1536:fvm5a4ZpUoM+Nao0oZX3YsoNytALfTQmwCYYfnRDzErpk5Df3WbwZ1K+RX9RvQxg:bOmLfntzErpk5Df3WbwZ1K+RX9RvQ3ul","tlshash":"404348d827e1d60f639e4e43fe027bf5c0768953a1c8b1479348ba6e18b864bd57cca1","size":57071,"data":"","first_seen":"2026-04-15T19:01:38.367155Z","last_seen":"2026-04-15T19:01:38.367155Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-04-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"go2wa.cc/NYnDzEOt/index_files/config.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://go2wa.cc/NYnDzEOt/?leclerc-boncarburant-2026.html","date":"2026-04-15T19:01:14.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/bootstrap/4.6.0/js/bootstrap.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Apr 2026 19:01:14 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 13132\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"60f698d0-334c\"\r\nlast-modified: Tue, 20 Jul 2021 09:35:12 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 3661829\r\nexpires: Mon, 05 Apr 2027 19:01:14 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tbnySM5D8yEpZgfIQHQ7KdUdoMBClstR6PYGTk462B13lnX2ApIiN5gKpsN5oNezJ0gUbTQeP6p0VGpueJqvFxCwqzV1%2FlUCBlJ75nJ5hO%2B%2B4sf9WqHaR5WkVYdDTyDbLvGZ4eK5\"}]}\r\ncf-ray: 9ecd329dbcb032fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63467,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (63188)","md5":"f0c2bcf5ef0c4476508d79ec9cdcce07","sha1":"3beed68ed7d753c6bf4f61c26386ddd7929ba030","sha256":"edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba","sha512":"5ca6bd1de99dcb5522dca486809760332625520d6033e4212fa7279724dedaaccc0989b89c06753ec55ead0cd34d7ce89d447e766b301ea8093eec02ab531a02","ssdeep":"768:0KD1OYYUhTVvO1Nn6u7MTLOarIkSsBAiAH0FcQ2K8FXsb6mH/3bz5vhCG:0G1T145KVdsXc/hhCG","tlshash":"a453750672a4f472059fa176803b0a0bb7362c9de506b16cbad998dd1f7cd443267f3a","first_seen":"2023-03-07T01:03:47Z","last_seen":"2026-04-15T19:01:38.354393Z","times_seen":9438,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":14,"dns":1,"connect":1,"send":0,"wait":8,"receive":1,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go2wa.cc/NYnDzEOt/404.html","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-15T19:01:15.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"go2wa.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 01:29:17 GMT","end":"Mon, 18 May 2026 02:25:44 GMT"},"fingerprint":{"sha1":"00:55:14:4F:40:65:30:BC:53:49:94:21:37:BB:DA:10:B5:76:2F:2A","sha256":"20:B0:4B:E0:F1:F2:DB:8F:6C:CB:3E:22:57:89:A6:EB:67:6A:75:E2:0E:14:C8:AF:23:8F:25:5E:FC:70:3E:5B"}}},"request":{"raw":"GET /NYnDzEOt/404.html HTTP/1.1\r\nHost: go2wa.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 15 Apr 2026 19:01:15 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=1,i=?0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer-when-downgrade\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jVdHyTP10lI79ATm6VFrBOyE8ocyVl1Ont5sNAvNtolSSom%2FNI1lGahLKsAo9NyHW40wB1nlTolW6fw2sSQD%2F73AQuAksCeyL2%2FzD0aBYOIStUQhCAxOWnTulA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9ecd32a0ddf95694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-15T22:37:09.263631Z","times_seen":488721,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"go2wa.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go2wa.cc/favicon.ico","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://go2wa.cc/NYnDzEOt/404.html","date":"2026-04-15T19:01:15.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"go2wa.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 01:29:17 GMT","end":"Mon, 18 May 2026 02:25:44 GMT"},"fingerprint":{"sha1":"00:55:14:4F:40:65:30:BC:53:49:94:21:37:BB:DA:10:B5:76:2F:2A","sha256":"20:B0:4B:E0:F1:F2:DB:8F:6C:CB:3E:22:57:89:A6:EB:67:6A:75:E2:0E:14:C8:AF:23:8F:25:5E:FC:70:3E:5B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: go2wa.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://go2wa.cc/NYnDzEOt/404.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 15 Apr 2026 19:01:15 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer-when-downgrade\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yX7qyb77iOXHaOyoSQ5VlGKAI5kiVMwhR%2FL%2Fm%2BCep30jWYIpQdzSD8LOD7af%2F2Od%2FFnU5PMoeuEqRBITwV92bhteQahKG8ElhOxGhbKO26RGI%2B56FkjmfPSwnQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9ecd32a19f3d5694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-15T22:37:09.263631Z","times_seen":488721,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"go2wa.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go2wa.cc/NYnDzEOt/?leclerc-boncarburant-2026.html","fqdn":"go2wa.cc","domain":"go2wa.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-15T19:01:14.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"go2wa.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 01:29:17 GMT","end":"Mon, 18 May 2026 02:25:44 GMT"},"fingerprint":{"sha1":"00:55:14:4F:40:65:30:BC:53:49:94:21:37:BB:DA:10:B5:76:2F:2A","sha256":"20:B0:4B:E0:F1:F2:DB:8F:6C:CB:3E:22:57:89:A6:EB:67:6A:75:E2:0E:14:C8:AF:23:8F:25:5E:FC:70:3E:5B"}}},"request":{"raw":"GET /NYnDzEOt/?leclerc-boncarburant-2026.html HTTP/1.1\r\nHost: go2wa.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Apr 2026 19:01:14 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 16:28:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LYom6RRFdgHHNbxxk7IMNj3wvClI3c23j43NE166uArqcGOJFF4Wz9tAjRGj2yO8x1H1kPBF26ELC3p0BjdRiXXgmuck1y%2FaWXsV845ty9xSP8Q8EC2E67WW5w%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer-when-downgrade\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ecd329b7ae70b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:4.6.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"OneSignal","description":"OneSignal is a customer engagement messaging solution.","website":"https://onesignal.com","common_platform_enumeration":"","icon":"OneSignal.svg","categories":["Marketing automation","A/B Testing"]}],"data":{"size":74955,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (23934)","md5":"9d1dfb44ae2aa2a05b1f593e8f83f90a","sha1":"af9d21d90277a0ea91cc90190dcf6f08265f815b","sha256":"91fe69a3d9b79d9a863ad4f7581c704c849d5473391f209597862a7bbbe00f4f","sha512":"4b1b1eef71a72cab1fbd1c21093d17184a955ddffc4ab87ca43b2c0ff2fea78311881d2d967aa8b54416fd4b7a50b14612f34bacbaafb54165728acad0cf1689","ssdeep":"768:kPY+Lw1vKpnqSkOT7s5pI5CuOTDfz78Ao5QZUs3Q1Enaij6/TIsuYuW8YvmnE0Uv:km1i7scgfP8J+gQsuYuZrIZNavO","tlshash":"4d730a6026e69433234f47e7be3367e6f595990be8425007b2ac3d841fc6d53e9a3634","first_seen":"2026-04-15T19:01:38.355841Z","last_seen":"2026-04-15T19:01:38.355841Z","times_seen":1,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":31,"dns":10,"connect":1,"send":0,"wait":152,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"go2wa.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"go2wa.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}