{"report_id":"eeb016eb-53d3-45d8-a471-ac4eb87348fa","version":6,"status":"done","tags":[],"date":"2025-08-28T07:50:30Z","url":{"schema":"http","addr":"vsebolezni.com","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"title":"澳洲幸运5官网168开奖-freelancer官方网站-168开奖官网开奖历史记录-澳洲结果号码查询开奖记录168官网体彩"},"submit":{"url":{"schema":"http","addr":"vsebolezni.com","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-02T07:50:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T07:50:14Z","timestamp":1756367414,"ip_dst":{"addr":"172.18.0.11","port":53558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2025-08-28T07:50:14.739326+0000\",\"flow_id\":506795574443188,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.92.209.213\",\"src_port\":80,\"dest_ip\":\"172.18.0.11\",\"dest_port\":53558,\"proto\":\"TCP\",\"tx_id\":21,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"vsebolezni.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://vsebolezni.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":16668},\"files\":[{\"filename\":\"/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":65536,\"tx_id\":21}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":126,\"pkts_toclient\":198,\"bytes_toserver\":18687,\"bytes_toclient\":263941,\"start\":\"2025-08-28T07:50:08.539828+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T07:50:15Z","timestamp":1756367415,"ip_dst":{"addr":"172.18.0.11","port":53544,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2025-08-28T07:50:15.089303+0000\",\"flow_id\":150004051259415,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.92.209.213\",\"src_port\":80,\"dest_ip\":\"172.18.0.11\",\"dest_port\":53544,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"http_port\":0,\"url\":\"/libhtp::request_uri_not_seen\",\"http_content_type\":\"text/html\",\"status\":404,\"length\":13852},\"files\":[{\"filename\":\"/libhtp::request_uri_not_seen\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":49152,\"tx_id\":9}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":45,\"pkts_toclient\":51,\"bytes_toserver\":6579,\"bytes_toclient\":62412,\"start\":\"2025-08-28T07:50:08.503831+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-08-27T15:53:10.061958Z","alert_count":0,"request_count":1,"received_data":20344,"sent_data":504,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sdk.51.la","ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":347679,"first_seen":"2021-03-08T16:03:51Z","last_seen":"2025-08-23T06:45:01.047908Z","alert_count":0,"request_count":2,"received_data":330,"sent_data":664,"comment":"","tags":null,"fingerprints":null},{"fqdn":"api.api168168.com","ip":{"addr":"34.150.51.26","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"2020-10-09","domain_rank":0,"first_seen":"2020-10-09T11:31:19Z","last_seen":"2025-08-23T06:12:26.575798Z","alert_count":0,"request_count":5,"received_data":85292,"sent_data":2376,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"js.hubspotfeedback.com","ip":{"addr":"104.17.79.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-12-18","domain_rank":96207,"first_seen":"2018-02-26T14:16:18Z","last_seen":"2025-08-27T09:25:59.379191Z","alert_count":0,"request_count":1,"received_data":23076,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"js.hs-banner.com","ip":{"addr":"104.18.40.240","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-03-09","domain_rank":17150,"first_seen":"2020-03-26T17:45:21Z","last_seen":"2025-08-27T18:53:16.47233Z","alert_count":0,"request_count":1,"received_data":69374,"sent_data":413,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"maxcdn.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":6807,"first_seen":"2014-06-18T00:37:31Z","last_seen":"2025-08-27T18:00:14.083167Z","alert_count":0,"request_count":1,"received_data":78101,"sent_data":548,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-08-27T15:14:26.687687Z","alert_count":0,"request_count":1,"received_data":4108,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bd51static.com","ip":{"addr":"35.215.190.193","port":80,"asn":15169,"as":"GOOGLE","country":"Hong Kong","country_code":"HK"},"domain_registered":"2021-10-07","domain_rank":2891718,"first_seen":"2021-10-07T04:20:25Z","last_seen":"2025-08-23T06:12:26.213623Z","alert_count":0,"request_count":1,"received_data":1758,"sent_data":326,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"vsebolezni.com","ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"2014-09-16","domain_rank":4363782,"first_seen":"2025-08-28T07:50:32.899675Z","last_seen":"2025-08-28T07:50:32.899675Z","alert_count":61,"request_count":60,"received_data":1628347,"sent_data":25087,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:1.10.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery Migrate:1.2.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]},{"fqdn":"sslcdn.proz.com","ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"1999-02-04","domain_rank":4031388,"first_seen":"2017-09-12T08:47:02Z","last_seen":"2025-07-10T06:57:56.596583Z","alert_count":0,"request_count":14,"received_data":215985,"sent_data":6405,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"yzkjw78.com","ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-07-10","domain_rank":0,"first_seen":"2025-07-13T11:51:25.010643Z","last_seen":"2025-08-16T16:37:04.726519Z","alert_count":23,"request_count":23,"received_data":715753,"sent_data":10730,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"js.usemessages.com","ip":{"addr":"104.16.79.142","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-12-07","domain_rank":39054,"first_seen":"2017-10-05T18:55:58Z","last_seen":"2025-08-22T09:01:45.899557Z","alert_count":0,"request_count":1,"received_data":101972,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"183.240.98.228","port":443,"asn":56040,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2025-08-27T21:29:26.313291Z","alert_count":0,"request_count":2,"received_data":30880,"sent_data":1435,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T07:50:14Z","timestamp":1756367414,"ip_dst":{"addr":"172.18.0.11","port":53558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2025-08-28T07:50:14.739326+0000\",\"flow_id\":506795574443188,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.92.209.213\",\"src_port\":80,\"dest_ip\":\"172.18.0.11\",\"dest_port\":53558,\"proto\":\"TCP\",\"tx_id\":21,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"vsebolezni.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://vsebolezni.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":16668},\"files\":[{\"filename\":\"/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":65536,\"tx_id\":21}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":126,\"pkts_toclient\":198,\"bytes_toserver\":18687,\"bytes_toclient\":263941,\"start\":\"2025-08-28T07:50:08.539828+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T07:50:15Z","timestamp":1756367415,"ip_dst":{"addr":"172.18.0.11","port":53544,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2025-08-28T07:50:15.089303+0000\",\"flow_id\":150004051259415,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.92.209.213\",\"src_port\":80,\"dest_ip\":\"172.18.0.11\",\"dest_port\":53544,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"http_port\":0,\"url\":\"/libhtp::request_uri_not_seen\",\"http_content_type\":\"text/html\",\"status\":404,\"length\":13852},\"files\":[{\"filename\":\"/libhtp::request_uri_not_seen\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":49152,\"tx_id\":9}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":45,\"pkts_toclient\":51,\"bytes_toserver\":6579,\"bytes_toclient\":62412,\"start\":\"2025-08-28T07:50:08.503831+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/main.js\u00261698072801","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"65776492b4135489d30cdd172e5976df","sha1":"5db5696efba6ff758114bab75420aff105086959","sha256":"7bc569527624cc3a63ac20af9aa59477279a02c723e9aacbdbb61785b4a684ec","sha512":"2e70ffe8549291afcffa760e001a0aad6893d5f94ee5b5439f2a30151290f0292f7c34d4e8896b9b28ee4d3ad8410584836b4d2a2249bd038473a1cbddf11b6e","ssdeep":"192:2Hm+rumCCqpfgrqowmGRR1ydGv4HXcGsnpL0QvwrB5X1GomlOULbS6gm+kl:2G+r1C5dvQXcGsnpL0QmLDql","tlshash":"fc3208dc9580715581e78cc7ea7bd72ff0f19c2aa306d832d0bc89a578a0756d2139be","size":11582,"data":"","first_seen":"2025-08-28T07:50:39.181704Z","last_seen":"2025-08-28T07:50:39.181704Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery.lazyload.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c259df726005ecc3aa31cd418912063","sha1":"0bf19ee6d5554319379a431b6f197adff9a2e64b","sha256":"2dcbcb49310f7a238520cf5e4ff774e2f5e1a4393424ff83014851213b045e2a","sha512":"162296669f07aafd29e6636e639340550a91cae6f878da74d4023ff45f409fc7fdb93797f177e7d9876165ff05aa4fa8687ee7e2939d8e1c802d317642811ab6","ssdeep":"","tlshash":"6161768e7e527839f0167a9e831f310a653ed46f81814c54b089ece4ecec7951236d9a","size":3378,"data":"","first_seen":"2025-08-28T07:50:39.158561Z","last_seen":"2025-08-28T07:50:39.158561Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/iscroll.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3249e269b6bf59a9596ff4dd4908bd74","sha1":"16f804a74f66585bf01bb2217997a2a4ff0c4a23","sha256":"3b294972fe3c686a14d4195e17abc43199da904d959c9ffa128b3649b6bd925c","sha512":"f8fff231edd431cdad0e9426353abceb12ad72e1decfb110aa48f6b81fd061f9b2171bacba515069c1360df4a7cc451c1b0cdce380c4ecdd3849231bb4f07bc1","ssdeep":"384:KgC+EUMfCHqTj54QUX5WSMFqa7BU5TJe3c6OJsBeCWvtk7mSjjxaF:Kl+EUnqTDUX5UFO5TQc6OJsBetO7BlaF","tlshash":"2792a4889112338245ffb399dacb860d607a9339671750cc3929bffa6a447b843d367c","size":19891,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.09417Z","times_seen":1327,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/local/tools/tools.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8013dd6bd01a41c8ba3ab87b75e00384","sha1":"7c7ac71f61dbade812e8553ef798ab95b1292ff0","sha256":"e00d209a165a446a1882f368f65c9b87df4599bc70edf7fd176ee85113b33bf4","sha512":"ef9250434b83beb1acb886c6a7f48ca078611c452712459b789cde59a389f1f009cf6652f73a1e1c060000d5a8b6a1d06209e706729763456b74fa425211aace","ssdeep":"768:YhY+GyBfYY65VS27+8cVI+4T1NNa+Na0NaOqBaA32imH52FpJ8M/Q5tQ5+eNj2NV:KtGWfYBVS27+8cVI+Yjvzqsni08o0K9","tlshash":"b6a3a61a99702a5a417373b5593fe500f4214f3b01078846bc7ed6f85fb9a62a378fe8","size":103478,"data":"","first_seen":"2025-07-13T11:51:38.295866Z","last_seen":"2026-04-03T17:55:51.30946Z","times_seen":270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/bootstrap.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c5b5b2fa19bd66ff23211d9f844e0131","sha1":"791aa054a026bddc0de92bad6cf7a1c6e73713d5","sha256":"2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a","sha512":"d9ef2aab411371f5912381c9073422037528c8593ab5b3721bea926880592f25bd5dfdec5991cdfe5c5ef5f4e1d54e390e93dfd3bca3f782ac5071d67b8624d4","ssdeep":"768:4UfYD27UwlNHMl9lqNuCPNjhqg8epm5CCJFXflA8Gf3ZTbQ:z/76whqKGvlm3ZXQ","tlshash":"47f29606b23031a147efb1e1525b020a7239696ee906907c78b9daf53db9c48717bf3d","size":36868,"data":"","first_seen":"2023-03-07T01:02:25Z","last_seen":"2026-04-04T00:33:01.341928Z","times_seen":16097,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.hs-banner.com/4041721.js","fqdn":"js.hs-banner.com","domain":"hs-banner.com","tld":"com"},"ip":{"addr":"104.18.40.240","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7058dd1723d33a1f6f0baae3b6ceb114","sha1":"218ad2aa444cb8e93d8af3406898f6b12f5ff8e4","sha256":"8a0685b30cc6ffeef431556d407e3c010fc870add4d6910c28fa470ba3b7b0f4","sha512":"a660d92b1b03f25b651839dc643a62cc5debd532d4e8ee87ecb460b0ce0f78c9c4be1728bcd5a01920d4ca1ea2e147c499f2d75321be9056600f576979538259","ssdeep":"1536:zcWl4bbg0bq/5KyGpmU5xjHKHuCh2feXQN/:AKGnSuC+","tlshash":"9263f9bbf4ec107c13d746a666229b1cba3444dc96064f7cbd6caa990be14c31a7b371","size":67271,"data":"","first_seen":"2025-07-03T05:33:45.177678Z","last_seen":"2025-10-18T07:34:36.683285Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/pk10BaseTrend.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6f6fadebe51378762442a2211edfef60","sha1":"abb6dd63e315112728f3540ef124480e4b1e9048","sha256":"441c3db4288867eb549306e2797b1075d745408c6674660096a9ed695435391e","sha512":"07072b7f0de691c11760da89619c378b0dbae068b540676c6bed50e9c1eb089716a1b235f10fb35730c3afe2ac42dc02ea67fbcc80e3551afc7d5507feb0d71d","ssdeep":"96:bWkh9UBeGm8ViMUrjjEgYQEHqSKFM4AJjCk:N0iMUrHEe0qSKFM48","tlshash":"43d1a919e1822126b25f3efcc63fd15880610fb0e598ee4c76fd9ab16d34ac65073d6a","size":6701,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.10808Z","times_seen":1326,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/drawLines.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7db0502baf867aa0663475b899ffb19e","sha1":"a69f4ef6ab52c62d9885dc55b733c8c37687383e","sha256":"8a3eec9c6525ce4aad8b37e0a188f4716a8fcdec24ee894d2f8ffec447872fbb","sha512":"68964174935137b93491d1bea5e3fec05f068dabd36cf5670bb03c6c4eb30bdfbc493b8002eb8d1e46d7289f9c8430d25d230e1e6870d89fe53cf0f7be78794b","ssdeep":"768:uVYu93uZgDPN6cypp08tc25yBY/BEMXH7YE7cpv:u19MgDl6NppjtDwBY/BEUH7Yecpv","tlshash":"18b208eaf2863475818b63a9143f6749f13368156e06844cf479d8d26d38f8970bfe78","size":24891,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.140479Z","times_seen":1326,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/buttons.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b595b33a5ab05a3ce43f140ea681ad51","sha1":"711f25a61cac9b45e6e284c57fc48df4a4689bf1","sha256":"72f82d030c7832c50bed777460b8c7fcc8aabb522aa68037bd7ca71fca2f0c1b","sha512":"ce91b71bc3eba44d418f1e524e993c0b688e877b73992d005247e53fc2caf403bd4dd8f9ebd787f3efda97d9ea285367affac92a1862f1cbf31ff4ec017cbe60","ssdeep":"","tlshash":"db31df4579d9631287bfa135201faec8393bbf9a1010a024f4b969c53ef8c15e537e7a","size":1560,"data":"","first_seen":"2025-08-28T07:50:39.24892Z","last_seen":"2025-08-28T07:50:39.24892Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/local/ssc/index.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7cbf7c3e6596443aea193db26588a203","sha1":"dc9284b3d853f40b1f892dc853002b1cbf2e700a","sha256":"ae8b3e11044bfe4ada3cbe02de1e3a8b9f7476b4cb8cf6e8a29074e423d254e9","sha512":"1117fa2b6976546a1a5728c1f7172c80be412380f748f39d60fb5681629460b52d4216c597a249b39001b762b2134c2b40a8c57b960b4aa13fc8ac57b5d78786","ssdeep":"768:q6s2jKBBk2mtGZpkoVXzoeY2X/oDmJwzaORX3j/rtb4ZZs4tR0NcktIR+Z0eADjM:q9AFgDSmJAJtIM03DjCVM7kI/2","tlshash":"5973851566a5222a20b773f2582fd604f171893782148d05b96e69c40fbfca4b1f7fbe","size":80634,"data":"","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-03T18:23:48.104045Z","times_seen":245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"26aded7ae640baecb28169e0abd16626","sha1":"421f9b77c415e18d8ede061a02137634f6a4bd64","sha256":"aa9e93fd1b536d9fe520efa7b4b2bedf9297034561d0d2e2eeab9225cc7aa2a4","sha512":"3bd88d1a422b4b5ba1907ace27a576c647566c8da479813f79372649ef8fc92b0e34d7088695cd552e3966ced719c40b52ab3b0d994bbc31c25897b18c589165","ssdeep":"","tlshash":"e8f0920a58b81034952770688efee2025b249507bc59bc547a5d17926f2e32e32f77c5","size":488,"data":"","first_seen":"2025-08-28T07:50:39.265482Z","last_seen":"2025-08-28T07:50:39.265482Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery-ui.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0404d1a663120e049c3c080c7f5d73b7","sha1":"a56d8c0c7f8d9f0d129fc6fe76d8ee9aa02511a2","sha256":"81ed75941ab749c90d194043ed2cbd87af3d8974fe68f6e233e4865baf22fad4","sha512":"e986ac9982a3fbb82848953a0960be6e13eedf3af2e8f09bf7f2889e825ea80b86c213c5f8e5a66fbf3df05da9fe3b35746190c124a92bf05a27952fd40c0b36","ssdeep":"6144:c5md7z2BGBMBuB9FI226eYGoL41Ziv5ZftyyMnQGfJxh:c852BGBMBuByoLCiXwq8","tlshash":"a854d80d7300353a89efe26e142b1b4a7236a1999501816cf4385ddd6bbde01a17ffbe","size":291770,"data":"","first_seen":"2025-08-28T07:50:39.152035Z","last_seen":"2025-08-28T07:50:39.152035Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-04T00:34:17.6039Z","times_seen":102096,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/analytics.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"575b5480531da4d14e7453e2016fe0bc","sha1":"e5c5f3134fe29e60b591c87ea85951f0aea36ee1","sha256":"de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd","sha512":"174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a","ssdeep":"768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL","tlshash":"74330af9b7423466c3a271e4403f1007907aadd5f449d8e4b58ad6d46d38eab02fbf68","size":52916,"data":"","first_seen":"2023-06-16T11:16:31Z","last_seen":"2026-03-30T20:55:35.950806Z","times_seen":5522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b61954bcab3f84a4262d251bef42c20e","sha1":"8b94dcf8bf77de49803e9e4f5979080f1309c858","sha256":"266e1b1dcb4431cbf64d90ac504bd60c102528bbe7d33e7b86937a19966440ed","sha512":"e7f1874e3fc96ed33d61541020f95b71205370153a2a0045f1efc2ed370410648adccfa8323d6147aa33dc82d5b1f812afa0f05d87882406ad5ae1572aab8a77","ssdeep":"","tlshash":"dce08c0a18f82061112371380d6e9601fa20a90b9d58fc30be9e64a09f1c32e22fbbc9","size":394,"data":"","first_seen":"2025-08-28T07:50:39.269147Z","last_seen":"2025-08-28T07:50:39.269147Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/jquery.async.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e3cd10cd7579756c32b479d018996ce","sha1":"f802c0231c81b061352b3c7bb4c64c143ce353f2","sha256":"9b52ff42b1430595e38ae165b5a8ac6719c0bfddf9407ef9bc720dc30f2d3e5f","sha512":"f268b0dfed8599261280098146616a56bf347d56edaae23924373d6f09c09df07eae57e89cd05fc86175aaa6e3c6d1e12a987a5ee5bb5d678a8e65db3a04c421","ssdeep":"","tlshash":"4a119cd87791a6050752b46c077f211cd23638141c1f9558b6bef4e25c1931eb12e9b0","size":902,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.119729Z","times_seen":1326,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/jquery-1.9.1.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ced1955d04ad67f93c642501960172d","sha1":"e346705c96ed71fef43144a893dc26f0d1ff2a81","sha256":"7196db5ce1154dda0f62614999dfd169a0e5fa9db634c12c308f9f9b22cb6f90","sha512":"c5fdcd09f23cbc4adcdc9ae38e7535eab9d10026b2607c21414cbb02258f0eb99bea0c8b53ee69129c62cf086898f4fec46d1a52f1170955b2b4d6ab0c636a47","ssdeep":"1536:g9sFlxCuYQ8kdpjEhDH19D7jXHi7mdG5bakVV6qN6MQDKwTYHUfn06dPGMIcXQWy:JXdURN6G7h8aGtvnx","tlshash":"b69319dd76c5b12247ab307d106f540af236599a280c8450f135e8fafc7898aa177f7e","size":93015,"data":"","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.095365Z","times_seen":1193,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"7b241b85bfa2dc092f3f2eb856a2566d","sha1":"673e35ee82a2619bf50033f7eb904968f19349db","sha256":"daa686af404c1051e0e8f7d5dd3dc7a99e0896af9f2c5cacbed817594af6cb9d","sha512":"3cfbbe8c8741445905b9bc4ee396a84c0c7c0e3159bf4690753d94714c148969cd513f7d84435178f80c548059842010f89a564ca1e2033c756a856d06e25737","ssdeep":"","tlshash":"30f0c8cb535a49c524d3367afa6dfc0562c90c364eadcdfc6d4124021bd19b751e11ab","size":630,"data":"","first_seen":"2025-08-28T07:50:39.271096Z","last_seen":"2025-08-28T07:50:39.271096Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a5caead067dbb0d2aca3efb8f4d9f3a","sha1":"c347bde07ca6c1e35a7d8c7aa241731d7429c233","sha256":"199e04a64192e40d8c9e889272b4965c1da74e5e7dc5a63b932b984b65524282","sha512":"39252a95e307cac172dd42d0c59d4476b01d5c73d94314ebc39bb9d97c38eef5e3b47f0e1882dc2c3930eccd9c3777a9fd132cd9fba6359562c6f7ce48459efd","ssdeep":"","tlshash":"bff0248532fc0ca952fb243dc27b40452e345007e944dd0cb2cda7984f1556aaca360f","size":593,"data":"","first_seen":"2025-08-28T07:50:39.273415Z","last_seen":"2025-08-28T07:50:39.273415Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b61954bcab3f84a4262d251bef42c20e","sha1":"8b94dcf8bf77de49803e9e4f5979080f1309c858","sha256":"266e1b1dcb4431cbf64d90ac504bd60c102528bbe7d33e7b86937a19966440ed","sha512":"e7f1874e3fc96ed33d61541020f95b71205370153a2a0045f1efc2ed370410648adccfa8323d6147aa33dc82d5b1f812afa0f05d87882406ad5ae1572aab8a77","ssdeep":"","tlshash":"dce08c0a18f82061112371380d6e9601fa20a90b9d58fc30be9e64a09f1c32e22fbbc9","size":394,"data":"","first_seen":"2025-08-28T07:50:39.269147Z","last_seen":"2025-08-28T07:50:39.269147Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/dropdown.min.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"75dd57590b1c2ce5802f01dbff8af119","sha1":"4e048f06575a33067af7667bf6cd2f7fecd47853","sha256":"93e3625e92f4449b68cead84a93cce66c233ddb795c399584440e72acc58c8c6","sha512":"17c405751d454f776936accc829e67d244007e4c95047cb4e65d47e934b865c30e8011da4b7424dd37da02f702cdf9847e06a4009b39d3e3bd8a2c5cdaf66296","ssdeep":"96:WtfkI2CpVJm2UDWxlIgYT4pS5RFntslqZ:WtfkI2CpVJm2UDclnpsF7","tlshash":"d58163997093a0b18b90a3f9366f5558f930c801a405f448f6dcd5d9827a976b0f7e4e","size":4197,"data":"","first_seen":"2025-08-28T07:50:39.194879Z","last_seen":"2025-08-28T07:50:39.194879Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"bd51static.com/7ry.js","fqdn":"bd51static.com","domain":"bd51static.com","tld":"com"},"ip":{"addr":"35.215.190.193","port":80,"asn":15169,"as":"GOOGLE","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b49cd1dc0129f18f8ab76d9249e0f1d4","sha1":"83de531cb19e73636a45aef6c47de3317a61fdd3","sha256":"96cd0cf7391454455addfd9b6a7c18139072db87453b022adf2cabbf4beb119d","sha512":"c32d63254c6e11fa48d1f036e87c4494657bffdafd31c76c5d43fcfe885184e50e33b486a652b9d527cc59a6e9e8e29f6787d24c90b6956c26901090812f1094","ssdeep":"","tlshash":"6921f05f7c05e1246796383a33bfde9ce9ae0025241dd802a4eec4ac6d28ff90527b4c","size":1365,"data":"","first_seen":"2025-05-25T12:44:27.079127Z","last_seen":"2026-04-03T17:55:51.313639Z","times_seen":302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"43e28c5553d54ed2964bd5147521769b","sha1":"0a2b8c3db330a47aa7b9195e6dfdf944adb9240d","sha256":"d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23","sha512":"6dda085e4196167cf64287cb675c05b09bdaa291decebd1bea2b52ccdbd380de5875dc233fa3d439559413693f1e7974f485d60a2c1541bf62a8887bf5ff9811","ssdeep":"","tlshash":"1b80000c0a20c0882a00af00e000c202a0c2200f0220238ce823bce2a83c888808fea0","size":38,"data":"","first_seen":"2023-04-10T16:02:06Z","last_seen":"2026-04-04T00:32:59.776164Z","times_seen":125707,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?9449080f1fd9d69519fb3ef29e931160","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"183.240.98.228","port":443,"asn":56040,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb959ab6c74c2057680e7070716b5920","sha1":"bc195528421de1bc5a6fe7d51d33f3eacd5f2ea2","sha256":"2a170b3c21829dd47fbcf78d4a1baa5306649218963eaeee4dce95bda2907898","sha512":"92cec2ccb4af20947afff26fb87270dae16eab3896e815e74e2c706d7a907786cf387eadbdd194451a1df6432e38d0f1618eae162a3812fbc1c986c38e94dc3c","ssdeep":"384:vdJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:vd4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"58d2d9e9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","size":29898,"data":"","first_seen":"2025-08-28T07:50:39.21689Z","last_seen":"2025-08-28T07:50:39.21689Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/html/aozxy5/index.html","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eval","is_inline":false,"md5":"68a98d9e00c5b2e9c5ef03b2f70ffd7e","sha1":"17842dc377d9e77096ab9de1ecc71e4fffaf2200","sha256":"c129618552deadc90624ba69dac929378504f8f5d6a79f900671568ab79d3b07","sha512":"53679db19bc6ff0c688ede02f1c272232629990d93832da5c32bd8ea05750829d284be32b968ba2fa04a0bd5fa83ac75a7fb7b6f6fce62a448c7a63b3b0adfca","ssdeep":"","tlshash":"e5016d19f7dc5b5760bb3250556b86c9142e0c69e504ac40b59f4bd52b9f3bc610fa08","size":753,"data":"","first_seen":"2025-03-06T05:20:52.188346Z","last_seen":"2026-04-03T18:23:48.154514Z","times_seen":1074,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"43e28c5553d54ed2964bd5147521769b","sha1":"0a2b8c3db330a47aa7b9195e6dfdf944adb9240d","sha256":"d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23","sha512":"6dda085e4196167cf64287cb675c05b09bdaa291decebd1bea2b52ccdbd380de5875dc233fa3d439559413693f1e7974f485d60a2c1541bf62a8887bf5ff9811","ssdeep":"","tlshash":"1b80000c0a20c0882a00af00e000c202a0c2200f0220238ce823bce2a83c888808fea0","size":38,"data":"","first_seen":"2023-04-10T16:02:06Z","last_seen":"2026-04-04T00:32:59.776164Z","times_seen":125707,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-04T00:34:17.6039Z","times_seen":102096,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/nav_2017.js\u00261701374575","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2a1e763c6a5b05975398ec22acba06d1","sha1":"aacc5eca301e5f079005a540bb8e1b1a6aae3916","sha256":"a52f8feb5c1f81292badccba5f7854bbeeb96407530402f4a7424b0c437b599c","sha512":"d82df2e01739b23e5cdff9441f1782dcc96efed954fbd16af0a6b7745289c9f228f2d915d8e3a21f0865e6835ae56f3c83947e260f47d6ba4538e7a74de152c9","ssdeep":"384:o56NoL6idtjM6Je967+RF7cnffyBmT/4jygPb2LD5thKhWihcghahcg0h6hcgH9G:o56No+idtjM6u67+RF7cnffyQr4jygPd","tlshash":"16921ae97280b36980ff227f406f5b51b7321956c90ac414f5b488b81fa5da1b6e3b1f","size":19927,"data":"","first_seen":"2025-08-28T07:50:39.093772Z","last_seen":"2025-08-28T07:50:39.093772Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/main.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2149c6ee4d1f516ea182456c121e184","sha1":"957f97aa97237cc1e0e954c174f172922b91d0fd","sha256":"baf173e75a47a2048b481a8290c373cf5eedfe2b30de4527c6029c72213662bd","sha512":"4606a221e83621131532fea67f33eb9f4d12226486c23652c0ea5c37c8e840565410d8a08cce5ec121fc77a504fed7a06ad793094fc419a3e3976905bfa10692","ssdeep":"","tlshash":"712189af5a8531a0d57b2390caa797bcfeba8017471118b07c1c7b224b79c930426eec","size":1227,"data":"","first_seen":"2025-07-15T23:09:24.884548Z","last_seen":"2025-11-04T04:58:37.197035Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/date.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9256f059d597b6c3fa046e00d457fcd","sha1":"a5d5298fd6737d99e4dd71f9b1f686849f5f87da","sha256":"5de11f7b517d7f89c70ea78a8fe23a2f86bd848c8eb098003623b9faaff42d2e","sha512":"0757aeb4cea229877f10c0bd5b411cc9836fb66242fe99c5e96d4a13737835b180533e1c4693eec7d3718f8dd6a474b023788c38272a4b38a8b17f24a0a81951","ssdeep":"96:JUAuXHhJ376UYX6sfWdJVeAflACAEYB+zq0LfUvsHFH6+PpDQAyiDJpeC78Kf0rq:CAuzYXtANACAEXlc0DQIsKfPcmF","tlshash":"fef10e4274303008237a91fc75ce928a25f06dffe61a415ea451fe8927deb7e1b7b219","size":7901,"data":"","first_seen":"2023-03-07T12:24:05Z","last_seen":"2026-04-03T18:23:48.147669Z","times_seen":1328,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/config.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a974640a2d954cf993c07d3c296ad5d0","sha1":"a9629d8d7962cddb25588ec685246a9127ed31ae","sha256":"be5e9429f8def97c97b68aca5ad518d92a3ac2903f49cfab177d7931d1ec67c0","sha512":"ec3d915fcd3bbe3165efa94654987453ee68fccfe4b9477c1004620680b7bf3c7bc3aa783fbc7d6a779bb7f412d6230bcb82a24b5b942f61cfe0f49ac4fb268a","ssdeep":"192:qSa/WVpaV8Sx4AKtPxlmrwGGfdc8t5YxotT:qd6I+o4tPxESc8t/1","tlshash":"1e32201b845053a66173d779247a2e48e93e135f80058c5b3fbd4ac48f3be3a9059fba","size":10960,"data":"","first_seen":"2025-07-13T11:51:38.408259Z","last_seen":"2026-02-01T15:09:25.940537Z","times_seen":207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"211c398e79d8c62055cca23e0cdcd625","sha1":"a47a4c10b193ce13a8a92d082b3661f7d2e27705","sha256":"cc5a4c35901d26fce8fbdc07b08c7bd70fcb01701ef9ddf4b3c6b4a31bfa71a0","sha512":"375152fef5df7c63d88c156c91d0f4233fe625b25ddca607912058f16bb69e905ba4f726ae2ebe73806a6d1fb4bc1493f282f26ef009b78a79154691eb9c8074","ssdeep":"","tlshash":"cbf097aedc41a1585ac635b8abafe648e1ae0024e40ec843b8d6c4cd2c38fd9082534c","size":519,"data":"","first_seen":"2025-08-28T07:50:39.281624Z","last_seen":"2025-08-28T07:50:39.281624Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"dbdc14ac9a706a76f383f70557cf5741","sha1":"3fa3f22e0a63ca5f564c65d5fe126e52f62c90ea","sha256":"9a4bd92f466540c866e197955183c3c5c6a1152c209b7fdc34c56c49c848ea07","sha512":"012e4482c8e47b3ace2155d8caeb25c4be2e260e29424ad3b03e1c3f1ee15c7a68a9ba80c8774c92aa5825f8c5653b7a2be4ce2b427f5b094110ab721d88b755","ssdeep":"","tlshash":"b1a02440145f71fc4311df00047313155710d540c40000c4c0014111340c447d0d0541","size":74,"data":"","first_seen":"2025-08-28T07:50:39.284162Z","last_seen":"2025-08-28T07:50:39.284162Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-04T00:28:36.974338Z","times_seen":330082,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery-1.10.2.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ccb0603f26be55f234275492d58c9a3","sha1":"3903b3fa707f28478b97e4e6ddb1536ed13ee732","sha256":"daa1bc796cbb99d1cb81f34977ac0094a031d97764d5135e76f1142f793d5de8","sha512":"172fae2622a90e7cd6e7f0891bb57028bc1e075275af11c21f241f2b7587558e0303a48f25f33045e4f4d964cadedd791f34e3958d340a0a0c3899a85c79cd31","ssdeep":"1536:d4mCgi8DyCuXXFiJ+L0kJQsJVPEKLQRZdC/RffDknv+p0WzH/IoCZ7qABZnu0sFn:dGsKXfI2p0WPCbDrstfak","tlshash":"6093f8ddb2d1b06257bb21bd006f540ff236195e280d8850f129e8eabc74a4d9277fad","size":93103,"data":"","first_seen":"2023-03-07T12:09:22Z","last_seen":"2026-03-14T13:15:28.233769Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery.sumoselect.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e60495e58069d493c130917f1e3aa308","sha1":"b72f6ba31a099fe45b4ebd864a7d64a305868c65","sha256":"02cba23f275bf8e09667dd2f7dc7c2c261e88c3527d4ec9ebec3903243b3be33","sha512":"c5981d0338afac1bb943acdfb6231aa2ed9e1c4f5f1dd9ea86ca669894427b8264a19a7781758360ee85a10c17f5ea541d3b9e1d4ec93ee2ad8f433eae300e3a","ssdeep":"192:jQMo/fwbR4rVIjGxoFyrkonrk2IW0cRhaQI+WjIErTPlbFzX8PSa5ONXVSJAp:jQ0bMmcrkonrk24UUjIMT9bFrRIJAp","tlshash":"5332d65972c072b542bf60ab4855b89ab237493ec502d170f225aafd187de01c2a7f7f","size":11968,"data":"","first_seen":"2025-08-28T07:50:39.187274Z","last_seen":"2025-08-28T07:50:39.187274Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b61954bcab3f84a4262d251bef42c20e","sha1":"8b94dcf8bf77de49803e9e4f5979080f1309c858","sha256":"266e1b1dcb4431cbf64d90ac504bd60c102528bbe7d33e7b86937a19966440ed","sha512":"e7f1874e3fc96ed33d61541020f95b71205370153a2a0045f1efc2ed370410648adccfa8323d6147aa33dc82d5b1f812afa0f05d87882406ad5ae1572aab8a77","ssdeep":"","tlshash":"dce08c0a18f82061112371380d6e9601fa20a90b9d58fc30be9e64a09f1c32e22fbbc9","size":394,"data":"","first_seen":"2025-08-28T07:50:39.269147Z","last_seen":"2025-08-28T07:50:39.269147Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.hubspotfeedback.com/feedbackweb-new.js","fqdn":"js.hubspotfeedback.com","domain":"hubspotfeedback.com","tld":"com"},"ip":{"addr":"104.17.79.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2455b533079d72aabef57ddb7491fd61","sha1":"21c6aa0e8e979ab38f031debfce0c5af81dca013","sha256":"7240e22034a5fb0b004673d33205566e04cadb00dec2b42b49b1a9e74e24e9c7","sha512":"035010e8f3529eac2768b1796f88b419747930dc74f5e559fdb5204f7381f848b179334078394c95c4be2d8d35afd37f5c64cb0248d9614c6033981b3c5bb93c","ssdeep":"384:wp/NGiPIp819xf/A21IR//b4P/0cUzvMfS9XYUg5UNn7TRkFpicvqF:qMRi9xf/AUq/0P/0cdLUg5UNXCFpiVF","tlshash":"6ca208dfb1dab43c4362c1e2153f8215f23c39903a8997e8bd568cd5b85d842922af6d","size":21781,"data":"","first_seen":"2025-08-27T17:32:43.555517Z","last_seen":"2025-08-31T09:26:42.789121Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"43e28c5553d54ed2964bd5147521769b","sha1":"0a2b8c3db330a47aa7b9195e6dfdf944adb9240d","sha256":"d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23","sha512":"6dda085e4196167cf64287cb675c05b09bdaa291decebd1bea2b52ccdbd380de5875dc233fa3d439559413693f1e7974f485d60a2c1541bf62a8887bf5ff9811","ssdeep":"","tlshash":"1b80000c0a20c0882a00af00e000c202a0c2200f0220238ce823bce2a83c888808fea0","size":38,"data":"","first_seen":"2023-04-10T16:02:06Z","last_seen":"2026-04-04T00:32:59.776164Z","times_seen":125707,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery-migrate-1.2.1.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb05d8d73b5b13d8d84308a4751ece96","sha1":"743052320809514fb788fe1d3df37fc87ce90452","sha256":"1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d","sha512":"7b68a43a22a41404a2ff58e0da6a237492cad0fc3e56d216980802b4d5fb483895262a7e049340d6670002bdf899ba88c319239e60d0aae1ac31d98556b0ad6e","ssdeep":"96:tBySz91Gwyk35YrfBewIt9jKLKDs2SFNK7wIDBRANyCfVJ45NI:zySzvGw/35YbMx9jKLKD3UIDBR8VVUq","tlshash":"3fe196dc72aab5611ffa30a8503bd21b72b25aec140d95a4f08ccde5392cc5d413ab7e","size":7199,"data":"","first_seen":"2023-03-07T01:02:56Z","last_seen":"2026-04-04T00:27:55.941185Z","times_seen":19794,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/local/ssc/head_aozxy5.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c3261b46b0ab83708346a608d8c628ce","sha1":"39835e5d93ce2c5473c7375d9e4492878e598081","sha256":"a4cd3a4af2595491fd9ea98f5faeb959eb00bf0d04c9dfb358dca7685a27ab97","sha512":"cc1ad508f567605d8348557eb0908be2d0638eeb9dbfcdaf750978ed7597efade08560c04c31cdcfb4a7872892cae2c311381fcd91a849628ccda69bb4460987","ssdeep":"","tlshash":"14e078cd45513c04b16dd13811378509d2b2180c104b9d4f1d73e4c3e4d49fd207d38d","size":338,"data":"","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-03T18:23:48.103098Z","times_seen":245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b61954bcab3f84a4262d251bef42c20e","sha1":"8b94dcf8bf77de49803e9e4f5979080f1309c858","sha256":"266e1b1dcb4431cbf64d90ac504bd60c102528bbe7d33e7b86937a19966440ed","sha512":"e7f1874e3fc96ed33d61541020f95b71205370153a2a0045f1efc2ed370410648adccfa8323d6147aa33dc82d5b1f812afa0f05d87882406ad5ae1572aab8a77","ssdeep":"","tlshash":"dce08c0a18f82061112371380d6e9601fa20a90b9d58fc30be9e64a09f1c32e22fbbc9","size":394,"data":"","first_seen":"2025-08-28T07:50:39.269147Z","last_seen":"2025-08-28T07:50:39.269147Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eafa9a6400b2a1cd4b0c2517db1ba3a9","sha1":"df5e3dc9006b83a4dace96e2669876e0ff40b30a","sha256":"f7a76454690a56ef7be19151c80ad8c671c95de03d58043941ed1ec032dd1a19","sha512":"796f25db78ff85fadd87ab0773d62cc70ea34d719c5cbd1df2d197d425d32e8cc07cbc8eb6da357aa03dbd6a612c52acb3bc15c91be33a21663c2a4cb67a1605","ssdeep":"","tlshash":"d2c0120e10f3045b413330358986a81600230c0f4809dd003d1d51d07f6c51000c77a2","size":171,"data":"","first_seen":"2025-08-28T07:50:39.286253Z","last_seen":"2025-08-28T07:50:39.286253Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/google_analytics_event_functions.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"91261619158b15831cd458ba6ba873c4","sha1":"2e3f0e4d0ce2949be7e7b497332b5876d6bfc63b","sha256":"b54a7c7899a03158c5dcb12dd5cd74884e2a38f1f1e01087727d260782e15237","sha512":"d80ffb2941fbb0397c9c9238b03412a26a92b91fd3384122983574f64a5883230039fb42ccdb912cec3de1e49ebf37759b62faebc5df216187b369165ca04b1d","ssdeep":"","tlshash":"f2d0c20c3c197966c52f0e6c538a0825147013d6210150a0e041ec1c1f7dad7a5e3a62","size":282,"data":"","first_seen":"2025-08-28T07:50:39.163235Z","last_seen":"2025-08-28T07:50:39.163235Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"54eb531df9c57c0b68d254db293eb527","sha1":"f9e8f6556b72bee66ab0bd8b709fabaa9140ef92","sha256":"b34c7747fd0cf7d9a75af08abd1e5920c6c23c5e7fdc8c565797e932b4402837","sha512":"d3727c481f9eea7029cc014b8e68e41e08e04aff771128c037249284b6e28506179d9c5a7d918fe34a0e2325dec8fbfe471a38d0c3ad1cb3c8a2d63d57e583ce","ssdeep":"","tlshash":"c4f097bee891a1585bc335b89bbbda48d0ae0429d01ed803a8d6c4cd2e3cfc8143234c","size":519,"data":"","first_seen":"2025-06-29T06:50:48.72169Z","last_seen":"2026-03-29T23:49:24.01016Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.usemessages.com/conversations-embed.js","fqdn":"js.usemessages.com","domain":"usemessages.com","tld":"com"},"ip":{"addr":"104.16.79.142","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0a8177b6b4bccdd59686c3381ed129a","sha1":"0a28082e9554a4d33520593e53fb3d3ca615654f","sha256":"a254d898662af7575b45c956cc449ce03af7b4ef24470468f2104a90aaf9faa0","sha512":"2a58bc1c7047b0030783c385a27c83f6a4da4318ed2cdadf69f553902174dfb1389eb330a61886ba610177d4c8d3aad72aad7780e7bab8b1391bbe5f1f0ce891","ssdeep":"1536:hfK+9irsKg6qKt3fmdCQDjIiJpjgmlj6wzA:ursKrt3gDjIiJCnsA","tlshash":"d8a30b9639a4ecb912c780d6a43b3115e2274c397025f0a5fbecdde64c2598f1272b7e","size":100865,"data":"","first_seen":"2025-08-26T16:52:44.971734Z","last_seen":"2025-08-28T11:54:04.527483Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/owl-carousel/owl.carousel.min.js\u00261671638764","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"80b62d7eb1e016aefcad714936a1005f","sha1":"cb663bfb88fcb0100b187d3abfbe4af634de5bfe","sha256":"4a2423d603c5397bf3428038a8254a31ab74e1c74f179465680b37951f9390d1","sha512":"891cb602fe8ad54efc6f517dd557f1a4867d2fe1fc49ee425c6c3b1180e79a42926cd1db96900a8fb02c7cc9833b2cf7c0f4c730f30d0c0652f96cbec2289330","ssdeep":"768:WxtuB+m3uYALuCvyZBmyJT3SYKiM9omxXyRYm0Pn3J5vU4M24UsbcIrFy1mkYg:WOEm+blyhbKK24Jg","tlshash":"1a234f442ed06e8c239b93ba750ba8e7d11d0c5a1d4d849af03abc31359e61bf9fd631","size":47132,"data":"","first_seen":"2025-08-28T07:50:39.113749Z","last_seen":"2025-08-28T07:50:39.113749Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b61954bcab3f84a4262d251bef42c20e","sha1":"8b94dcf8bf77de49803e9e4f5979080f1309c858","sha256":"266e1b1dcb4431cbf64d90ac504bd60c102528bbe7d33e7b86937a19966440ed","sha512":"e7f1874e3fc96ed33d61541020f95b71205370153a2a0045f1efc2ed370410648adccfa8323d6147aa33dc82d5b1f812afa0f05d87882406ad5ae1572aab8a77","ssdeep":"","tlshash":"dce08c0a18f82061112371380d6e9601fa20a90b9d58fc30be9e64a09f1c32e22fbbc9","size":394,"data":"","first_seen":"2025-08-28T07:50:39.269147Z","last_seen":"2025-08-28T07:50:39.269147Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/tooltip_v5.js\u00261716308803","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d764312da69574d9d4118a7515ae7740","sha1":"2a307b035596e507164b539567c2b02c54928334","sha256":"9037fe8cf1c97f8c3cb768ffdd11869b0e08ca7ff5ba72ce914465e133adb55b","sha512":"4d2206aad1b3fff3b77932107e6aada15a286b2e0755e411619d23ca01df1ea9c249691bc673317c5cd6e317fde6aa734e7c3f83ece59e8966a4faaa4394f95b","ssdeep":"","tlshash":"2f41af6fe9b1625cc11adebb02efb20d53218560970a45b0a971b204e671742f9fa29f","size":2320,"data":"","first_seen":"2025-08-28T07:50:39.168416Z","last_seen":"2025-08-28T07:50:39.168416Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/4041721.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"12997b3fac63265b7b3c3f3c606eb95b","sha1":"595c7e81d709ab698c5252276ae5235632bc6538","sha256":"1b3148fd2ece996c15c7b8e6c03a0a6fe023b4ce86a9148decd65a80f1e7cb8d","sha512":"f2122c86820e506550d37125d457cf6bd47ee54df6f478e7d2d2dc90b42ae2dc13366d7c9e078bd6b0c536c9ecbce4651f961eefea29a2427fad7a08bea40d95","ssdeep":"","tlshash":"2a51f33f7c198c384ac58ada5779c959b1f530619510cc9198cec88cd5bdfe62417f5c","size":2510,"data":"","first_seen":"2025-08-28T07:50:39.244238Z","last_seen":"2025-08-28T07:50:39.244238Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eval","is_inline":false,"md5":"df4326de05b838372146d1a9edd6d3a7","sha1":"78918833e27c55b2e40b9292f6a0a19e098e9c4b","sha256":"0f8cdd8d33d90379a70ea3eab1611fc7321be254b1dff657154422e55caed41e","sha512":"431d666955d05938a9d8bab5ba30bd1879b2a6eda3a96a9a77cfe908873b059d89421418f62263c674db6c240a768c039cca8eba444c70eebe146e5584e1b6dc","ssdeep":"","tlshash":"d8e092f7f6e674a4c51e0044c5936bfcbebcc01497504d7299657f3a13469eb0428e4c","size":420,"data":"","first_seen":"2025-07-15T23:09:24.907634Z","last_seen":"2025-11-04T04:58:37.234708Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"dfdd5bbe9c2baea62834f6b7553c6556","sha1":"8d7f9d781b67db14626c94c8efb89a40cf0577a9","sha256":"98bcfa23f13d0138bd181cb4f65f83b2bd87132da4a61b735de4ace37ad6cbe9","sha512":"d9613f20fd993c6b29258f94aa220c4bb2e0d6373d9515ff014da39fca364f994f86270f8489362ad68635464d70497091eef62dacf3412f34c9708efa696839","ssdeep":"","tlshash":"0ff0f14d342914d509b37afb37f3481c7815220f6800fd637d4cc44c2f00551005639c","size":449,"data":"","first_seen":"2025-08-28T07:50:39.294046Z","last_seen":"2025-08-28T07:50:39.294046Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/responsive/nav.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"824aa97a6b271629f827eb965dec0b7e","sha1":"1daf760e9754ad81260fe80be2d9986782f2341c","sha256":"bbbe4aa39c83ded2ea9cc1a14101f71b4cefce4f607b4efcbe389adce319d13c","sha512":"dc5b46c46fb7aa83dbbd6d08944cdb8cf045ec3263e87f6bdcb51d54d6ee58d75c9db22ef4732307e1ba490002bc3c56031ff83322118095367fcf27a60e705b","ssdeep":"96:2SHN7/bT5MS/EkQBQVGUSQBQVnyeHGd4vS16T6fd3+OAN:2SHN7/bT5MS/EkqQYUSqQZycvS1c6fda","tlshash":"9db1136ce590923900ff13ba145f2b807a722c56db05c524e4b5c12c2ef9fb197a776e","size":5195,"data":"","first_seen":"2025-08-28T07:50:39.260701Z","last_seen":"2025-08-28T07:50:39.260701Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"eventHandler","is_inline":false,"md5":"9cb28bfcaf1211049e681a4a1a93d24a","sha1":"4ae96a51646034dbd87a9c698e44edf2a0e5db27","sha256":"2eed7cdf42c24710e6d1efe18a8ba508d6da506571515151c0b1986739be0635","sha512":"d5d2ccb374df1f32b786cad0c1adac88d3a24229c955dc96a913c533effa91662d214fb85ca13fb09047d5a7abc075cbacab9539168140c97393a4476d2e9823","ssdeep":"","tlshash":"c8a02440744f707c4341470005333713df0441454c0114c4d0c00114341d045f0fdf31","size":74,"data":"","first_seen":"2025-08-28T07:50:39.263645Z","last_seen":"2025-08-28T07:50:39.263645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"f9772dc1db1654cabb0a6b21013cf4d6","sha1":"6f99031ed1368efd0c05e3c394ae223f4528c89c","sha256":"5d0f6011592b07f261b0195f257b15f95d179ef18f13244af6fa426c0132000e","sha512":"32d8ee81a1c879756f6d4f3486c806e9564b265cdada64224146b12460beca71c44cbaaee5c7ca118a7356c19f32a9e6f9e7aa8753e31a9ac38c6b84258e505b","ssdeep":"","tlshash":"d1c0c0073c10c018b44001dce422fb4d0951054c0840ed51f0d000551144ec91531d90","size":176,"data":"","first_seen":"2025-08-28T07:50:39.296537Z","last_seen":"2025-08-28T07:50:39.296537Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"351b69c537dd06908b8f6d417352c17f","sha1":"1c6da4a4c20a761d68f0bdee35b6199b10143095","sha256":"dc0dec237ad2d6bd048175bf44323c1198e2da8f472b26e23660d24673b1b169","sha512":"74161d5b90d6059a968ba3565353ca16c9ff27bfbcd9c75d8b4e118fb344ac7712e59a64c9d4d81e4e5d73cc801b3fc1a53bf6e1e48725720c15f8c3ba051ff9","ssdeep":"","tlshash":"58c08c13bca9d108b94002ecc43abb8d52aa525d1a60e892b5e042652016e8e2b32aa4","size":177,"data":"","first_seen":"2025-08-28T07:50:39.298946Z","last_seen":"2025-08-28T07:50:39.298946Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"25c6fbc9e08f7c583f19a95e84cfefc3","sha1":"4d4ae7fb2abb911cab2a9f6e0b0c17463e92b5d1","sha256":"b1554d3e938ed414a0f8743d2e2d28b7f3dc03b10ab1c95e8327e55324c678a1","sha512":"b3f4e7f9e9bd0e4097b24cc1546b90e813667481377fe6733437cf0bb5608a27e4e14d976c08627f7db812f7bda20f10532d65ce7b37989402d43f6147fa4e00","ssdeep":"","tlshash":"87c08c2bbc16c05cf88103ecc47ab70d44a642480ae4e992ece040961462e8e1aa4da8","size":172,"data":"","first_seen":"2025-08-28T07:50:39.301Z","last_seen":"2025-08-28T07:50:39.301Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b2c3b5963efa3c49fba12b11165c5057","sha1":"23b6c8317ceb84b8f98cd3fa258db7eea71967f5","sha256":"643ac4264ff69a0310796d0bf405aaa7cb4c4de108c678cb75d0bd3433526c5f","sha512":"0fd604f24a9f1055c11b930b829d6d8e2270a1991635e70290981c0b727745e0e6f791af83dc640d949d6279239fc1252411ddc07b9d251ffae6ab70e2d69b6c","ssdeep":"","tlshash":"f5c08c073c16d548bd8406ecc4a6bb6da09a468c8e60ec85b9e005a81047dae1a3a9a4","size":171,"data":"","first_seen":"2025-08-28T07:50:39.303033Z","last_seen":"2025-08-28T07:50:39.303033Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"92e5fdd35cc10111d077df6b47dc8f5e","sha1":"1dd38b6246b097127b43d58ca959c4dbcc9935e1","sha256":"a062630e9d7f8a57a5e6fbcef07012106866ba837726ad04f1a15d3644a3c612","sha512":"9f9c0b20b7e5b671da008ed580fdc212336d9e266c531eae597ef0771236257b83dd25824ee6ba4f829db46d33c9488122465e9bd5542d59077d7e504f3dba87","ssdeep":"","tlshash":"01c08c1b3c45d028f84412ecc866bb4d84e6224c0950e992f5e000a92669aca1a76aa8","size":174,"data":"","first_seen":"2025-08-28T07:50:39.305042Z","last_seen":"2025-08-28T07:50:39.305042Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9bdea299bc1c345dfa0645216bf90409","sha1":"f94b592884724139c450d94beb3a81e0b8a5215e","sha256":"62c8bb6220aa0c3e6397a81a1d2bb1cb7448cb9898f8d5680a07fa201dfac9b7","sha512":"9062ad1fccf09456934bcd162ea769b410c7e3b108a7051e74a6f4896e9655a3fc8acc89b16a92dab2b0c36b7565753ee642b28aef30fb28e67e7d26465d37a3","ssdeep":"","tlshash":"24c08c233c06e088e84042dcc4a5f70d909a069b59a4f882e8d0815c2402e8f29689f6","size":171,"data":"","first_seen":"2025-08-28T07:50:39.307177Z","last_seen":"2025-08-28T07:50:39.307177Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9d4e8dc37eda58d1b2820b45c8b66a3a","sha1":"7cf1c1c45aae58566c002d0cc7ed6497af0887e8","sha256":"77f965231822af73ba3310bae69d871e824342e049f545b1f8bd9c220d190ddf","sha512":"b17f9f85ab54b3bd11388e26000c9ab746e4175d0f255437f2a215e1cdc87fcd196258080431810dcb4eb47a48123af21135e514a756f8e614a4bc89bc83983a","ssdeep":"","tlshash":"62c08c07bc5bc04cf88402ecc42ab74c4866428859d0eca2f9d040a52420fde1a65ea8","size":173,"data":"","first_seen":"2025-08-28T07:50:39.309115Z","last_seen":"2025-08-28T07:50:39.309115Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b77794e4e402ff56058b1196daa02b7f","sha1":"c426e7ef28c6633a0f79ef5971e8b40f22e180be","sha256":"da29d3709337f890f8145d26f6af1ed97248a9a60997cf1c910931d20a7cc1f8","sha512":"e7088fd6b3e64b2def5bd1cb38d8a694bbccd7ed420c0d15b88ce77f1a040a3dff55c6eda28749e337e1c4f13c69fef066591c0eb271522c261ae4d7dce6d826","ssdeep":"","tlshash":"5dc0800f7c55d408b88501ecc5167b8d4457524c0960d955f5e041943555bc91671d94","size":175,"data":"","first_seen":"2025-08-28T07:50:39.311066Z","last_seen":"2025-08-28T07:50:39.311066Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f5d743b18834b6886cae6adbf05204b7","sha1":"8824fed55666c41d50df0f3ef99682bf37ed1347","sha256":"661901231ad5eef392368dc8257338db20936d5b2c65c0540761df133b3e8247","sha512":"2406fba58e7c40cd138a33e76f4d3755a86fb1493ad53cdd0780677154095d3fb62c7f2079f036901c31887b91fdfc2e7a075ee2bdcbf2e631cb607c3620e0bb","ssdeep":"","tlshash":"0ec08c8b3c55d00cb94002ecc966bb4cd095425d1a54ec82f9d05ca8598199a2a389a4","size":169,"data":"","first_seen":"2025-08-28T07:50:39.313192Z","last_seen":"2025-08-28T07:50:39.313192Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f634a8eef6d5bb53c1e6efd366e1d73f","sha1":"b7d6190deff7fecf036a1dcf4fbe7435d4170159","sha256":"df0e17daa5d434cb2523e6e61036d29b079ba248cbdb36c2fb2d9071d256d40a","sha512":"bad28d0234283a4f1e4b6b88ec198fdf17e2d415f62e48af13aebde623998ab32c5e176e8078807de8785ffe113832baa2fa8676786c02307887eb33af5767bb","ssdeep":"","tlshash":"34c08c1bbc27c40cf89006ecc92abb0d845652580ae0e997e8e040a92426ece1e34da8","size":173,"data":"","first_seen":"2025-08-28T07:50:39.315752Z","last_seen":"2025-08-28T07:50:39.315752Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cb6c83b1dd05def8bcd74702702048be","sha1":"440a5be2f067c4cfd3629a7355f63a69817e9828","sha256":"6dc003746f020dc7a78fa663fad9516f997e01e71280daa20a868fb9b9fe2e48","sha512":"569a156a393db61c41cbd57c5ca6c6614507842b2f492e5368cdd59a8fd1e8c07c586b2cb422109c99d844281327cd38f34077c6a143d0d57b9a24f1d90538ec","ssdeep":"","tlshash":"8de09af7f6e674a4c41e0040c9932bfcbebcc00843904db299617f3a13469eb0028a4c","size":401,"data":"","first_seen":"2025-07-15T23:09:24.918406Z","last_seen":"2025-11-04T04:58:37.235564Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"39428ce023a053cf20bdbbe3d1d99334","sha1":"0175c0b481552d601c885b99e1965f32c5eff13c","sha256":"a1b20079e8213abb473210cc8711d0ec402776ddfc4f979d82491a8113b6819a","sha512":"a4697ad4e2fe767f3b5db98d744b9640c65bdc03f9ae03937e5c321c8ba53a16f045b083df0e8018d63e3a62d881234d31621b5ff7f099d1c8689e89e4655ae7","ssdeep":"","tlshash":"4fc08c037c25e148b94403ecc476bfdd62aa428c1aa0da81b8e041662049e8e2f31da0","size":177,"data":"","first_seen":"2025-08-28T07:50:39.319921Z","last_seen":"2025-08-28T07:50:39.319921Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8320ddc3faf65117fb4ce1e457051c37","sha1":"824f819ef09e7c4b3cb540d85898c4ab22b3e2e9","sha256":"339491a490af6a1a9f5dd65082150525b835908e184b96cfdd7d2a64ac889e87","sha512":"3ff65363abe2323c2e14a9d468aca214e2b5932436aef07b65b3713e04c16246d563ce6d8f4e1f31b0be8e2493d4118ee27a9212c85bd3bd1404803a9b10ced8","ssdeep":"","tlshash":"29c08c133c4ae0cce85052ecc5b9f70c9056125f6990ec86e8d052586406e9e29209f4","size":170,"data":"","first_seen":"2025-08-28T07:50:39.321435Z","last_seen":"2025-08-28T07:50:39.321435Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"dc6530f7e32ecd1ffa6fc7671aadfa64","sha1":"22c61bcdbdffb6acd9fc31d7a4cbec282f03d43e","sha256":"29dd370ad8e1fdd63841a87b9808acbee71b37926849381a6c4ebcb8ad75b9d0","sha512":"2cb6e03f7687a94a1c8c03484e6be4b0a621587e59fddf9efb39d976cfdf73b8f1137f67fe28ec5e907f3bbb060906ee602e379bfaab5c3e63e068434d178d98","ssdeep":"","tlshash":"c7d02247bc95e04ce48202ecc02e7b8c80b6078c05e0dd40a5c001e4041598d0671cd9","size":195,"data":"","first_seen":"2025-08-28T07:50:39.322688Z","last_seen":"2025-08-28T07:50:39.322688Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d7a0e8fb8da5834a999197829ec4408f","sha1":"9410a3d96161b9d88e0bbaf32621202c80c7fd7f","sha256":"01a3dc7723d4d11781964783ac2959060ecd6a10c51f700579c9c526adf2bbec","sha512":"06b3072c94b92ae90064f9b236a02b6b40f9730aa2f38748da7c77adefe5e4ff0579b17b6ed8f340d120f0c18c7586d2b5947a02f35014612dc89ae348f92791","ssdeep":"","tlshash":"a1c0c0073c01d408fc0003ecc0537f4c107c3b4c5590f982a4f211041700dcd2438dac","size":192,"data":"","first_seen":"2025-08-28T07:50:39.324564Z","last_seen":"2025-08-28T07:50:39.324564Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e2c95fd1aee08730c4ae9dd37a716046","sha1":"90c0a620fec9a7838a2adce5d1bd79e9b18a8257","sha256":"4bc3728deb5958cf929848de5f415441680f7766edf4609ed39e798ad78b9019","sha512":"423e7c0c01106c904226b7c3242ae66b1e086f41b6096840aa1f5a57f0371635e8a2465d0f0643694bec241eb720664ffe837f6f80fc929fa90d24b031cba06c","ssdeep":"","tlshash":"1cd022077c1af1ada48202ecc02a778d80f9034c0490ed44a8c009e8292988d0622894","size":197,"data":"","first_seen":"2025-08-28T07:50:39.325925Z","last_seen":"2025-08-28T07:50:39.325925Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d26cd0877a4b958a19ff3e20e87c2ec7","sha1":"34a038c612bc88fd463b38046ce27c8ee1c6e5fe","sha256":"9042a3feed3e4d8b1effb2549ae76299c2abd05f3f2225f4b21edbabc36cf28c","sha512":"dcd084c0bad200e529d5c4745103c924a7ea8dee1787f268fd7eee245ad282c8b82a3077f668590fe5d2e4d5ce74258768c44630df2338404dd08013a7b3bd07","ssdeep":"","tlshash":"a4c08c177caad40ebaa502ecd879bb4c4081928c2990ee86a8e060652821dba18258a9","size":167,"data":"","first_seen":"2025-08-28T07:50:39.327354Z","last_seen":"2025-08-28T07:50:39.327354Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9f2406d7b1efea1e57df83e627f07a2d","sha1":"945e1cd419927e9322a12b9a53df14904d828e82","sha256":"9a3ee81537f550efff56c6408b82a79d75f84a57329c5b87f74ef86015f95650","sha512":"14b333a1501a3df4346b0411e53ace395d3119908aad54a60f0d4b0443d918eda7202a605ccb5c2b6f04aad326878905ef0ae21dabf9acf605306dc63a9d773a","ssdeep":"","tlshash":"99c08c07bc2ad01cf88002ecc87ebb0c645656485ad0e8a7e8e040976468e8e1960ea8","size":173,"data":"","first_seen":"2025-08-28T07:50:39.328725Z","last_seen":"2025-08-28T07:50:39.328725Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6353a626ea3465977660a68dcb0c142f","sha1":"0c9d0485b954b64c4112d6c3e6a0daa6d177da98","sha256":"a7fe12434c53896b6acc37673ce4714387348cdee1716b2a2376f71a7f15a0ad","sha512":"085099a524cc13d374482e52d7fd647fdc61e0f542f6db7073f1dbd402766719b047723ba0c875cf1913a4d88ab80bc6521799e8e9a79eba5aca03a8dcd9cada","ssdeep":"","tlshash":"88c08c07bc15d008fd8502ecc876bbdc52a642ac1b60e982f5d0816a2415ece5b31aa2","size":177,"data":"","first_seen":"2025-08-28T07:50:39.330236Z","last_seen":"2025-08-28T07:50:39.330236Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5ae96515980eff7ecbcf441f4515446e","sha1":"308bf62cac1615f384f427cc0f5a1346eaee9d24","sha256":"d8dcca275e617782c9210f1d8ef4e7a651bb6a5a1e9a1700b0aa41cb1fa20a63","sha512":"6f5f3028d47018df5c0995a1bc848c69d73d5cc05e9ee29b95965dba28468273bdf37582f8ccf4a10a079ad3ef3340524dd20111e961d992483a184753a8cd58","ssdeep":"","tlshash":"64c08c03bc25e00cb98002ecd43abfaca2a6824c1a64e882b4d041662441e9f6b72ab1","size":177,"data":"","first_seen":"2025-08-28T07:50:39.331573Z","last_seen":"2025-08-28T07:50:39.331573Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"953a252bf9a7b7a663200b012155e663","sha1":"cb56157cf729108f171cda4e4ebd706845ed9789","sha256":"bb320727416f5544294ace35fdfd4d6d153584e6732622820639607a10fd2a17","sha512":"b829f449304c305ad7ea60d78d40d30d1b2e1898120d3849418666cb5115bc546554a6f635bc1262cd45f7756e9d51f54d3de378938d11fb90ab721022c3812f","ssdeep":"","tlshash":"91f052ae6c91e5585ad335a89bbbd64cc06e0429101ed803a8d6c4cd2e2cfd8183624c","size":508,"data":"","first_seen":"2024-10-28T10:46:02.890122Z","last_seen":"2026-04-03T18:23:48.162086Z","times_seen":1215,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3eec131551de74da742be42d76954094","sha1":"a78b877c66e426471e3058d23202ae6feb15cd50","sha256":"879dd1f05d1351558f2422e3fb40cb61b24343b6ee0f0ddbc01b835581c4ea83","sha512":"e637a3ced2d53ad1e9a35f6dfd224dc1b0dcdeb91c2f942ed8c8a6efc654df042ee62775488d7ab96cb2e9b323c2d8423bf7a6b560e0cc69d26b0d2c10fefdf5","ssdeep":"","tlshash":"dbb0124f1c01c542e8b104ddc5b1ed6c48a5a3547260d948c1de81c4525c78c1c01ec1","size":104,"data":"","first_seen":"2025-08-28T07:50:39.334423Z","last_seen":"2025-08-28T07:50:39.334423Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ea9290665055c2e4781a307ef218c72e","sha1":"2d9eab9c253af40d420c88d056f40ddc5fa80dd1","sha256":"b0d573a329515455b0a6983f9270ac99b866c06daa0d0226b90e0dd2b229457b","sha512":"fdcd305b6e6467d915ab212acebd0e09f6c8649c6393683000101b933aadd3d7be71a605f42c5500d1b833f1c72a39b0606aa8eb65a8bf7e481e323285ce2d34","ssdeep":"","tlshash":"33c080473c05d45db54101dcc426bb4dd1e5464d5550dd51b4d048d51541d8925344e4","size":170,"data":"","first_seen":"2025-08-28T07:50:39.335535Z","last_seen":"2025-08-28T07:50:39.335535Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e21947e821bff2a32672c150f5df6149","sha1":"b98cfe78b94caf130925334c91513209d9ca7ec8","sha256":"b10445f6c7b44cc29f55b52182679523cd231f41b8b061f7252173bfdaa8e403","sha512":"5a965faa49492b0a39889b90625f3e7e50e563bee8bb1bda8b4aa175bc61e723ebc106371a846aede52933fea2754164702639d11cf3939f8f1dab936a60c2d3","ssdeep":"","tlshash":"2fd022037c05e08ca88203fce42b770c81b623ac09a0d848b8d041a8043988d16218e8","size":195,"data":"","first_seen":"2025-08-28T07:50:39.336815Z","last_seen":"2025-08-28T07:50:39.336815Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2bc459e17667469bb601fcec35298dcb","sha1":"2bc7981337911f3698d38fc527a7f4b9ad42695f","sha256":"8a501290db595e7135d5ab5549d12a9298a98dc9bcf6deb68216a33124ff7f34","sha512":"36aaa2bdcb294b7b3f4a53beeeb09aa6bcb6ccb315b6660fbfe1e9467a55421744ee109d539ccdfa01727a30f2123c60c18158b4abe19b471a53e609c8db2a6f","ssdeep":"","tlshash":"8cc08c0bbc27c04cf88002ecc46abb5c4456465c09e0e897e8e040a92820e9f1961da8","size":173,"data":"","first_seen":"2025-08-28T07:50:39.339073Z","last_seen":"2025-08-28T07:50:39.339073Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"21f7a6762e63ff82ff9888c38b82814e","sha1":"ef03cf0672b722c2ce961388730dd7308b243b10","sha256":"554862bbe560ac8a26982caf4e0901ecc82f3d326e1af3a150b64e4a0894a4c0","sha512":"cade6cf0ddad2ecd3f48d054241bfe0b200810d8d5c6b5cb96acbf7620dce87b845fce345a34051267459b67b3175ee40888ce95be3062794bb20109cd0625ab","ssdeep":"","tlshash":"d9c022033c01c008a84003ecc02abb8c116c620c29a0d982a4e121491b20e8d1438aa8","size":192,"data":"","first_seen":"2025-08-28T07:50:39.340741Z","last_seen":"2025-08-28T07:50:39.340741Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"336dec4d3eca23cf56be74ef48b97f86","sha1":"90161df6dc88e5220f0364136e70db7164d9079a","sha256":"d8ba31bbaaf79e3df097992e91206bdab4035a5bc275945bdfc3c81de01b68cf","sha512":"3d986db9ffb41ce308e05325d8c5ab16a4dff75c8eff2a5c5ab43e79429cb40f85d5a0f202e474521a22dcce86c9e028e89d8de701d8dfd530760dea3642c99e","ssdeep":"","tlshash":"12c08c573c06e088e94582dcd4b5fb4c9096025b5da0e886e9d0406d2822eee2834df8","size":170,"data":"","first_seen":"2025-08-28T07:50:39.342423Z","last_seen":"2025-08-28T07:50:39.342423Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8cce1842bcb86f875553ac903f4dd148","sha1":"7e767432d28eaf3ddb3fd854163a85887c93fde9","sha256":"fbced332cc962132553e9f53d022893c3fff5d0a35f9780685fc915809321ac9","sha512":"ab5209a4be5db771cf92c5b9d61b10f42f50d7ce2cd3ccac8931e33823726dc98ed7631c44f6419a49a5c0c67687818cb2ae10a9666580e24a37aac236181f88","ssdeep":"","tlshash":"06c08c873c45e008b98402ecc4a6bb8d91e9424c6a90e886b8e024a42441a9e1a3e8b4","size":169,"data":"","first_seen":"2025-08-28T07:50:39.346302Z","last_seen":"2025-08-28T07:50:39.346302Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"64f501a0df92021741d0b9d40b3dc3ad","sha1":"d654ef05d293286733aa8d93cc1ec22dcc1fa092","sha256":"ed316c08598750e116406b0b0f23642043c767536c3b6918abe49a28cc9c3fd1","sha512":"225ea33f5719edbf87e8b987e0462da8a327f91ccdff6b0e36a4aa832ecb16c72b3ea1595d7ce9c6aa38db4a9867f18d13a5617ec552a98f7ef6d1cc41cf5c84","ssdeep":"","tlshash":"bcc012477c46d508ac4403ecd4967b5d51bd264c16a0e991b8e151581620d8d25389ac","size":192,"data":"","first_seen":"2025-08-28T07:50:39.348104Z","last_seen":"2025-08-28T07:50:39.348104Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a6d47d31cfbaef2994d6bbdf748dd5f6","sha1":"2fa26e7a65fdc536a1f9062e4e540a72dd792694","sha256":"139ae9e934b3c57a9b92d0b4fdc1fc057f40fa54ee64293dac58aafa3bed8e04","sha512":"5e00f09e688169b30606be971e03c9cff02268c4a9785448b40ba9e7c17fe9e3fcdd74efbd8ef278137faefc070c24f43d4e01d2cd7c8e08680169a3f43e76e3","ssdeep":"","tlshash":"b0c08c077d26c808f99402ece835bb0c40c282ac29a0fa81f4d040a62561eae18749f4","size":167,"data":"","first_seen":"2025-08-28T07:50:39.350963Z","last_seen":"2025-08-28T07:50:39.350963Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"02da04d0f6aefbdb7968fab4049a8428","sha1":"532f9f0f69a79ed7e890aec288fbd47f62f8e120","sha256":"c81d38a9f6d86b05499c4c4dfe7022be56fe1a6544ebb5b672e42339a615d726","sha512":"240cafab6e9192bd1b71130ac31adbcacb586bc2c6ade1ae36221d6ba4c74e401c3b0752392214f6f7b567d5cd5c02900c975e1615bcb0a6b2f09c9f53e65560","ssdeep":"","tlshash":"2dc08c473d26e018ba8202ecc427bb8c90aa526c8a60e8a1f9d014a41081dca2a388a5","size":168,"data":"","first_seen":"2025-08-28T07:50:39.353675Z","last_seen":"2025-08-28T07:50:39.353675Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"45ba5881454ecefdbb7009524d446017","sha1":"30c0731cd636eb253d6c8b5039833953a407394c","sha256":"1c79cab4c1512a9ca338a87b0aa298d989a75278f703b2a237bb552796d2c6c9","sha512":"4d2f90badf771fc0ef1c684309c14ac8655a1bada2f41c7f6d25521aab45dd2ea99e4a826ade68307eafe0492406b9514a0ede8b3436c214bcdf150817bbcb9f","ssdeep":"","tlshash":"b9c08c0b7c26c489b9d002dcec25bb0c80958348a9a4fa81ead090a525219ea18648e5","size":167,"data":"","first_seen":"2025-08-28T07:50:39.355755Z","last_seen":"2025-08-28T07:50:39.355755Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"acb7df1246a428d04798ef210abfc4f2","sha1":"37e2d1d2da0a17dd01660cd1a720f608aa51781f","sha256":"e1a691c000104f32fb04bca26eba904ca40e266fda4b8fd04f7a57ffed3b36c5","sha512":"5dbb3e72a25bc1f40859453372b594c45f98ed4368ae72fde0ba5c732dcc0f92548ee4e1bdc703e32a72f6cfc3b4fed277837c7e241b0109192764a9f688c2a1","ssdeep":"","tlshash":"4fb0120f0c01cd06807404f9edb1de5cd5b2930c61b0cc9942c00150f75478b6d00bc1","size":104,"data":"","first_seen":"2025-08-28T07:50:39.357763Z","last_seen":"2025-08-28T07:50:39.357763Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b66f75283d51a4535f18fafc51268df7","sha1":"dc918fb600ee067037284010b0e3eaf7f07858c0","sha256":"c241fa50f3ddcec15fb68fff71f005682e30a5c5a85ed16bbcd226dfa5fc766d","sha512":"f827047a1e1ba4c08f50bb19cd3274f99e727c1284d46052fb34378947773b308675149588482f0f54f5e323f15f2482318435c18b49d29d3365c05c6cfacbd3","ssdeep":"","tlshash":"8cd022433c19f08ca58202ecd02ebb0c91b5036c0490d840a4c045a80825d8d1672898","size":195,"data":"","first_seen":"2025-08-28T07:50:39.3597Z","last_seen":"2025-08-28T07:50:39.3597Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0e217361e982e02ac89b6ee115e9ff34","sha1":"9aafc2e3be55525e3c86893ec070f0f0e3ef17bf","sha256":"563a70aa12ccd67d7d721e9221ab8af94b22668f40568cb4ba50979acc395b5b","sha512":"0c7c2ad5c2358334aaf023bacf9e6cd8af8b5b37b6e0dde5d9c067ad8fba90ad6926debd19c9adfefc29d3a78a988c947c39d7f96cd2d4fdbd455a785e1d2029","ssdeep":"","tlshash":"80c012a73c47d508e94403ecc477bb8d617d264c1590e992a4e252552610dce1538da8","size":192,"data":"","first_seen":"2025-08-28T07:50:39.361994Z","last_seen":"2025-08-28T07:50:39.361994Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c0bbdff43b8464a95c074722d34af5fd","sha1":"3d210bc5d9caafbac0b43398e0b66314da122523","sha256":"ac790c78f582f4abd8342dd1bc5da36d76887deea82c71f73480b5eab25236bc","sha512":"f00e54bdfdf28d8ce1519f06fc3f808f9dffac5951fdb1f02a039befb1c0b06e9f54795c0fa2b55972e999bbb75ebad4dfc527e515655bfaeabc09b7d8d9d650","ssdeep":"","tlshash":"e5c08c43bc16e008fa4013ecc466bb8c52a6465d3b50dc81f4d04166a401ece2b35da1","size":177,"data":"","first_seen":"2025-08-28T07:50:39.364186Z","last_seen":"2025-08-28T07:50:39.364186Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d24e93786940bde917b7bde62fdb05f4","sha1":"f535c701ce91e4f06e678a4b78fef39172f59d16","sha256":"d5871b31517083653833b67ce570416fd1f622f5a8056575fa37a2cb14744576","sha512":"3493537fb1121d5c817285310c7cd4d39bfe7fc9ee196594ac9e85d1d36421f2ac7e5fda14be10a59a45ad4cf63c029238506ccb6d6d1a5bd47b3e65ea391251","ssdeep":"","tlshash":"aec08c1b3c0ad0c9fd61a2dcc5b6f74ca04a029b1990ec82e9e240982602d8f69249ea","size":172,"data":"","first_seen":"2025-08-28T07:50:39.366437Z","last_seen":"2025-08-28T07:50:39.366437Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"30ab4f0f9f28b18696961b4308ffd833","sha1":"d10a4730f90a88dbc9a25466175018f383cd73a4","sha256":"90b3795ecc701b26aed3726c72ff0a55f620ca885c92b1bdbca0dfcd9d99e4f0","sha512":"d12f351990624619f4d37db9b81529f89a5cc6b2ddc92e4de3199dc257286559b74d6eb152ca42b4e49a881a94d82abcc0f5de33620168ed95708dc209792d8a","ssdeep":"","tlshash":"dcc022433c81c009f90003ecc4237f8d106c264c0990e883a0f112081a01ded1438da8","size":192,"data":"","first_seen":"2025-08-28T07:50:39.368404Z","last_seen":"2025-08-28T07:50:39.368404Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e57ae859f390df7a567d9f73c8ee363b","sha1":"b1ec4376ef5f3ad8eea14815a14b4832872763a9","sha256":"2275c2e95405acce3d661898bb4132e2ad261a21da58c51a48f9689b73568611","sha512":"b6252f142339f94f1fb10f86965f95f86b71b7291df4d0231d28dd03ecc0ede6bed9b2c44deb491ce7d0d60aa77eb594f8fa0ed6001b46aa49c7c2ab696619bf","ssdeep":"","tlshash":"37c080173d55d084e54041dcc475f70d5055055b6d50ec82ece044591411d8e24209f5","size":172,"data":"","first_seen":"2025-08-28T07:50:39.370202Z","last_seen":"2025-08-28T07:50:39.370202Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"dbc5eb76fc595aa8ffeed5c8c4fe3d57","sha1":"de65978a7386e7c638ab15042f653b9ca8a74401","sha256":"30759df2bee5e6ee9f14fee74582bf297f9a075dd5e99a3a2e89132b9df65d3f","sha512":"f19498d6034db7ccfd8cf327d2cb058660867a838f009e58bdedb951f5410ab37a2ee28c1aec93b0965e10bd73c4c7604f3bc3b8b48235c002a6059406571aff","ssdeep":"","tlshash":"3ac08c273c4ad088e94052dcc8a5f70d90a7029f19a0e886e8d0449c2a02e9e2921ae4","size":171,"data":"","first_seen":"2025-08-28T07:50:39.371991Z","last_seen":"2025-08-28T07:50:39.371991Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"af6ad73803bd2336c6461be04adcbeda","sha1":"7828ae492429d89a628dfd99a8c8e4bbf13d9f90","sha256":"25efbdf4682fa24ee2c997510ca65d7042fee5b8c160f559462102a9613559e5","sha512":"c90ac51e2d72fcd3af435a75db1cdec199891443bf2a09345e5d3ffb6784be4e9194f457db7ae9bccaf2fa24635fb20a625608eb91fc54d62eccab7ac90abebe","ssdeep":"","tlshash":"2dc022073c05c108e80003ecc026bb8d647c220c4590d986a0f102052600e9d25389a8","size":192,"data":"","first_seen":"2025-08-28T07:50:39.373838Z","last_seen":"2025-08-28T07:50:39.373838Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6025a459aeeb4e83d57117b32ed2eddd","sha1":"d46a12675c3d5cf90f98f37138352adbde2acc21","sha256":"9ed99840367e4f8843ec1a5cd0185ef1556b21b283fbedbf9568232434585433","sha512":"0b3bdab67e83b2428b5ce8bb4ca3ec9a271d488ee18b05a218ecd6280f69b1dd84d894fae8458ad060de8dc305ef0feaed4d79da8cba5d97e7d8295f263f8d82","ssdeep":"","tlshash":"9fc012477c15d518e84807ecc457bf8d51ad664c15a0e996a4f112542a10d9d5a38aac","size":192,"data":"","first_seen":"2025-08-28T07:50:39.37568Z","last_seen":"2025-08-28T07:50:39.37568Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7ee744f48db821c07d27b9eb8833de4c","sha1":"d1adca0303c5ac8b76780c4bd2f11ead0f0ab92f","sha256":"ffdfa401e21ce52d4d3c0d0ea05d0d634571c0e996bc09cac9df5dac879f3567","sha512":"ebb636ad47d5db0520b1ac62687c07b0ea6f440487938eca60e3afc1a92f16d5922a94c7e014987031644ac25c90fc520303063ffa09e72a88e9b2a95839ccf4","ssdeep":"","tlshash":"c6c08c173c06d088e88452ecc5a5f70ca056225f1990e882e8d1405e2412d9f29219f4","size":171,"data":"","first_seen":"2025-08-28T07:50:39.377889Z","last_seen":"2025-08-28T07:50:39.377889Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"10e0a3e9804a9409bdbd83618ec51742","sha1":"b892e68fc87dc55ba768e40a6db4325588237b2c","sha256":"a06161a8d7ea967c351331b436327ce834aabcf750b442a5f6226fb320a69df0","sha512":"303818256a195695191ab3776d34caa694ef2d6a46b888ac663389f9e64e0e3104bc34955ef089e90a4c96f33af1ecedbc22de55b6c9e4b9f4fef026cec765ac","ssdeep":"","tlshash":"34c08c273d46d888e85442dcc9b9f70ca086026b29a0e982e8d0805d2482d8e2820de4","size":171,"data":"","first_seen":"2025-08-28T07:50:39.380063Z","last_seen":"2025-08-28T07:50:39.380063Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"11c409983e707cb4849da9631efa1651","sha1":"f6e93e062257442ff49d9959fbce1104f4b7ea27","sha256":"28209fe740ccd3e70b978b42b3be1d6c30f8d6ecfd1f375440431d32a679cf76","sha512":"cb9758c1ae1ad08269bdb2aaa198e055257e4e710ab4cab71f1fc3d2e7b9489b2caf89c95c211e07064d562393ecb0ce907185870c32c91707b6267538c2820a","ssdeep":"","tlshash":"dbf097ae5c81e5585ad635a8abafe24cd56e0024240ec843b8d6c4cd3c38fe9082534c","size":508,"data":"","first_seen":"2024-12-02T17:13:45.829962Z","last_seen":"2026-04-03T17:55:51.438048Z","times_seen":306,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1d578201686e5fe9216a8cb200852b4b","sha1":"c20352eb7e2d13e1a34450ec529ec9af8731653c","sha256":"c021e1d6b8ed57860f482c4c51eac4c41401584fd67ab93a9b19d1e3cd4fad61","sha512":"b229a5714221386fc415ce36e1e7be604fa28127e3cdfeeb7a6c4716cddf53a8f8475889890e513134f6fc6085939a1f96a7ef80e82b73c59964c0da8eeef2d0","ssdeep":"","tlshash":"98c08c137d16d009fa4402ecc466bbce51a6468c9ea0dd82b8e080b56111e8e2b31da0","size":178,"data":"","first_seen":"2025-08-28T07:50:39.383235Z","last_seen":"2025-08-28T07:50:39.383235Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8b7e4ebbd173a3bd95b11b7b1be91cbc","sha1":"35b2670f8a9dff379e52f832cac03d483a57f279","sha256":"a4cc12605888bbb9bb63190eead9e78d14d1f8677a17b04657ca4d0f737fbb4f","sha512":"96980d85b7d2b1ce0cc2b657eb094f40a9cab5f959f75cd8856bc0b7045b12357cbc2a101cba0f733418097fc86706f44e871c2e320af243ac2d1820e0b2d40a","ssdeep":"","tlshash":"dfd022033c04e04ca48202ecc0ae770c81a5039c44a0e994b4c001a8181698d06218e8","size":196,"data":"","first_seen":"2025-08-28T07:50:39.385833Z","last_seen":"2025-08-28T07:50:39.385833Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"23b75846bbc24e6dc8b62ede61e712dd","sha1":"524fc6363afa739ba3928493a381e9ca2266708b","sha256":"ee738862bf35346e031f98c5b190eeda2ceb93c0518b5fe9e55c3456b759d377","sha512":"ebb080e6c8e5b5753be441f3ae78d20c4e09aeb4c89e47d3371af3f8e02f64632504dfa12c2357cb03f3aa6053794f5c594cc87a5b73d6c16c03ce17a161a9e9","ssdeep":"","tlshash":"8bc08c233c0ad4c8e941a2dcc4a5fb8ca056079b6a90e983e8d842582812dde2830ae4","size":171,"data":"","first_seen":"2025-08-28T07:50:39.387986Z","last_seen":"2025-08-28T07:50:39.387986Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9b3da7ed8b4efee796ef41e43a5f9317","sha1":"a12b0aeb3b7281ec28c175e63aab29f243d6a0b8","sha256":"077e0f02ac8cd4ad917addffab565cfcbdfb44c240c6b9e981ac212558d60cc5","sha512":"450809d53fce16f476a78055ca58b87ff3ab740d4cbdf688e8ab0dd7a25cc3cfaf2634587928e62963362f91620be427126c833f90ea83bc20c76e812a68d46a","ssdeep":"","tlshash":"7fc08c1b3c85d018b88406ecc82bbb4d54ea1a5c5aa0ea91f9e004a92519ace1a36ef4","size":176,"data":"","first_seen":"2025-08-28T07:50:39.389994Z","last_seen":"2025-08-28T07:50:39.389994Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4e54cbd384ef72836879920cd5150d33","sha1":"10806c1268272f9c1518733e96d0089ba7eb8f3e","sha256":"9802c3995ccc4fac431ace8236b0331a989b12d3cae975dee40a745eb80b4998","sha512":"29a7dbb4b01da6cdaa5b7c5ba0d4c9037c3fa4df3fc25ddc897f67e7e6299be018c9fc820b7490c89f38f9f8b27620812ad10063380b8ce60e1a25fda4fdd7ad","ssdeep":"","tlshash":"37c08c03bc15d158b94207ecd8a6bbcc62a7868d1b90dd81b9e042b96105f8e1b319a1","size":178,"data":"","first_seen":"2025-08-28T07:50:39.392151Z","last_seen":"2025-08-28T07:50:39.392151Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f254b10465424b857aa18007e8e774e6","sha1":"a5504a3b0a866ec367470686e7b21011b4343350","sha256":"e5e20f4f24726c6da87ebc5bcd9356dc25d6ed41d95fc79c94c6d5117c817096","sha512":"4810d76bef993545ca65144aa7463ed560ee447e3c64f45e66170f9569415b2635a0ab8db4ad9fb0a322610a1e2a48c3d8429de3921a437569a5ef7a15d9d7c6","ssdeep":"","tlshash":"9bc080177c66c449f59101dcd475b70d4051424a2790f64194d040651421eae1865454","size":167,"data":"","first_seen":"2025-08-28T07:50:39.394255Z","last_seen":"2025-08-28T07:50:39.394255Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ae13911e8fa5feacbc3b0a19e8c7154c","sha1":"5bc862d561af6afec27b0c02e5927cfb2b542ce7","sha256":"4d3e7b7ecf3561df1cd8e3bc62b6b373dab803fde3347ecfc30475a1fc374fe2","sha512":"ce0c0eb2a7cf5c5bf70a0e9e62d2d880aa6abea02f7cbd159c5dce83410537ca9958102a65aa6f7897e8ed5533864d1727029c246e671a7aa1cd2aca4f222ffe","ssdeep":"","tlshash":"a1c08c173c55e048ba4002ecd42abb4c91e9468c5b50e889b8e014a4108298e2a389f5","size":170,"data":"","first_seen":"2025-08-28T07:50:39.396008Z","last_seen":"2025-08-28T07:50:39.396008Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9f56187edc9f9db732361690d969486f","sha1":"4abe471b3e811b8e6c6318c3356523ddbbb3462a","sha256":"f1ee6962afb31ab56a57e80840b969f4e0c557d9db73b52003cf9bb40ed59fa8","sha512":"5b34a0d80bdedd5b0a45a86c4ed6165a9fff8996d57e7f977c80b2bf3aef306760dbfce17a9f554c2aa8f8d2298c6aa89bfe0c84a694c643e37e1fb1a3fcc950","ssdeep":"","tlshash":"58c0cc0b3c00c008bc0002ecc833bb8e02aa022c8800e882f0e000ac202aaca0a32aa8","size":176,"data":"","first_seen":"2025-08-28T07:50:39.398208Z","last_seen":"2025-08-28T07:50:39.398208Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6628f521596d3fbf17c42886ae237cd4","sha1":"cfe6f25d527f1d02e8e577000bf2a97a4fec1035","sha256":"ea68ff2ec31c1866d0baed478a4dfe4f9200ba05f6500ec6bc4f2a7c972fb751","sha512":"8abd48b696e0203ac665ba16f5f53d4bc907c3317ea7c7b048c212788a1f386005a5a2404b7b64832d79c71ee69b0fd4554141d1c5520ed9865950448759a60d","ssdeep":"","tlshash":"bdc08c87bc27c01cfd8822ecc42ab70d505742480ad0e8a3e9d045962424ece1a34eb8","size":172,"data":"","first_seen":"2025-08-28T07:50:39.400008Z","last_seen":"2025-08-28T07:50:39.400008Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1b0e0d2c459f4e0a9b65e0d34e369a75","sha1":"d8463263e7de0cae90f6698e17e465c463f0cd8b","sha256":"604378903084bb5590c2503eb6b9c94d54f9f1e855a7b9dfc7dcfde643969eea","sha512":"407cffae84f7f5070f6a5adbbe6d1637572c7faa4629638eaa7064dbbd3e64f0533b7782353352293c6145b4d3a560ce4435e939499ac7893a9d82eaf177a5c5","ssdeep":"","tlshash":"ddc08c173c06e118f94803ecc427fb4c90d6428c9e60e895b8d009a51181d8e2a399e5","size":171,"data":"","first_seen":"2025-08-28T07:50:39.401679Z","last_seen":"2025-08-28T07:50:39.401679Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5a643c9db31005db6f5c6d83eb1e271b","sha1":"578d262df9154c10f2f334d765820f00789c8a7f","sha256":"026f03da8dd8228bca61534ac13d40d0764029802627d20dd34e8c69af3ee558","sha512":"3ce5d7267bf8b25dcd1cfe1d04a2ec169167f01f1c0b1242089ba9488b36592f1d85c6d5530ce1b9a3e9cd3a1016b9f7ccf7fac03f04c45ce5608fdc50065a6a","ssdeep":"","tlshash":"e4c08c1b7c2ac848f8a042dce826bb0c408282492da0ea81a4e090762425daa282a8a4","size":168,"data":"","first_seen":"2025-08-28T07:50:39.403231Z","last_seen":"2025-08-28T07:50:39.403231Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8f82fbeced56dac16ad257266f587171","sha1":"beaeea844c3d9a567bf3f4ae646c18888b1a2132","sha256":"f6ed4d290eb0c9cd57810860ddd6378488e966b517f7515d8172a7715a3a046e","sha512":"5ecb8d2c7afc38ab7baeaa1417ef9595c92aa9fe3272efde722650caf076a6636d7621a2c15f0acea91f4dc58e49536ca4ee02041c6172dff4144bf277a069a7","ssdeep":"","tlshash":"20d0c0033c18f04df48702fcc07f770d90b9035c0490dc44f4d045e4082b88d06728d4","size":195,"data":"","first_seen":"2025-08-28T07:50:39.405006Z","last_seen":"2025-08-28T07:50:39.405006Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"15c8adc59fd8de81c1e7f262d72034d8","sha1":"66a7b1c688674283cbfdd2cbca9e072238db1300","sha256":"2fe332b93d041f10441f46d4250064330599843fac7514a6cb39e6bf6e41cb32","sha512":"4c0e2139a4bde852accee3064847833e5adecd85c647f0bbb2ebdb9da0238833a126a91f82e656f4c88caa2020a2d4f2a20bd74941ee41ec61332bb1ed06d204","ssdeep":"","tlshash":"05c0c0433c14f04cf48202ece03fb70cc0b9174c0490dc80b4c003e4046a88d0731ce4","size":194,"data":"","first_seen":"2025-08-28T07:50:39.406704Z","last_seen":"2025-08-28T07:50:39.406704Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8128691da2766368ca2d43297883ec62","sha1":"1b87f7f0288dcd876cbdef2192e4a5b7047ac119","sha256":"b773d1abf2d991100c91a92f53a9002001af2d9b0abb6c1c949e265ea53cf7d8","sha512":"65c8b92b62ec124003b865ed4ee3be8b97f25a6d858968e10331992ada9686aaecc9857a12c53f531d4be946884bdcfe6043058a6c08fd6ed1d670dd271be232","ssdeep":"","tlshash":"77c080477d56c01cf95001ecc535774c505a415909d0d557e5d580555810d9d1524d68","size":173,"data":"","first_seen":"2025-08-28T07:50:39.408257Z","last_seen":"2025-08-28T07:50:39.408257Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2f0fb48e6d9a2e33d655eb579eb3764c","sha1":"e468a5ac8a5b45566fd0b3b8ff67c02525027767","sha256":"4abe3d34469c325cd5bfb6d09d776a4d49c0f1b78d8d9cb5057bb4ff1641efd0","sha512":"64d7d01d41b4bd36c6d3a675107f7872f65fd03ca8b0e17e91841d7032524d1b4d00509e362d81fdad587d0a446b01dcc44a9878db0f6d1bce62e71b37970f55","ssdeep":"","tlshash":"6cc08c173c49d528f84002ecc82bbb8d84ea129c4a50d995f8e085a8251aace1a32ea4","size":175,"data":"","first_seen":"2025-08-28T07:50:39.409953Z","last_seen":"2025-08-28T07:50:39.409953Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"48bdf541fbc2085e29478f0247b239f6","sha1":"caa8aef443ebcb331b0de3fc84ae2d305a398735","sha256":"e5dde91f796952356dfc2e5e101515903920c05c2444a4d9649d4da6e0ca1343","sha512":"19d75a4ba96f46d7175bb4e8e27cbcd5860c4338f4a5ea8155177cdf3276893ee74810f27d3709e3a51cb59d78c189f0e78f216b4cf36cac52c60d527bdd4369","ssdeep":"","tlshash":"7fc0800b3c85d01cb84001fcd436bf4d8455158c1950d955f8d044d915159c91636994","size":175,"data":"","first_seen":"2025-08-28T07:50:39.411414Z","last_seen":"2025-08-28T07:50:39.411414Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8c1d816a5660326a1e8cccf967a40c35","sha1":"f25eb0a37f0854195fe9555047b18ccf8e3d543b","sha256":"c24d0a5fbc792ff44568f3980b6973b03df37354374f039376add7c5e99a13b6","sha512":"c87684e0c1f0286f393bfa8ae152f5ae03fbcbcbb432f387d3d8506f955b5e8b21aa5a9acad20467d1896bab5c1f43a90e9c348af5c065d835b8525c2f22c8e0","ssdeep":"","tlshash":"a5c08c0b7c6ac409b99002ecd825fb4c4081864d2a94fe82a4d090762961eab5c289a4","size":168,"data":"","first_seen":"2025-08-28T07:50:39.413025Z","last_seen":"2025-08-28T07:50:39.413025Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ac3b58079dfc3b61fc463740e6252bb3","sha1":"3cd8addc1d935b10baf8e19c26c5759f5f01ebd0","sha256":"46b40c0fe5ffa8f738e69221e11844732fb0a68aff57fdcc821fdb792bbd829b","sha512":"3c433bc6d6f0ef7fbe71ed42957664acb98628c69c9aedd69429639a9dadc6ae35c2d2052a4a319763f3cc2768310e925e7dd7b217a3fc85831fc025f5469037","ssdeep":"","tlshash":"31c0c0073c80c008f40002dcc8227f0c4053010c0450d944f0d009d814049cd2633ae4","size":177,"data":"","first_seen":"2025-08-28T07:50:39.414645Z","last_seen":"2025-08-28T07:50:39.414645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a757ec1f3893c27c01c14ad4ab03f616","sha1":"ce957784686c5312bb5c743fb501d518348d6c42","sha256":"9d57b9ce1a48d338872b642cd3d66577eb7da097197493f2f7dd4de9a4077635","sha512":"ad91c40a5e1d65a70b0cda1daf3ca751f35c55667bb81921cca314c08999bb581d12300b2f88e9327b500237506307bbf747a603f0dbf5d211b1eb32641a0dfa","ssdeep":"","tlshash":"7fb0120f2e05c40160f04dc8d473edd944629724b705ea858ac852a45754ae94c04f94","size":108,"data":"","first_seen":"2025-08-28T07:50:39.416291Z","last_seen":"2025-08-28T07:50:39.416291Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b004ef1c566ce0c9b9ebe4e1895c9edb","sha1":"996e4d96ee7a81e7d58a607a72927def3157693f","sha256":"45518765bc32b59f901d355cc42101a0bbaa5dc245f5d1fdb5108563e94f345a","sha512":"f238cba9dc74328b49767076147ccb71ff544f039c3a51e748de2eedd8ac9563525d244d5d40ab291860562a84ec84ee767ad6efa3ca5881028c4510fd8f2f3c","ssdeep":"","tlshash":"a8b024071c01c041c0700cccc47ddffc4053731c5140ccc501c441c513445dc1c10f54","size":93,"data":"","first_seen":"2025-08-28T07:50:39.417794Z","last_seen":"2025-08-28T07:50:39.417794Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"81c23af49a735f0993af45ad9b6cb630","sha1":"1cb02473c8d3b2aa19053f06b18313db61c0aea8","sha256":"5e9acbf916845deb6503cca7fa1c93d4d20477d77a71ac4530a71719c45174c4","sha512":"b63250f9a1086021108b074feb2313809a8146030261e790f0d90dc68b711e39a38e9e8a776196bad668b3198a81e0a14281458785bc8b0bd4633cc853387f61","ssdeep":"","tlshash":"97d0c0073c14f04cf48702fcc06f7b0c91b5074c0990dc44b4d002e404559ce2a31ce8","size":195,"data":"","first_seen":"2025-08-28T07:50:39.419303Z","last_seen":"2025-08-28T07:50:39.419303Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"98211ae94eede6c729693769370a4b50","sha1":"a9a6b4f2ec815f32dc2bd027951027dce9e16a8d","sha256":"59e49b42c985c6b9eab4b62a9192598d91477b9080b4b5c6d11bb327372ede9f","sha512":"c31d7d692dfe909b8a4e39fe59dc2eaee67e50f1b14feb7e980ec3c41d7e08c2072de77c078b0e76086469d4b9bb3d9f84f127b93358e9629ee58d530de5d01c","ssdeep":"","tlshash":"adc022033c01c408ec0003ecc022bb4c907d261c0690e881a4e282842700dcd2438aa8","size":194,"data":"","first_seen":"2025-08-28T07:50:39.420725Z","last_seen":"2025-08-28T07:50:39.420725Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"28c217f82128f212d4e7432e7f2a160b","sha1":"c3a98be727cc85982f50725b60a05625f89e3f65","sha256":"287028c10395fafa0a3a271e763fa65e35a6d10f65614fe65c55824f63f0763d","sha512":"78caf888a673b217ba2ea17cf8b033bc44486cdc83d182ac72fd2fb2b0b733a66144e213b376cf457e27564014bf82a0ebd0a2c7b957e413e623c6924340b921","ssdeep":"","tlshash":"13d022033c04e08ce48202ecc46a774c90a5878c28a4ec45a4c002e40826c8e0a228a8","size":196,"data":"","first_seen":"2025-08-28T07:50:39.422262Z","last_seen":"2025-08-28T07:50:39.422262Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8861b114b6a6526eda344ba3ce925145","sha1":"ed815f83343fbbb46b24f2886909e3d2d2ef6d51","sha256":"0f106da46777467a6ba3b6e18a616850ec647e3422071b70b796e947c4aace03","sha512":"b8a50229c720b7b5f001ba98a2bb607748fe322c221ba95334adaffe8a13e1f4d11ee6867c89a0914306fea71fe14d13c25a738bafb6ea9dab339427a615ce32","ssdeep":"","tlshash":"51c08c037c65d008b98012ecc476bf8c55e6524c1ba0d882b8e080b5a141e9e2b329a4","size":177,"data":"","first_seen":"2025-08-28T07:50:39.423706Z","last_seen":"2025-08-28T07:50:39.423706Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"62f3979bb14eec04d9a43363fe698070","sha1":"d0529c935f9650195f54469a6be7adece00a47e9","sha256":"f5ddc0a2e43846390350ffa32ba7fed99613cd9ffc916429f12ef3d8b164b0a5","sha512":"e7c2864ec7cf3dbdcc100cd3722ea15248a1a1bfc9839f4abb3ee6ee2bab699863dd37413d99a3e4a38505fb0442348b6fbd51062afe5485d8fe365067e630e1","ssdeep":"","tlshash":"f4c0801b7c55c448f4d505dcd415778c805141492d90e94694d0917525519d96824454","size":168,"data":"","first_seen":"2025-08-28T07:50:39.42522Z","last_seen":"2025-08-28T07:50:39.42522Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ff7d67db2035c6d733c61a1b913ca880","sha1":"cd12cf29783339f7413fca24aae9b7c49571cb6c","sha256":"d2cdc6958075839851a456624846891bc655b439ba26d2106b3f60e23a401f77","sha512":"8bbd7b2fcbb20ad36ebdf42013573a8d0a64dbf02c6748a78fda08f8835f47acba5b4bd0c767d9538a18d1c953a20336b7b631d79c01957df542790148fcd8df","ssdeep":"","tlshash":"4bc08c27bc19d098b98902fcc43abf8c92a6524d1a90dc81b4e080a56101edf1b71aa6","size":177,"data":"","first_seen":"2025-08-28T07:50:39.426511Z","last_seen":"2025-08-28T07:50:39.426511Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bb58eafe3c9f719396e7f7baf9740bd9","sha1":"70777522582d39b4cd6f92444ad546b28610972d","sha256":"cb89018feeeba7510ffc0e83f629cc4a40724006b9830eb708bdffcf43cbd66b","sha512":"d2d0c1a0e96f3d84002d020f767f27e380f7f6f8e4f9c3f2d13201908bcab639e71b6e0e1ccaea701913155e53c58ebbcb463339e517b315ad384d3613db8f9f","ssdeep":"","tlshash":"e8c012077c05d509fd4507ecd4967b4d617d264d5990e992a4e111581b10dce1639aa8","size":192,"data":"","first_seen":"2025-08-28T07:50:39.428064Z","last_seen":"2025-08-28T07:50:39.428064Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6cc49e79b2edb49bcde8b657bd5357f9","sha1":"0864d2e0c940f5c0cd6b964a9ffa80f4f658aeef","sha256":"816373125990e99151c77d20959cbfe69183c807cf7953f14b1a6feac9e9aaf1","sha512":"193b35440cdacda3c00766da20f116730e594ee130bc5b628efd662cd918692ceb6bcc8ee2013245612ed65f7fe185e89f1ef4e7944376bbbc2934d935d4068c","ssdeep":"","tlshash":"17c08c573c25d408ba4002ecc46bbb4c9095536d8a50ec86bce029a46481e9a1a388a9","size":170,"data":"","first_seen":"2025-08-28T07:50:39.431326Z","last_seen":"2025-08-28T07:50:39.431326Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9c86cec50bfa723e3db81be2ced53237","sha1":"1bd9580eeed019121ca41b0bbeef18d056cc4216","sha256":"85f489b63aa1af31eeb996a57363b8826c0fec2658b22cc0b432a65f2f3b5a91","sha512":"b343536a66b2aa9dbd17241d22e968dceeb618916bbe62d325ca7752e97fdf2fe61bbf7e311fb2b8790121e8b73d9de87506e78ef761fef48ef722ff13557f38","ssdeep":"","tlshash":"abc08c073c4ad008ba4002ecc82bbf6d44b6128c4a90d996f8e080a92519ece1a32ee4","size":175,"data":"","first_seen":"2025-08-28T07:50:39.432787Z","last_seen":"2025-08-28T07:50:39.432787Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"38c9d377b51ded5eddda6a1952fb7b8a","sha1":"5d390469e7fa727f2a2ea6dfdd19ed5c6f234755","sha256":"62993eded290486060b17e9b5faffdfd6d997a120ddf2f44d4b3258a6291532d","sha512":"72215ea64a98cc7d742631ff955a6beac823da9340a42cfd707405b675307580a4bb7f99fa56e3d8941973b428d901f7351903f745511105216c681c6d40ded5","ssdeep":"","tlshash":"82c08c137c16d648b94502ecc826bb8da1a6525c1b92d88abdd080692055ece1b31da2","size":177,"data":"","first_seen":"2025-08-28T07:50:39.434759Z","last_seen":"2025-08-28T07:50:39.434759Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1d8342f60a7cd20a237b3ecc512280f3","sha1":"54a8184360b0d426c8a514c603f0b55a353c77c2","sha256":"7a98f3ed94f0374c9ca1f77474720c5d9af9ec676c812f32f2f6f6a76d3b321d","sha512":"951dd948958c73e6565ad80ccc76927c58a3794ddc2bc02d38c7b18d6676dc728286136c14fa0d20b530215f8b71cb7c800499b399765d707981754ac7f39b1b","ssdeep":"","tlshash":"9fc08c573c49d018ba4802ecc826bb4e91e9428d0a60e881b9e0a4a52041dce1a398a4","size":170,"data":"","first_seen":"2025-08-28T07:50:39.436349Z","last_seen":"2025-08-28T07:50:39.436349Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"68801a4bfd3f5cdf146c526963dd7b5d","sha1":"eb67efb73a33960156c4b56f14ac86e7d6d5453c","sha256":"32e8bd4e44d7729cc4d14aa51cbee74a6e115efd41dec9154badef9ced9556a0","sha512":"cb9018167f1cdef16f64ca5b6731428e5ec3d14a73778118fbd26cda09d0bac5cce930891c026a876e597cefeefadc698368f5c7c02ebdcc42441c4c19868405","ssdeep":"","tlshash":"2cc02b077c26c80cf9d442dcd825bb4c50c2c38d2990fec1e4e092752821eef5c74da4","size":167,"data":"","first_seen":"2025-08-28T07:50:39.438553Z","last_seen":"2025-08-28T07:50:39.438553Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a7012c70a4d60d708caddb4640d0ffa","sha1":"839c5dc7aa0bae277949dca037ed2415473ca568","sha256":"d6ea00db548e9aa7e130ac701f966f06082ac41110ea27ce983a9931e50e0396","sha512":"e0a976eee30100493ed47a4f34a395a1b0d944ba4334b28e2301eedb9c268a9ca7e4db15f6370360365ae3ae1ca4643f6e31c67060fc28292c479c27a37e3e93","ssdeep":"","tlshash":"99c080077c16c04df88411fcc43b770c4455c18955d0d592e4d084d51410d9d1970d54","size":175,"data":"","first_seen":"2025-08-28T07:50:39.440554Z","last_seen":"2025-08-28T07:50:39.440554Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9f773e4b2b9fdc82fce8c4b4b8ce8368","sha1":"2ef886fe787a4004a53ec27c164accb56882741d","sha256":"13e9e4c482e83294f326c525dd0a633a8b3d2723843ffc37cfab3ccaa839c4bd","sha512":"6e4f9b8ad5066ed018eb811411a0b0704ae025ed82f8b747ad26f54df5548f5aeb39228e32c9caa873b4b37d92f6299b529f77eb97bfcf4093f4e635b1e55ffb","ssdeep":"","tlshash":"52d022877c05e09da48202ecc87b770cc1a9438c1890ec41a4d001e4045589e06228a4","size":196,"data":"","first_seen":"2025-08-28T07:50:39.442913Z","last_seen":"2025-08-28T07:50:39.442913Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"598227a9766bed9933e41654f734b27d","sha1":"4c2ecb6112003b88b5831bacc3165ffc39b2843b","sha256":"83377c96c1a378236d51000e0335bbaf69f63f201f0c35418f44fe89eba62698","sha512":"a756ad08c6dbcaf3a62e8929e3aee54ceb806975b2b95a7337ee1cec0ee9ac4941ac5527dca1cdddc23918822b41b0df1595a677ab66c00af64cc88a467fc53e","ssdeep":"","tlshash":"b5c08c27bc2ac808b99202ece826bb0d408182992990fa81a8d080a524219ea29358a8","size":167,"data":"","first_seen":"2025-08-28T07:50:39.4488Z","last_seen":"2025-08-28T07:50:39.4488Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"948c03caa2951e08c9c62161602e3a87","sha1":"858a9ced59cac71dc4ea8fb7393e657ca5dda699","sha256":"2e6770e8a1c2dbcc2f3d25a7f5fa0844b88b618ba871913e47172143ae1e34fa","sha512":"e46d5301df2e7837e5fa841291b8d0fb8e1d821a7c678225c0a583a124f5db06ae21dbacf0e31aaa048bc235a459d26963188fdba2472f9b0d57505c0a65ee1a","ssdeep":"","tlshash":"8ec08c8bbc2bc02cfc8402fcc82abb4e8057825809e0e892e9e045962430ece1974da8","size":173,"data":"","first_seen":"2025-08-28T07:50:39.450507Z","last_seen":"2025-08-28T07:50:39.450507Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"fb43c69f8ec3dd948aaf18fbdeb57d92","sha1":"6b95a4da33c4c0bb55f19746cdb746c436d4250b","sha256":"96801b28c0fdd136fe697f0a5ce3c385208047012ec1c1d65827a370147a8943","sha512":"63586023cc422b8159629b7b407ee1cd85e4fe12b266a2117eb0715c5ae6399b745148b2586ebad70794f4a5f0706379fc6ba935ef69c2d060869bcec4419e82","ssdeep":"","tlshash":"cec08c0bbc26c05cf8a402ecc43ab75c959a428d19e0e8e7f8d4419a24a0ede1964da8","size":174,"data":"","first_seen":"2025-08-28T07:50:39.451971Z","last_seen":"2025-08-28T07:50:39.451971Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b845311f8fd2869e10aea076e5e96312","sha1":"f0bae03eb687de8ec3ed5266cb6ccf40bc3bc809","sha256":"9d2464628700f19774fca56570598b18829e594e23322f0a4079d9dcd5e60ebf","sha512":"8a26b628026c9e0b428c12ceb9b7db2987f850857db81656cdaca5c4d1b1e6c769967c50ede8e33c587699ebba00b22e0347240c5c7e9065527b7d5d1fe3678b","ssdeep":"","tlshash":"8cc022033c01d409b84503ecc072bf8d216c261c1590ea82a0f102042700d8d1438aa9","size":192,"data":"","first_seen":"2025-08-28T07:50:39.454694Z","last_seen":"2025-08-28T07:50:39.454694Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"65608ab1bde30a45b078b1fa23c9b2bd","sha1":"6181cfc38cf16ffb845deae14d479fd56402db71","sha256":"c1b86e8ad1d9d54f9ccc1a0961795266436d934d8b87f2874eeef14eb9e28c5b","sha512":"995e8b82188629cf1d95ea6c1a58632927be3d82238fc22e482066f1ab32a79a004297373ca66570d73a07bf45737ef8044c0aaaba64d2929c7bdc65b20d010c","ssdeep":"","tlshash":"11c08c1b7caac45cb89602dcd865bb4d80a5824929a4fa8aa8e051a664219ae1c248a8","size":169,"data":"","first_seen":"2025-08-28T07:50:39.456247Z","last_seen":"2025-08-28T07:50:39.456247Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1c55fd39717dd9079d5c228bf30cddd9","sha1":"e2dbe484d2048470ce7fa469dc042ce4b8900e32","sha256":"c9a35cfc51f35d30cc715034d7e9033bd1366935acd99e0dc4f8413ba81227e8","sha512":"a8bc1f2faab65488fb25182095340197b9fe6a481ea3156f43d3052d3a3a2f9cab2fe8f19d55f887f763234cb8357cf34fe4efdd572b02c35cdb11efdaf53fab","ssdeep":"","tlshash":"c7b0120b1c01e40341b408dcd871da5888796314b250c88981d441915300edd1d00d40","size":100,"data":"","first_seen":"2025-08-28T07:50:39.45767Z","last_seen":"2025-08-28T07:50:39.45767Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"17dbbeff813687eebf9f10caedd96f39","sha1":"a1cf417498ae1f1f7fb869aa5c0776eea177a683","sha256":"304e9a28844294384fe35c57d505b50ddc8a95358825cef303af6dceb2b3b50b","sha512":"4092803a5f76b9e409a1f0dca6385e7705af12988ccdc94de89d820782259071400aca5ee0fc696088d845c1a6edd3a0384c27ecec0a6d8b67f3c6b6cd33deca","ssdeep":"","tlshash":"66c08c133d0ad088e84143ecc9a9fb4ca196429b19e0ec82e8d082582602ddf2a20ee8","size":172,"data":"","first_seen":"2025-08-28T07:50:39.459032Z","last_seen":"2025-08-28T07:50:39.459032Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"39af851c4672ecd952667bcd20122afa","sha1":"3470e4ae44fb30bc240ccc15eec0a7e2905d18cb","sha256":"61a64def1f672b236c6fb9b09283416c7ec79fb915a3c4fea7f2b1f1cd49d833","sha512":"a4673ff6322f46125f45b8d5c0dcb3862b28ee4f4ee537463f8082429a76b4e673ceb3283f5f2039ee781e0a5caeb80c3d395fbae27863cffbd1fb9adc86fe7e","ssdeep":"","tlshash":"26c08c073c06d098b94402fcc866bb8ca096824d1ba0e881b8d06aa81152ace1a38ce5","size":170,"data":"","first_seen":"2025-08-28T07:50:39.46026Z","last_seen":"2025-08-28T07:50:39.46026Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4ce821bcd94ca20d1e6a1614d4d1b15c","sha1":"5ea0934b6c1b32ae540ffe5e6b487d72c8a1c987","sha256":"d67c4e14f007ccaa6dcd9374521c782cb85930eb4edb5838ab9d2f9516773bd7","sha512":"a48fda6cf6f557258ff9badd33ee60c8d87c11663f7413edcde6925c500ea9acd60712b403ac4d70a1b6a4c8b3b0982bd4d8574fda6dec05feb7225731910197","ssdeep":"","tlshash":"8dc080173c55d40cf54101ecd8667b4d44d6154c0590d992f5d0019525159ca2536ad8","size":175,"data":"","first_seen":"2025-08-28T07:50:39.461399Z","last_seen":"2025-08-28T07:50:39.461399Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 24 Aug 2025 02:39:12 GMT","end":"Sat, 22 Nov 2025 03:39:06 GMT"},"fingerprint":{"sha1":"B4:6C:D2:16:CA:52:EE:BD:22:D7:B4:2C:64:FF:A5:EF:67:D8:E1:F8","sha256":"FF:3A:23:84:D6:B2:73:DF:50:6E:1A:45:A4:AB:03:37:0B:C4:4A:8E:82:12:99:10:80:A2:F7:FC:71:E3:BA:1D"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://vsebolezni.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:08 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 97623751f9ee21e9-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-04T00:28:36.974338Z","times_seen":330082,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":7,"dns":0,"connect":8,"send":0,"wait":21,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:12.307Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:12 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:12 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/nav_2017.js\u00261701374575","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/nav_2017.js\u00261701374575 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 30 Nov 2023 20:02:55 GMT\r\netag: W/\"pub1701374575;gz\"\r\ncache-control: max-age=315360000\r\nage: 2242165\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2FKMLRcSA9m9DvjMZdqiANDyhrzbdJzyh2IWoBMvNB6BUmazScVejMAnZMTUQGrrmi4k1qspaYNvgdEi2bZuTws7A0%2F43S%2FcrttGab9HBK46wqhtmi073Kr2s2oL22kottw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 976237732a5c5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=2187\u0026min_rtt=1091\u0026rtt_var=1247\u0026sent=55\u0026recv=25\u0026lost=0\u0026retrans=0\u0026sent_bytes=35215\u0026recv_bytes=4043\u0026delivery_rate=10975316\u0026cwnd=22800\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5657\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19927,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2297)","md5":"2a1e763c6a5b05975398ec22acba06d1","sha1":"aacc5eca301e5f079005a540bb8e1b1a6aae3916","sha256":"a52f8feb5c1f81292badccba5f7854bbeeb96407530402f4a7424b0c437b599c","sha512":"d82df2e01739b23e5cdff9441f1782dcc96efed954fbd16af0a6b7745289c9f228f2d915d8e3a21f0865e6835ae56f3c83947e260f47d6ba4538e7a74de152c9","ssdeep":"384:o56NoL6idtjM6Je967+RF7cnffyBmT/4jygPb2LD5thKhWihcghahcg0h6hcgH9G:o56No+idtjM6u67+RF7cnffyQr4jygPd","tlshash":"16921ae97280b36980ff227f406f5b51b7321956c90ac414f5b488b81fa5da1b6e3b1f","first_seen":"2025-08-28T07:50:39.093772Z","last_seen":"2025-08-28T07:50:39.093772Z","times_seen":1,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-training.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.923Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-training.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nContent-Length: 673\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nConnection: keep-alive\r\nETag: \"63a32ed0-2a1\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":673,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"96054547d95cf442ad7de0bb484094d1","sha1":"82ae2deb2cfca45034cbc83d4116298111069cef","sha256":"8afdf3da34d25275be783576f43599bf57e978ed282a7479b6cbf0447eec7003","sha512":"07e7a6c358b5dcb699a36afe14dc3628252c32e013232f1f95793fe17f9f6ef65d55c3630fcf89f0b8a9163adeca76911e1dc5e76e36337456680fe5e7067e1b","ssdeep":"","tlshash":"b801836e17030775a28214b1d02002f5ae137b0179307e2448dbbe64dada8c82d5e080","first_seen":"2025-08-28T07:50:39.096824Z","last_seen":"2025-08-28T07:50:39.096824Z","times_seen":1,"resource_available":false,"data":null}},"time_used":890,"timings":{"blocked":652,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/tm-town-logo-142-37.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.940Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/tm-town-logo-142-37.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:37 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed1-422\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1058,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 142 x 37, 8-bit colormap, non-interlaced","md5":"270dfdd8bdb234d06484445f94cd7a41","sha1":"be05e2206482d79b7522b15781f9708256cbeb80","sha256":"83a6e19cbad57974f4c7b0642c89672382a0af40cb60e3cdaac4d4788250d588","sha512":"5c3eccb17bf062d42a78bbcb4d038fc1c7accac196fe1bd1ff2749e04075003336402d0231e258c1b178b6aa7d456fb13575d2b30f631f85be3314139071f90a","ssdeep":"","tlshash":"2511b9b308289daec9a01ce2a57c6cc1acba59dc8d2235153d815f3c44f4766c330130","first_seen":"2025-08-28T07:50:39.099133Z","last_seen":"2025-08-28T07:50:39.099133Z","times_seen":1,"resource_available":false,"data":null}},"time_used":854,"timings":{"blocked":620,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/html/aozxy5/index.html","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/html/aozxy5/index.html HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:10 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 10 Jul 2025 08:26:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f7930-8aac\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35500,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"168906105169211c19d84d1b31821df7","sha1":"665f053fbd77c566333d876cd1dc4aeefcd68c05","sha256":"e9a2e7c95095b3aa43115899f72f1c9d294e4dbefc1caab9f440a2096ad30967","sha512":"120bfe7813451ca1786dee5cc2aec680006f4fef4238ff240a9e1d97382fbb8f8b6cfd4e78ecc9364236dd24900912b2a399060388e07788a08136c330648464","ssdeep":"384:LJDZhWSbnuKfofRju6qdvLj6OLIERqALgLt3WL9d1qd71qGLURUW81quE9aOafa3:LMStdxBfOpwstLRS7Z8N0kU9Ryfjqf","tlshash":"45f2bb2876eeb52a422392c750b96b45a1cfcd34db62596bb1fb137323c7d90780f126","first_seen":"2025-04-16T02:08:15.768603Z","last_seen":"2026-04-03T18:23:48.097541Z","times_seen":202,"resource_available":true,"data":null}},"time_used":1923,"timings":{"blocked":844,"dns":365,"connect":235,"send":0,"wait":235,"receive":0,"ssl":241},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/img/haomaimg.png","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/img/haomaimg.png HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/css/public.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:12 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d0-2c891\"\r\nexpires: Sat, 27 Sep 2025 07:50:12 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":182417,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1204 x 600, 8-bit/color RGBA, non-interlaced","md5":"e2e251464ed0269900791e37a8557086","sha1":"f26741ef593f9fa19c145d34a1d90b70ee90fe26","sha256":"2cd69edba71483d88d9663a598f00d975a52b3a8a8422e7c9d50fd1ac3f0464b","sha512":"c0376b445e92a7ad916811bfdc640d1d17d6af7acf16f19f023e41fbf69f17e6bf0cf068b32364e6dd1731125115d9456384b156f6bf0c274d67c98c06e3c0aa","ssdeep":"3072:PTWUHyie4FLR3c2PbYLNYACAb2jwDLp4AZm9xGoTgg1nRHnwQNzvZVha09+m:PTQieQR/PcLNOAb28vpIH0QBNrha09+m","tlshash":"a80412c3ad012d7bde40657e4d9b4b1e424090f01cb657a4af1cfef8abd34e6486a61b","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-03T18:23:48.147113Z","times_seen":1321,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:12.543Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:12 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:12 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":221,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/drawLines.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/drawLines.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Jul 2025 08:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f7934-613b\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24891,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24891), with no line terminators","md5":"7db0502baf867aa0663475b899ffb19e","sha1":"a69f4ef6ab52c62d9885dc55b733c8c37687383e","sha256":"8a3eec9c6525ce4aad8b37e0a188f4716a8fcdec24ee894d2f8ffec447872fbb","sha512":"68964174935137b93491d1bea5e3fec05f068dabd36cf5670bb03c6c4eb30bdfbc493b8002eb8d1e46d7289f9c8430d25d230e1e6870d89fe53cf0f7be78794b","ssdeep":"768:uVYu93uZgDPN6cypp08tc25yBY/BEMXH7YE7cpv:u19MgDl6NppjtDwBY/BEUH7Yecpv","tlshash":"18b208eaf2863475818b63a9143f6749f13368156e06844cf479d8d26d38f8970bfe78","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.140479Z","times_seen":1326,"resource_available":true,"data":null}},"time_used":466,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":466,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/bootstrap.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.276Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/bootstrap.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:14 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Mon, 25 Jan 2021 22:03:59 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"600f404f-9004\"\r\nExpires: Thu, 28 Aug 2025 19:50:14 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36868,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32003)","md5":"c5b5b2fa19bd66ff23211d9f844e0131","sha1":"791aa054a026bddc0de92bad6cf7a1c6e73713d5","sha256":"2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a","sha512":"d9ef2aab411371f5912381c9073422037528c8593ab5b3721bea926880592f25bd5dfdec5991cdfe5c5ef5f4e1d54e390e93dfd3bca3f782ac5071d67b8624d4","ssdeep":"768:4UfYD27UwlNHMl9lqNuCPNjhqg8epm5CCJFXflA8Gf3ZTbQ:z/76whqKGvlm3ZXQ","tlshash":"47f29606b23031a147efb1e1525b020a7239696ee906907c78b9daf53db9c48717bf3d","first_seen":"2023-03-07T01:02:25Z","last_seen":"2026-04-04T00:33:01.341928Z","times_seen":16097,"resource_available":true,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/css/vendor/owl-carousel/owl.theme.green.css\u00261671638740","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/css/vendor/owl-carousel/owl.theme.green.css\u00261671638740 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:08 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:40 GMT\r\netag: W/\"pub1671638740;gz\"\r\ncache-control: max-age=315360000\r\nage: 484098\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=qiIq0aJOOgKxX9rcZSW14Fz5%2FONivR%2B8Y%2Fj61rv3xqGa7DJroyNKPFpYATdcBDp5vNgfF06EJBRAOpLl0gDmZ5bOJkcG6VH4nLUXL%2FGNf%2FD5MUgKJWQffWVb6NewF4JZ3A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9762374fbf3d0b69-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=978\u0026min_rtt=477\u0026rtt_var=1050\u0026sent=9\u0026recv=13\u0026lost=0\u0026retrans=0\u0026sent_bytes=3273\u0026recv_bytes=1675\u0026delivery_rate=4414634\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=74b6ec5a901c0010\u0026ts=77\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":908,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"0bfb710016e9b75ad3d9a8117468b7df","sha1":"24c526fa0d008367dccbb0b48fdda7e80d7aebc5","sha256":"6bac0c80e744e81a2cd0a09bc0ea31986e56a9c6b7c0967e2930c559baf4e3f9","sha512":"4fddedeb819757b3a04c7bbb5fed9fbf0e3e5425b303569f837b719044fc84663b7b71e529cb214f74b54610babfa081bdf8fe21274625c5cbd1090d399b51f9","ssdeep":"","tlshash":"61113ac5e14a621d6027d04007d842cb2b0f69bfa39e5bb9fc999110c32ed452a6e7a9","first_seen":"2025-08-28T07:50:39.106471Z","last_seen":"2025-08-28T07:50:39.106471Z","times_seen":1,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":8,"connect":3,"send":0,"wait":44,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.719Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js-sdk-pro.min.js HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 418 Unknown Status\r\nContent-Length: 0\r\nConnection: close\r\nServer: TencentEdgeOne\r\nEO-LOG-UUID: 18000573402062762633\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"418","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/x-javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":118,"dns":97,"connect":19,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/css/home/home-nav-and-footer.css\u00261673031944","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/css/home/home-nav-and-footer.css\u00261673031944 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:08 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 06 Jan 2023 19:05:44 GMT\r\netag: W/\"pub1673031944;gz\"\r\ncache-control: max-age=315360000\r\nage: 1134926\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=hEnTG8df98%2Bm7XeHvt9Qo%2FLLuKW2SCwiG5mUoENCaWhqDCTqAYG5D7U6vFRPSxjgG%2Bzo7V7tM9HDvyoQ2Lwxk1iYAr2e%2Fp41q0TylgqqoculQ5UtmQl1zBApVXIN2IjzgA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9762374faf3c0b69-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=978\u0026min_rtt=477\u0026rtt_var=1050\u0026sent=8\u0026recv=13\u0026lost=0\u0026retrans=0\u0026sent_bytes=2524\u0026recv_bytes=1675\u0026delivery_rate=4414634\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=74b6ec5a901c0010\u0026ts=75\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54683,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3733)","md5":"6047c920f78c5064689847ddeed4cd72","sha1":"ef8d8335906dbec0daa759925b6a97b141603a6e","sha256":"e92a3d4c36f15e8844ee6e23069e801fe3ef5e3875d3791a3cde203433f38d9d","sha512":"d2297e2ebe7c6ded3b5a7731255ee15e7ed691fbc0201496f00162b6c91a33dd6e6738ff7572b29cd54b19a2d500a82fdd15975e5e7fbbf43f4acd56ceefb4b1","ssdeep":"1536:qqJVR4AnWSsYhGiNlBphn8ySK/2kvxsxMOnVFxE6rxE6Y+TFcW0WMY0Y3WPW3YP0:iF1","tlshash":"4e3356e2d8d4150810a3d13365d8bb0c963ac931f5075f7aa4bfa96d97cbad612e3f08","first_seen":"2025-08-28T07:50:39.109116Z","last_seen":"2025-08-28T07:50:39.109116Z","times_seen":1,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":36,"dns":10,"connect":1,"send":0,"wait":43,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/iscroll.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/iscroll.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Jul 2025 08:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f7934-4db3\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19891,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19891), with no line terminators","md5":"3249e269b6bf59a9596ff4dd4908bd74","sha1":"16f804a74f66585bf01bb2217997a2a4ff0c4a23","sha256":"3b294972fe3c686a14d4195e17abc43199da904d959c9ffa128b3649b6bd925c","sha512":"f8fff231edd431cdad0e9426353abceb12ad72e1decfb110aa48f6b81fd061f9b2171bacba515069c1360df4a7cc451c1b0cdce380c4ecdd3849231bb4f07bc1","ssdeep":"384:KgC+EUMfCHqTj54QUX5WSMFqa7BU5TJe3c6OJsBeCWvtk7mSjjxaF:Kl+EUnqTDUX5UFO5TQc6OJsBetO7BlaF","tlshash":"2792a4889112338245ffb399dacb860d607a9339671750cc3929bffa6a447b843d367c","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.09417Z","times_seen":1327,"resource_available":true,"data":null}},"time_used":689,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":689,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/img/cltj_img/icon-168index.png","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/img/cltj_img/icon-168index.png HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/css/ssc_newVersion.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d2-7031\"\r\nexpires: Sat, 27 Sep 2025 07:50:11 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28721,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 213, 8-bit/color RGBA, non-interlaced","md5":"9cadfe91f4676d8abaefd706fd002c70","sha1":"3c1f5c663282388d8fa739baf8dd77edcb5a82d0","sha256":"cba1227e78513169698e2b0cf72cd24505429292ecdcb849a8f8f33b9ae5e1d9","sha512":"84ac82a47f8550b13d6d4b804928489423f851c241810d19d268f983e8a5bdf0e98c4e43ca8bddd1ec7494cb34a3374cd3842d8c45a4153ebf4cc30536c52f70","ssdeep":"384:kT4cIpHlIlqQKlgSTxqtWplA+8ixwj08iZpaffwUeyAZ1+Cr444r+RRRkLHX42PT:kT4BYSV3qnc8ffwTB04DJq3LQdt2BI2","tlshash":"ccd2d0dfdc38c182e675ac713aafbf2aa029c2a194d19c0f94e2900c4d96c099dd57e6","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-03T18:23:48.120532Z","times_seen":1321,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/html/public/footer.html","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/html/public/footer.html HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: text/html\r\ncontent-length: 191\r\nlast-modified: Thu, 10 Jul 2025 08:26:26 GMT\r\netag: \"686f7932-bf\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":191,"size_decoded":0,"mime_type":"text/html","magic":"exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"bf48b3056219a9d1003d1e6568155d88","sha1":"3809a8e2610c23e646b73acb08d0fa9b36816dd4","sha256":"99f1404ca7d7ddd58defbf17a6c68f3bbb949824687d1dc953b1c0dff1118b44","sha512":"e1b15f9d744a2798129e02a88e5041ccba57abc93b9e12c7d0f6a37319f729769a7044946e667125ed9801d4f545a5a91adf0e7b82bc16a86d993b36bb60ed1d","ssdeep":"","tlshash":"78c022a0f0048e7a04a3014302332bc99593c6c1a782d821a3d002330263503a80b043","first_seen":"2025-07-13T11:51:38.292083Z","last_seen":"2025-11-04T04:58:37.219181Z","times_seen":74,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":235,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/owl-carousel/owl.carousel.min.js\u00261671638764","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/owl-carousel/owl.carousel.min.js\u00261671638764 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:06:04 GMT\r\netag: W/\"pub1671638764;gz\"\r\ncache-control: max-age=315360000\r\nage: 1379909\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=cw3dN7ZZI6L4B2DENInB%2FigX%2FnuEXgPALfQEmIjUE9Swh7CK9J%2BMw2pL4gg%2FJPPoUN9tcb5jIUUkgLgtFUjD6CL%2BpY3kHhUKvV5etbszjU11%2FDlqQaWOWkX7TkjscAl5eg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 976237732a595687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=2940\u0026min_rtt=1326\u0026rtt_var=1677\u0026sent=36\u0026recv=20\u0026lost=0\u0026retrans=0\u0026sent_bytes=15195\u0026recv_bytes=3822\u0026delivery_rate=2232459\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5648\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47132,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (47132), with no line terminators","md5":"80b62d7eb1e016aefcad714936a1005f","sha1":"cb663bfb88fcb0100b187d3abfbe4af634de5bfe","sha256":"4a2423d603c5397bf3428038a8254a31ab74e1c74f179465680b37951f9390d1","sha512":"891cb602fe8ad54efc6f517dd557f1a4867d2fe1fc49ee425c6c3b1180e79a42926cd1db96900a8fb02c7cc9833b2cf7c0f4c730f30d0c0652f96cbec2289330","ssdeep":"768:WxtuB+m3uYALuCvyZBmyJT3SYKiM9omxXyRYm0Pn3J5vU4M24UsbcIrFy1mkYg:WOEm+blyhbKK24Jg","tlshash":"1a234f442ed06e8c239b93ba750ba8e7d11d0c5a1d4d849af03abc31359e61bf9fd631","first_seen":"2025-08-28T07:50:39.113749Z","last_seen":"2025-08-28T07:50:39.113749Z","times_seen":1,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/css/ssc_index_add.css","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/css/ssc_index_add.css HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c6-55a8\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21928,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (21920), with no line terminators","md5":"ec31771acfe250f8e37425275646d5b9","sha1":"5786f4e685bd67c0f532d9cbabfb698aa11c5b9e","sha256":"257c2ba09ca5560c8c0a7b2772beb6e040fcda0dee139896a1901bb0080ea725","sha512":"45761439043be399af9933cc82b8bc592d48d6e147148d807ceab436b207138b9a569b29a83491241db47f32daf69ed1d0052697955743e36cecec15646dd18b","ssdeep":"192:JmLF281R/BwyqqNcrvYvlhmlHSs+3oTd+hAgKAWLZt/8:Yo8juqNcrgdhuSH3oyAgKY","tlshash":"f3a2453aa6793288e377c23177d1edec25218101c2666765cc5bae39414e3073fbbb69","first_seen":"2025-04-16T02:08:15.773768Z","last_seen":"2026-04-03T18:23:48.07991Z","times_seen":202,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.usemessages.com/conversations-embed.js","fqdn":"js.usemessages.com","domain":"usemessages.com","tld":"com"},"ip":{"addr":"104.16.79.142","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usemessages.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 29 Jul 2025 06:05:40 GMT","end":"Mon, 27 Oct 2025 07:05:39 GMT"},"fingerprint":{"sha1":"C6:AE:A4:AF:60:A0:8D:CE:35:B6:41:9E:B9:43:9E:11:B8:1D:94:6F","sha256":"B3:46:15:33:08:98:F0:A7:08:11:22:09:25:0D:33:27:80:FE:8B:3B:6D:33:3A:B1:AE:7F:58:F3:3E:8B:C7:C3"}}},"request":{"raw":"GET /conversations-embed.js HTTP/1.1\r\nHost: js.usemessages.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 97623775a8b956c5-OSL\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Tue, 26 Aug 2025 16:27:49 UTC\r\ncontent-encoding: gzip\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: XANyubGQwrAsgbdoASrTc9MUA2dh7r2A\r\netag: W/\"f0a8177b6b4bccdd59686c3381ed129a\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 e6aeeb7570ed691a78ca7b97af923d2a.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: IAD55-P7\r\nx-amz-cf-id: r0Y5jaCCNH0bkCvAQ7luLW-kZ7DwsmMtH6ipOdEAgV5WJ0TkKtjdWg==\r\ncontent-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.23735/bundles/project.js\u0026cfRay=9754c1d709675a84-FRA\r\ncache-control: max-age=600\r\nx-hs-target-asset: conversations-embed/static-1.23735/bundles/project.js\r\nx-content-type-options: nosniff\r\nx-hs-cache-status: MISS\r\ncache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod\r\ncf-cache-status: HIT\r\nage: 430\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":100865,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f0a8177b6b4bccdd59686c3381ed129a","sha1":"0a28082e9554a4d33520593e53fb3d3ca615654f","sha256":"a254d898662af7575b45c956cc449ce03af7b4ef24470468f2104a90aaf9faa0","sha512":"2a58bc1c7047b0030783c385a27c83f6a4da4318ed2cdadf69f553902174dfb1389eb330a61886ba610177d4c8d3aad72aad7780e7bab8b1391bbe5f1f0ce891","ssdeep":"1536:hfK+9irsKg6qKt3fmdCQDjIiJpjgmlj6wzA:ursKrt3gDjIiJCnsA","tlshash":"d8a30b9639a4ecb912c780d6a43b3115e2274c397025f0a5fbecdde64c2598f1272b7e","first_seen":"2025-08-26T16:52:44.971734Z","last_seen":"2025-08-28T11:54:04.527483Z","times_seen":46,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":31,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:13.250Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:13 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:13 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":221,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/css/nav-css.css","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.549Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/nav-css.css HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 21 Dec 2022 16:05:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed4-8b7e\"\r\nExpires: Thu, 28 Aug 2025 19:50:08 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35710,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"439f0a29db05aca91a337d4fc909755a","sha1":"d45feafc4834b6309f13bb68dd3f1baff0104e19","sha256":"b93f132986135c9fd5360e4fea93f922e1086f860687519aa7f55d63640e5a68","sha512":"3a84a6d9cc0494a519ec147b2b09c5160610c31f5d6efa77fe84967eeeb03d3bb868e9994cceb768412350a2eb90e490990a6d1f6728603f40b0e5f489c07648","ssdeep":"384:dVdDv6mNlBZu910jvxgUcFzagEyFXFxF8F/nt4n9uLeR7if:d6mt60LxsFzagEyFXFxF8F/nt4nkv","tlshash":"edf244e59bfa0204305b80a9b5516f5177bd5042a70bcef97ab5a06cffce38c8263749","first_seen":"2025-08-28T07:50:39.118633Z","last_seen":"2025-08-28T07:50:39.118633Z","times_seen":1,"resource_available":false,"data":null}},"time_used":733,"timings":{"blocked":227,"dns":1,"connect":237,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/c253a72d47108beb27913c6ae508cabf.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.934Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/c253a72d47108beb27913c6ae508cabf.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 02 Jul 2023 07:40:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64a129ff-8ba\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2234,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 64x89, components 3","md5":"38917f6afef5e7d593095dd5633ab1c6","sha1":"fc06d28ebd519d6260ea2df3b72906a0cdb3f8a9","sha256":"4afc24afa9240785273698de7f485104add2d89b4475c2559299aa8bb61447df","sha512":"d2dd8f77af10ef631b276a93fabb7d443e9ff6ebbdf7eb66255513778826116d827eb90f2c9bb4f75d53c6a08f79984768537e61fc99aecc947f62d01e492f48","ssdeep":"","tlshash":"98412b2dd3cc0663e2652d3d42c920892f245d1cf64f9c9e18021059161d4ebfb689a0","first_seen":"2025-08-28T07:50:39.120438Z","last_seen":"2025-08-28T07:50:39.120438Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1732,"timings":{"blocked":1484,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/jquery-1.9.1.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/jquery-1.9.1.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Jul 2025 08:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f7934-16b57\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93015,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"0ced1955d04ad67f93c642501960172d","sha1":"e346705c96ed71fef43144a893dc26f0d1ff2a81","sha256":"7196db5ce1154dda0f62614999dfd169a0e5fa9db634c12c308f9f9b22cb6f90","sha512":"c5fdcd09f23cbc4adcdc9ae38e7535eab9d10026b2607c21414cbb02258f0eb99bea0c8b53ee69129c62cf086898f4fec46d1a52f1170955b2b4d6ab0c636a47","ssdeep":"1536:g9sFlxCuYQ8kdpjEhDH19D7jXHi7mdG5bakVV6qN6MQDKwTYHUfn06dPGMIcXQWy:JXdURN6G7h8aGtvnx","tlshash":"b69319dd76c5b12247ab307d106f540af236599a280c8450f135e8fafc7898aa177f7e","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.095365Z","times_seen":1193,"resource_available":true,"data":null}},"time_used":463,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":463,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/queryDoubleNumber.do?date=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"34.150.51.26","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:12.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 19 Jul 2025 23:19:33 GMT","end":"Fri, 17 Oct 2025 23:19:32 GMT"},"fingerprint":{"sha1":"10:3C:EE:47:AA:C4:98:DA:8D:3D:84:57:BD:B8:E2:D6:BD:4D:E7:78","sha256":"B5:9E:9D:4B:0E:57:DC:40:50:B8:07:4C:96:6D:33:4C:06:3D:0A:54:1B:81:21:45:3A:90:7E:14:FB:6C:62:A9"}}},"request":{"raw":"GET /CQShiCai/queryDoubleNumber.do?date=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yzkjw78.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:12 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yzkjw78.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":655,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"479ed438bf8a66ff1c5a14db7f9e74b2","sha1":"d4a621a5e326a90a50577e12a1af014f19550fb8","sha256":"10dca3f76d90b9d0d3b4e9423aa7d9538e49021c20ed8f3c93bb148b03c1d472","sha512":"41d1d9fd0730d525fdca2b264b5b63e6ea2e37441292dc8395d5edc758232d023f0825cb2fe6310bb6a6f82ba56a8a47419ccb9ee6d30ccd3d997f3c9b52e4bb","ssdeep":"","tlshash":"9bf049803d6d21b36d717ab2b4f933d0aae41932695749ae4d4ce778d245c063f8990b","first_seen":"2025-08-28T07:50:39.123043Z","last_seen":"2025-08-28T07:50:39.123043Z","times_seen":1,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":28,"dns":0,"connect":0,"send":0,"wait":338,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:12.779Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:12 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:12 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":222,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/css/home.min.css","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.559Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/home.min.css HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 11 Jan 2024 16:00:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"65a010ba-8499\"\r\nExpires: Thu, 28 Aug 2025 19:50:08 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33945,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (33945), with no line terminators","md5":"5e07b074c7ae8d35930c89273bb06fa0","sha1":"f0a9de86fdbe78b4455c942e337c199816497b3e","sha256":"1c8cfcd003b8d89e15d117cfcf969b43df539c5a9c59044b956109d431a3cbc2","sha512":"b83e9e9b6ca65699a795b83590d7a78c61dd162f4a4d677911491578f38e4f0e6692ea970b36957a3d59cd23fe0d3eb948ae290f917661c23a4e6a1a3d9907d6","ssdeep":"384:yUSzSY2V8z3DbosYVCPMb2W62WP2WFxmKc0:eDiVaU2W62WP2WFA30","tlshash":"30e2527697b0274c8513c8a77646bbdf9a1ae8227311eefed0835c25878b9410d70acf","first_seen":"2025-08-28T07:50:39.124729Z","last_seen":"2025-08-28T07:50:39.124729Z","times_seen":1,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":219,"dns":0,"connect":0,"send":0,"wait":225,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/favicon.ico","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.513Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:14 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6751a668-29a8d\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":170637,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4832), with CRLF, LF line terminators","md5":"c3b91ae46e85aea48d4297a37bcd4c95","sha1":"49080bfb9df95dd4df404a134bfd660f29036c93","sha256":"ad9de9fdda132cd487ec7907b26e5d51f6f9bb9c16bfb7ef973d4ceeaba9eadf","sha512":"25806b16c23f5d95a7e4c0763bc98258d4998eedc8fed14b176bf132f50cff54121976f8e56ebea0fbc922e1358a145cea48d4675fe7da1263841bcc44dd419a","ssdeep":"3072:+BhPrAR8p+GQs+FmNt7qj0/Fv5mcpC8DGxuSkaaVXWrIbsXMiyS8a7KVU:G/KcpCqGxuSkaaVGrIbsXMiyS8a7Km","tlshash":"30f3e8b2d4f164330217c1e8f671bb1e96a3800bd702584075de06ad7f89db6aa2767f","first_seen":"2025-08-28T07:50:39.126495Z","last_seen":"2025-08-28T07:50:39.126495Z","times_seen":1,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":223,"receive":5,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T07:50:14Z","timestamp":1756367414,"ip_dst":{"addr":"172.18.0.11","port":53558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2025-08-28T07:50:14.739326+0000\",\"flow_id\":506795574443188,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.92.209.213\",\"src_port\":80,\"dest_ip\":\"172.18.0.11\",\"dest_port\":53558,\"proto\":\"TCP\",\"tx_id\":21,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"vsebolezni.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://vsebolezni.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":16668},\"files\":[{\"filename\":\"/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":65536,\"tx_id\":21}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":126,\"pkts_toclient\":198,\"bytes_toserver\":18687,\"bytes_toclient\":263941,\"start\":\"2025-08-28T07:50:08.539828+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/12b4907a8fd0b7653d9424e8314bc8e3.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.936Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/12b4907a8fd0b7653d9424e8314bc8e3.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Mon, 16 Sep 2024 14:49:02 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"66e8455e-1273\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4723,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 172x172, segment length 16, baseline, precision 8, 64x64, components 3","md5":"e9b7e6bca09f8ed7a570aae07aada5f4","sha1":"d1b82cc9ba42bd1b64dee57a5c5999b5e393f8b3","sha256":"7ef2e034cdeb216ee815a9797921b984dca2589a58351e54dacafd644441feb5","sha512":"6da19a6c99961b02c45aea440f92a7625875d54be43d797bedae38a615cf31dcdd1d035639d71110ae5e0023cc92f3af734ffa4f62c5383deae41766d4be51bd","ssdeep":"96:791oL8ZpGW8aTAPRn6Z8/SECK866lpDWusW4NdJ9F8lYbnZxo:791RG23ZQS263DYW4NtSlmnZxo","tlshash":"9fa18d0e4f53573bc9a2923c83f76c2d66a8d5169b9448a311417aafc4315ff63381db","first_seen":"2025-08-28T07:50:39.128386Z","last_seen":"2025-08-28T07:50:39.128386Z","times_seen":1,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":281,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/css/ssc_newVersion.css","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/css/ssc_newVersion.css HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c6-5771\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22385,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (22369), with no line terminators","md5":"0369d34b173ce7555a12e248399993b9","sha1":"54f591e9c2fddc9dfbf9635280afa3a84510d32b","sha256":"55d8170581789fd2baf42f160038645f58d3d1af667c0ce888880af5dde1e25e","sha512":"9b89089655a6b2bbcafd037a0e93f0a11bbc33f8dad15fb4d7ddac5aa0ab5aec375729949f459e4aa6b5745e68c3472146e932c448b5b0cec413592f5f33a5bf","ssdeep":"384:jVEF/iBu6GwB8PKhGewM5SflNWnAgg0+gu:jVYtwB8PAGXY80+gu","tlshash":"44a2403a76703769a2ffd1737aa07bcc2850c480c15e43b5dd6f2f619a5b3422ba6394","first_seen":"2025-04-16T02:08:15.810134Z","last_seen":"2026-04-03T18:23:48.139889Z","times_seen":202,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/cdn-cgi/rum?","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.643Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\ncontent-type: application/json\r\nContent-Length: 1041\r\nOrigin: http://vsebolezni.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:14 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6751a668-29a8d\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":170637,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4832), with CRLF, LF line terminators","md5":"c3b91ae46e85aea48d4297a37bcd4c95","sha1":"49080bfb9df95dd4df404a134bfd660f29036c93","sha256":"ad9de9fdda132cd487ec7907b26e5d51f6f9bb9c16bfb7ef973d4ceeaba9eadf","sha512":"25806b16c23f5d95a7e4c0763bc98258d4998eedc8fed14b176bf132f50cff54121976f8e56ebea0fbc922e1358a145cea48d4675fe7da1263841bcc44dd419a","ssdeep":"3072:+BhPrAR8p+GQs+FmNt7qj0/Fv5mcpC8DGxuSkaaVXWrIbsXMiyS8a7KVU:G/KcpCqGxuSkaaVGrIbsXMiyS8a7Km","tlshash":"30f3e8b2d4f164330217c1e8f671bb1e96a3800bd702584075de06ad7f89db6aa2767f","first_seen":"2025-08-28T07:50:39.126495Z","last_seen":"2025-08-28T07:50:39.126495Z","times_seen":1,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":225,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/css/bootstrap_custom_proz.css","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.548Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/bootstrap_custom_proz.css HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 15 May 2024 07:22:33 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"664462b9-20c9a\"\r\nExpires: Thu, 28 Aug 2025 19:50:08 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134298,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (540)","md5":"9516af593566e89e3af6b785cd296b66","sha1":"96301c0ab255d0109cd5a3e114dc812c0aa4fce6","sha256":"cfb5988bb17966489781f4c6f92cc6ffaa62e29dd9ea9955a3e145fd18c0fe8c","sha512":"652529d406b94c4c73754a4589f6798f1a3b73beb01a509f3f4e8b11a94f849f3f4dfe275132ebe90d26b4b1d77028e5a48bdbd85e2b0e9d9f49dbe4a077d8da","ssdeep":"1536:GqLQBL6cm7nCQdXix/EkZO/eIJHLv9VrSWnb/P2lwtcA72JT:G5BL6x7fMXZgtLv9VrSWnb/P2lwtST","tlshash":"8fd3a689e6b339817113c09937af8e42771d6043a41eed3dbb4d7b689f891488573b8b","first_seen":"2025-08-28T07:50:39.132099Z","last_seen":"2025-08-28T07:50:39.132099Z","times_seen":1,"resource_available":false,"data":null}},"time_used":894,"timings":{"blocked":180,"dns":1,"connect":224,"send":0,"wait":265,"receive":224,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-terms.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.922Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-terms.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-b07\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2823,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"215d79a68c0726214c7fe150712c9186","sha1":"d122a5a2317a5dd351fa8a16f2f1f9d4fb02e83a","sha256":"d4e3eb7498dcbff879d73a5986353df729bb15a6a6280c4b200a20c9ac17abed","sha512":"f277ee53d4cbcee2f16cce91ba417df5634cd1519da34e935646613b402ccdf861967f1623094b43fbb16d23393ff0e97e564ab4e1d48803f0293098a4ec157f","ssdeep":"","tlshash":"ea517eaa31ca892cc9a30e422dd5072cdd43d03d37f18a332e0e665568d77a5322d547","first_seen":"2025-08-28T07:50:39.133806Z","last_seen":"2025-08-28T07:50:39.133806Z","times_seen":1,"resource_available":false,"data":null}},"time_used":904,"timings":{"blocked":681,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/img/cltj_img/px10obj.png","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/img/cltj_img/px10obj.png HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/css/pk10.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d2-b3a\"\r\nexpires: Sat, 27 Sep 2025 07:50:11 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2874,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 111 x 101, 8-bit/color RGBA, non-interlaced","md5":"5025c85c1772aadbb3e53f953913d3bc","sha1":"fb7fb9939693929455b21cabd3f99b7b4761d39a","sha256":"124aeafaabb57da5126971cd6c763b317cde9003ff1690e447a494952f156139","sha512":"4e22762c206947be1e8757db4c14cfd0cf6fd70f6edbc40bd2a4e6fa9b1a7ee151e17135b39e6bb4df9161e173ed7207e463072d9ffff0fa415005bef0e77334","ssdeep":"","tlshash":"67511b9de451bda064c9ebe428fa8593c9238dc01beaf55ce98c59539c712f0604b6d3","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-03T18:23:48.108676Z","times_seen":1311,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/e25310b2df4596a7ee68903c8b2e9ba9.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.933Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/e25310b2df4596a7ee68903c8b2e9ba9.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Wed, 01 Apr 2020 07:13:55 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5e843f33-63d\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1597,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 64x64, components 3","md5":"48b1b1fa81b65c80e600a1b58fecc443","sha1":"12409b0534f8fe89f53faa62f451a85344565f2b","sha256":"bf7cff3d1f7838aff1913d4cd79b5587fb25fb8d613084d524ee4c9134770138","sha512":"e01330fe2a8da569a633a6640c1b5737f22e4f6c4aad689f6dbaf232fb9f22d90c7cc0dd05024c2c1ecc6e8a72d9c5b78bbfd47ae1df686c3009b0c6b60288d8","ssdeep":"","tlshash":"5b310a9725c34e15d8854cf1cd39a76112e941391692ee7f1d162b40bcf619b8c6accc","first_seen":"2025-08-28T07:50:39.136345Z","last_seen":"2025-08-28T07:50:39.136345Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1696,"timings":{"blocked":1450,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/img/bg_icon.png","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/img/bg_icon.png HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/css/public.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:12 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 15 Feb 2025 15:37:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4d0-3c2a\"\r\nexpires: Sat, 27 Sep 2025 07:50:12 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15402,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 948 x 404, 8-bit colormap, non-interlaced","md5":"821582b0c313e76c4f0d979664edf668","sha1":"dda5e9d9e4cee99daf3af76f83ffab6b712e7697","sha256":"a5c7914a21f1db358506caaf95ff6d1838769e4c303e6cfa5ebbacdb0b97643b","sha512":"160d5161b10f7bd73c5662b492bd83bd8caaaf1e140aa9d12e44e8aacd25d5124abeffa1d2f1ebbbe4efa0ca8e1b1ab5bba984057973d0677c5e88ef433d681c","ssdeep":"384:CzJsgcvepxLlsLiqMcNrr/OabQ+7211haD:C1sOpxAjrOaU+72jUD","tlshash":"2962c09588d5790b3e243be38e1524237a7ebe5342b0434b8606743e1f458bb286bad7","first_seen":"2023-05-02T12:59:34Z","last_seen":"2026-04-03T18:23:48.141036Z","times_seen":1315,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.hubspotfeedback.com/feedbackweb-new.js","fqdn":"js.hubspotfeedback.com","domain":"hubspotfeedback.com","tld":"com"},"ip":{"addr":"104.17.79.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hubspotfeedback.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 21 Jul 2025 06:42:06 GMT","end":"Sun, 19 Oct 2025 07:42:03 GMT"},"fingerprint":{"sha1":"CE:93:CA:57:DF:0C:41:63:E8:6E:9F:10:AC:D2:24:5F:66:4F:A2:C5","sha256":"72:CC:57:10:23:9C:E5:4C:3A:36:5C:31:9C:F4:53:FA:42:92:7C:4E:7A:3B:C8:7B:C7:AA:AE:71:2F:FA:26:73"}}},"request":{"raw":"GET /feedbackweb-new.js HTTP/1.1\r\nHost: js.hubspotfeedback.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://vsebolezni.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 97623775ab765546-ARN\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 3000\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Wed, 27 Aug 2025 08:53:29 UTC\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: iiUqchz7QbMCOxLjGVxq5diQw3V30Rx4\r\ncontent-encoding: gzip\r\netag: W/\"2455b533079d72aabef57ddb7491fd61\"\r\nvary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 23bb75571f07e0a7a182023119364d7e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: IAD55-P7\r\nx-amz-cf-id: vrlF_t1OyNnwCGmh3JiPht0vf86GRXRpE8uZx09YSb0xGPFjX3fZ6w==\r\ncontent-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=feedback-web-renderer-ui/static-1.27645/bundles/popupInjector.js\u0026cfRay=97623775ab765546-FRA\r\ncache-control: max-age=600\r\nx-hs-target-asset: feedback-web-renderer-ui/static-1.27645/bundles/popupInjector.js\r\nx-content-type-options: nosniff\r\nx-hs-cache-status: MISS\r\ncache-tag: staticjsapp-feedback-web-renderer-script-web-prod,staticjsapp-prod\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21781,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21665)","md5":"2455b533079d72aabef57ddb7491fd61","sha1":"21c6aa0e8e979ab38f031debfce0c5af81dca013","sha256":"7240e22034a5fb0b004673d33205566e04cadb00dec2b42b49b1a9e74e24e9c7","sha512":"035010e8f3529eac2768b1796f88b419747930dc74f5e559fdb5204f7381f848b179334078394c95c4be2d8d35afd37f5c64cb0248d9614c6033981b3c5bb93c","ssdeep":"384:wp/NGiPIp819xf/A21IR//b4P/0cUzvMfS9XYUg5UNn7TRkFpicvqF:qMRi9xf/AUq/0P/0cdLUg5UNXCFpiVF","tlshash":"6ca208dfb1dab43c4362c1e2153f8215f23c39903a8997e8bd568cd5b85d842922af6d","first_seen":"2025-08-27T17:32:43.555517Z","last_seen":"2025-08-31T09:26:42.789121Z","times_seen":12,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":30,"dns":1,"connect":9,"send":0,"wait":193,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/analytics.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:11.787Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/analytics.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:11 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Dec 2023 18:09:08 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6578a1c4-ceb4\"\r\nExpires: Thu, 28 Aug 2025 19:50:11 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52916,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2343)","md5":"575b5480531da4d14e7453e2016fe0bc","sha1":"e5c5f3134fe29e60b591c87ea85951f0aea36ee1","sha256":"de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd","sha512":"174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a","ssdeep":"768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL","tlshash":"74330af9b7423466c3a271e4403f1007907aadd5f449d8e4b58ad6d46d38eab02fbf68","first_seen":"2023-06-16T11:16:31Z","last_seen":"2026-03-30T20:55:35.950806Z","times_seen":5522,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":268,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/css/font-awesome.min.css","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.547Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/font-awesome.min.css HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 25 Jan 2021 22:04:55 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"600f4087-7a38\"\r\nExpires: Thu, 28 Aug 2025 19:50:08 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31288,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (31125)","md5":"00a37b867cdd7bd6b92ba5b7c18df70c","sha1":"9f4d57cc3ed9e96b0891c0d8453cd4904f3b423e","sha256":"0153350ce5ace94708d5b44dc2361ae8b0c6e8abe391723cef8f62985b2db419","sha512":"91d58920ddfb62c0f04c3a6cc9ec9b70ec43f054a5087e00d9dcd99307684565718f996b20fc129b2c46c28a4571af72ca2979cd3417def046bfbb0993eeb1c0","ssdeep":"768:u9fMa4awlr+Klk3Yi+fwYUf2l8yQ/e9vf:owlrniSUf2l7f9vf","tlshash":"c8e252e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-05-17T09:08:43Z","last_seen":"2026-04-01T05:38:53.763745Z","times_seen":83,"resource_available":false,"data":null}},"time_used":672,"timings":{"blocked":214,"dns":0,"connect":221,"send":0,"wait":236,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/css/vendor/owl-carousel/owl.carousel.css\u00261671638740","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/css/vendor/owl-carousel/owl.carousel.css\u00261671638740 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:08 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:40 GMT\r\netag: W/\"pub1671638740;gz\"\r\ncache-control: max-age=315360000\r\nage: 1710880\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=n12YMp%2BXoWQeoBPALt0UCZnsFvc1Q7RpjPZSL0TzD473W4u8CGGtFkASe5nNveK1oeoJHI7zdWdwW3CCJ1pACrqlHqvc%2BIOdn5RreE3xFN6jF55OuR7c95Fr67%2F1DLZRLA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9762374fbf400b69-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1175\u0026min_rtt=477\u0026rtt_var=1063\u0026sent=26\u0026recv=23\u0026lost=0\u0026retrans=1\u0026sent_bytes=16169\u0026recv_bytes=1675\u0026delivery_rate=9705093\u0026cwnd=256\u0026unsent_bytes=0\u0026cid=74b6ec5a901c0010\u0026ts=88\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2940,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (739)","md5":"c5298aec33d6ecfd21da89d2c9f6b28a","sha1":"be3c472d5e9e3bc68e1a8e557d7804fcc1639a0d","sha256":"dda367ae7555ece4d77e8f7d9fe99e5c77baea9ad479d259083119b87d648d72","sha512":"77a323e31431e327792125a402c150e3df15e953d1c2e71f1516b23b5ef5d96020f9cb5877fb079646ed7e2ccc50ec48860bc2cc172f5bac76f1b07df4e35342","ssdeep":"","tlshash":"ca51cee5311a215f581fc3261dd85e46293ec852c826065a92bbe71887dee1c122ffcf","first_seen":"2025-08-28T07:50:39.142111Z","last_seen":"2025-08-28T07:50:39.142111Z","times_seen":1,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":9,"connect":3,"send":0,"wait":55,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-discounts.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.927Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-discounts.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-5f3\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1523,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"5f6ad29c9bd44e455f0f05b9a54b666e","sha1":"f08b6c6c0c5853a8b5f531428181484bedc7f961","sha256":"b2c87108dca4b2613cf2666cee8e414b9080b58d069b1bfdea3b1c7748f9b098","sha512":"e35080a67216a299376cf27ed873ff3d65a95710221273189fa16a79bcd8ea6d1bf5a453f52ca97a3433fb6bf80ef59a67a88c419b2ba608d06c732d9ad73028","ssdeep":"","tlshash":"3f31290383684b7eaa34c1796879b6a1e2781c7b7a78d58940036d30f638a80e40b4cb","first_seen":"2025-08-28T07:50:39.144235Z","last_seen":"2025-08-28T07:50:39.144235Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1265,"timings":{"blocked":1039,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery-1.10.2.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:10.047Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/jquery-1.10.2.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 21 Dec 2022 16:05:45 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed9-16baf\"\r\nExpires: Thu, 28 Aug 2025 19:50:10 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93103,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65412)","md5":"3ccb0603f26be55f234275492d58c9a3","sha1":"3903b3fa707f28478b97e4e6ddb1536ed13ee732","sha256":"daa1bc796cbb99d1cb81f34977ac0094a031d97764d5135e76f1142f793d5de8","sha512":"172fae2622a90e7cd6e7f0891bb57028bc1e075275af11c21f241f2b7587558e0303a48f25f33045e4f4d964cadedd791f34e3958d340a0a0c3899a85c79cd31","ssdeep":"1536:d4mCgi8DyCuXXFiJ+L0kJQsJVPEKLQRZdC/RffDknv+p0WzH/IoCZ7qABZnu0sFn:dGsKXfI2p0WPCbDrstfak","tlshash":"6093f8ddb2d1b06257bb21bd006f540ff236195e280d8850f129e8eabc74a4d9277fad","first_seen":"2023-03-07T12:09:22Z","last_seen":"2026-03-14T13:15:28.233769Z","times_seen":31,"resource_available":true,"data":null}},"time_used":467,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":242,"receive":223,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/Sortable.min.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/Sortable.min.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 0\r\nlast-modified: Thu, 10 Jul 2025 08:26:28 GMT\r\netag: \"686f7934-0\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":466,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":466,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/zf/images/proz-logo-shadowed.svg","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /zf/images/proz-logo-shadowed.svg HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sslcdn.proz.com/min/f=/css/landing_pages/nliv_home.css\u00261671638740\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:09 GMT\r\ncontent-type: image/svg+xml\r\ncontent-encoding: br\r\nlast-modified: Wed, 21 Dec 2022 16:05:36 GMT\r\netag: W/\"63a32ed0-18d9\"\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=v6cjazD8c%2BXOCvyRBtU0%2Br3u2LgxsKEuJvBhkc4m4P9qh5ZF5KP79GFmRXb21d60Ty6nXHhCF4EnXgZVZPLfjZVMTilGGstIOEEZc8hyDdhJYN9CyI50ZLcco3KuG6Y17A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9762375718b25687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3746\u0026min_rtt=1421\u0026rtt_var=1954\u0026sent=16\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=6592\u0026recv_bytes=1528\u0026delivery_rate=778495\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=1298\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6361,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"58b2d5ac5b5e1ce479529c51c7a3f6a3","sha1":"ad165cd8a116ab49769826796bf06a6f7f77b7bb","sha256":"66bc5429e611fb3c0efeb2840715d17761606e7bad77610fbe86af5ecbd052ef","sha512":"34c907d119cddc57a99e070d7d8929ec9a74556c9a154a436c349e21a613f3f65e08f0cda42ea703163072d9147dd00ad8cb4a6d73ef315b4f66068927a5b3ec","ssdeep":"192:zfOb4BPOOb4hRmmrMpKM6ariDu+G2SvLsQcugvuEHZ:za4BPZ4Dmdq1SvAVPvN5","tlshash":"99d1d9e4a374e2ac6dcb8abeefb19cfa123f747c7115409c94be86047853e9ae545c40","first_seen":"2025-08-28T07:50:39.149221Z","last_seen":"2025-08-28T07:50:39.149221Z","times_seen":1,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery-ui.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:10.793Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/jquery-ui.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 21 Dec 2022 21:37:10 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a37c86-473ba\"\r\nExpires: Thu, 28 Aug 2025 19:50:10 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":291770,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2794)","md5":"0404d1a663120e049c3c080c7f5d73b7","sha1":"a56d8c0c7f8d9f0d129fc6fe76d8ee9aa02511a2","sha256":"81ed75941ab749c90d194043ed2cbd87af3d8974fe68f6e233e4865baf22fad4","sha512":"e986ac9982a3fbb82848953a0960be6e13eedf3af2e8f09bf7f2889e825ea80b86c213c5f8e5a66fbf3df05da9fe3b35746190c124a92bf05a27952fd40c0b36","ssdeep":"6144:c5md7z2BGBMBuB9FI226eYGoL41Ziv5ZftyyMnQGfJxh:c852BGBMBuByoLCiXwq8","tlshash":"a854d80d7300353a89efe26e142b1b4a7236a1999501816cf4385ddd6bbde01a17ffbe","first_seen":"2025-08-28T07:50:39.152035Z","last_seen":"2025-08-28T07:50:39.152035Z","times_seen":1,"resource_available":true,"data":null}},"time_used":466,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":225,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/local/tools/tools.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/local/tools/tools.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 04:07:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68733118-19436\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":103478,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (924), with CRLF line terminators","md5":"8013dd6bd01a41c8ba3ab87b75e00384","sha1":"7c7ac71f61dbade812e8553ef798ab95b1292ff0","sha256":"e00d209a165a446a1882f368f65c9b87df4599bc70edf7fd176ee85113b33bf4","sha512":"ef9250434b83beb1acb886c6a7f48ca078611c452712459b789cde59a389f1f009cf6652f73a1e1c060000d5a8b6a1d06209e706729763456b74fa425211aace","ssdeep":"768:YhY+GyBfYY65VS27+8cVI+4T1NNa+Na0NaOqBaA32imH52FpJ8M/Q5tQ5+eNj2NV:KtGWfYBVS27+8cVI+Yjvzqsni08o0K9","tlshash":"b6a3a61a99702a5a417373b5593fe500f4214f3b01078846bc7ed6f85fb9a62a378fe8","first_seen":"2025-07-13T11:51:38.295866Z","last_seen":"2026-04-03T17:55:51.30946Z","times_seen":270,"resource_available":true,"data":null}},"time_used":691,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":691,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-bb.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.921Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-bb.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-467\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1127,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"5663db0dcdee69f79963d536aabcf257","sha1":"3a29a1968e2feec355d434b7c06a1fb0e03cd219","sha256":"81f5e0bff91359253f8d6c6dc2ba295b2f31652dda16429aee1fc4ffb18c81ec","sha512":"7f377182beffb691f621cf35730c848fdce332603a44f43f52ba7f7eaffa91a5aad62ceede32a9c6efd38f825d21f01877cf83f3debfb3b3cf826a34af791e4c","ssdeep":"","tlshash":"6b2196c9f7d494aa28e104264c099d80f3975b545d51973ac8a913758d37a581a003c7","first_seen":"2025-08-28T07:50:39.155014Z","last_seen":"2025-08-28T07:50:39.155014Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1010,"timings":{"blocked":785,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/pk10BaseTrend.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/pk10BaseTrend.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Jul 2025 08:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f7934-1a2d\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6701,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6701), with no line terminators","md5":"6f6fadebe51378762442a2211edfef60","sha1":"abb6dd63e315112728f3540ef124480e4b1e9048","sha256":"441c3db4288867eb549306e2797b1075d745408c6674660096a9ed695435391e","sha512":"07072b7f0de691c11760da89619c378b0dbae068b540676c6bed50e9c1eb089716a1b235f10fb35730c3afe2ac42dc02ea67fbcc80e3551afc7d5507feb0d71d","ssdeep":"96:bWkh9UBeGm8ViMUrjjEgYQEHqSKFM4AJjCk:N0iMUrHEe0qSKFM48","tlshash":"43d1a919e1822126b25f3efcc63fd15880610fb0e598ee4c76fd9ab16d34ac65073d6a","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.10808Z","times_seen":1326,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":465,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery.lazyload.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:11.315Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/jquery.lazyload.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:11 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 21 Dec 2022 16:05:45 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed9-d32\"\r\nExpires: Thu, 28 Aug 2025 19:50:11 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3378,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3378), with no line terminators","md5":"9c259df726005ecc3aa31cd418912063","sha1":"0bf19ee6d5554319379a431b6f197adff9a2e64b","sha256":"2dcbcb49310f7a238520cf5e4ff774e2f5e1a4393424ff83014851213b045e2a","sha512":"162296669f07aafd29e6636e639340550a91cae6f878da74d4023ff45f409fc7fdb93797f177e7d9876165ff05aa4fa8687ee7e2939d8e1c802d317642811ab6","ssdeep":"","tlshash":"6161768e7e527839f0167a9e831f310a653ed46f81814c54b089ece4ecec7951236d9a","first_seen":"2025-08-28T07:50:39.158561Z","last_seen":"2025-08-28T07:50:39.158561Z","times_seen":1,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/google_analytics_event_functions.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/google_analytics_event_functions.js\u00261671638745 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:45 GMT\r\netag: W/\"pub1671638745;gz\"\r\ncache-control: max-age=315360000\r\nage: 45175\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=m1kFKEjBv3UmBFspItqYoJJZF14OmqrzWbEy%2BtCe0AlMpGJxIfE2ySmyNCjwkuD9wFDXrlndNAHm3kp9cJevlhF%2B6qqOmkm5GiC3UAVIaoq49qgHiqYuQmZJmGTauuFuuQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 976237731a495687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3170\u0026min_rtt=1421\u0026rtt_var=1621\u0026sent=33\u0026recv=19\u0026lost=0\u0026retrans=0\u0026sent_bytes=13395\u0026recv_bytes=3779\u0026delivery_rate=2232459\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5644\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":282,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with no line terminators","md5":"91261619158b15831cd458ba6ba873c4","sha1":"2e3f0e4d0ce2949be7e7b497332b5876d6bfc63b","sha256":"b54a7c7899a03158c5dcb12dd5cd74884e2a38f1f1e01087727d260782e15237","sha512":"d80ffb2941fbb0397c9c9238b03412a26a92b91fd3384122983574f64a5883230039fb42ccdb912cec3de1e49ebf37759b62faebc5df216187b369165ca04b1d","ssdeep":"","tlshash":"f2d0c20c3c197966c52f0e6c538a0825147013d6210150a0e041ec1c1f7dad7a5e3a62","first_seen":"2025-08-28T07:50:39.163235Z","last_seen":"2025-08-28T07:50:39.163235Z","times_seen":1,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:13.992Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:14 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:14 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":222,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/tooltip_v5.js\u00261716308803","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/tooltip_v5.js\u00261716308803 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 May 2024 16:26:52 GMT\r\netag: W/\"pub1716308812;gz\"\r\ncache-control: max-age=315360000\r\nage: 2890195\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=mSEbWCDBFx6dTLr3D%2BwnXxSuu0OfabO74jD1NG%2FsewEiGJJetBnEsbUzdO1Fnd53rl%2B%2FJpMGqGqf2%2F3x0WaauE0pSi4z4M37VjXNWmqe065JOSZc5e7CbmU2kXn4Y6AXuQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 976237730a195687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3464\u0026min_rtt=1421\u0026rtt_var=2028\u0026sent=28\u0026recv=17\u0026lost=0\u0026retrans=0\u0026sent_bytes=10449\u0026recv_bytes=3692\u0026delivery_rate=2232459\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5635\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2320,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (811)","md5":"d764312da69574d9d4118a7515ae7740","sha1":"2a307b035596e507164b539567c2b02c54928334","sha256":"9037fe8cf1c97f8c3cb768ffdd11869b0e08ca7ff5ba72ce914465e133adb55b","sha512":"4d2206aad1b3fff3b77932107e6aada15a286b2e0755e411619d23ca01df1ea9c249691bc673317c5cd6e317fde6aa734e7c3f83ece59e8966a4faaa4394f95b","ssdeep":"","tlshash":"2f41af6fe9b1625cc11adebb02efb20d53218560970a45b0a971b204e671742f9fa29f","first_seen":"2025-08-28T07:50:39.168416Z","last_seen":"2025-08-28T07:50:39.168416Z","times_seen":1,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/css/landing_pages/nliv_home.css\u00261671638740","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/css/landing_pages/nliv_home.css\u00261671638740 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:08 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:40 GMT\r\netag: W/\"pub1671638740;gz\"\r\ncache-control: max-age=315360000\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=wABgdQSNfyuX0WsBQUyX8dM04%2FNvwU6aM6dECJ%2FcNY%2BhAKLx6MvBOneejynGTeUAYnX9%2FxJP0a62N5EFpDls3YdXmtQaoFOg8lrY0Ak7tPVMPgcw5sRSoYTDNjmljYd7%2BA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9762374fbf440b69-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=953\u0026min_rtt=455\u0026rtt_var=780\u0026sent=29\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=17486\u0026recv_bytes=1675\u0026delivery_rate=9705093\u0026cwnd=256\u0026unsent_bytes=0\u0026cid=74b6ec5a901c0010\u0026ts=189\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17260,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (863)","md5":"6dd8c54fd75facb5b7f0afd5d901969b","sha1":"be6b710d011d98bc5edbb9aacef5493e893d5c21","sha256":"5dcbcd739895b77000ebe595144c7efb6ea04f77bf0d84869491c9dd2d6f9650","sha512":"f567800bdd5f4f2473f192c6d3e9592a554292be44a023fde05e074b8b321dba46f80aa745a7ebbce7f22ff510d222077717cfed255b8ee9323bd23c3ba37913","ssdeep":"384:FrOTQZSBKKRzhMvU7lnZXzvgpv8BDF118A7pZuydkDqUWKLh32AV2CSL:pZSBKszhMvU7lnZXzvgpv8BDF118A7v3","tlshash":"6172fd31f144e269a06f85f874615aff262d74d6e2073ef9bf66a15883c68c8253e213","first_seen":"2025-08-28T07:50:39.17085Z","last_seen":"2025-08-28T07:50:39.17085Z","times_seen":1,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":9,"connect":10,"send":0,"wait":152,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/mission.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.918Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/mission.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-38d4\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14548,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 440, 8-bit colormap, non-interlaced","md5":"76d0012ee71089dacf0311bb1c22026d","sha1":"8675a535104c4b849bcdc5172bf082e55cd3e673","sha256":"54ff64ac368a4234115c2043d4aec6b78522b5c31c0b52b92770013de7ea34f5","sha512":"a09246379acb818a1f1ebe705163bcb708db15afedc0ba42551377900787c7d4e773d46e9e99bcd5fb2c67e95f1f5dbf4c9f7ca19cc4987d528d071bfcaa394e","ssdeep":"192:hDFYM/izXC//VzqPsk1fImVY0u3DsnFfskl66ZhkDoWuAxzSnMoiA3dWxxN:hDFsXKFE1bVY0uQ5skI6ZfAto73IxxN","tlshash":"e862d080a9d08f42b71f12bfb56bad92f142cc906bcd438d494af0edb15605528b266d","first_seen":"2025-08-28T07:50:39.174664Z","last_seen":"2025-08-28T07:50:39.174664Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1086,"timings":{"blocked":604,"dns":0,"connect":0,"send":0,"wait":247,"receive":235,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/1768075_r522b8becf2874.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.938Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/1768075_r522b8becf2874.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Wed, 19 Jan 2022 22:19:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"61e88e5a-4b1\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1201,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x64, components 3","md5":"94fbbc823932703b6987aa4cda4e33fe","sha1":"53ca3051b41a4a932b938496f02295d4f3d41d09","sha256":"83c1339e9d296fd67c8d4a58d0c6542efceaa81f27e5a272ff2e032d70b1684c","sha512":"729e1212e46e52d8b8e96ac88a98cfb7931165f0174cb411e988193da043c1eb3ba126d21f062748fea3663c49ab62d9a3db4a86395baf1ae9b65ae2179b0e29","ssdeep":"","tlshash":"9621965636a8d802df57793255592e2971071b5246d3217c1f82019cacedcf39f06827","first_seen":"2025-08-28T07:50:39.177115Z","last_seen":"2025-08-28T07:50:39.177115Z","times_seen":1,"resource_available":false,"data":null}},"time_used":564,"timings":{"blocked":280,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.755Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:09 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":40,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=F334B94506E5537F\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=926760382\u0026si=9449080f1fd9d69519fb3ef29e931160\u0026v=1.3.2\u0026lv=1\u0026sn=29411\u0026r=0\u0026ww=1280\u0026u=http%3A%2F%2Fvsebolezni.com%2F\u0026tt=%E6%BE%B3%E6%B4%B2%E5%B9%B8%E8%BF%905%E5%AE%98%E7%BD%91168%E5%BC%80%E5%A5%96-freelancer%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-168%E5%BC%80%E5%A5%96%E5%AE%98%E7%BD%91%E5%BC%80%E5%A5%96%E5%8E%86%E5%8F%B2%E8%AE%B0%E5%BD%95-%E6%BE%B3%E6%B4%B2%E7%BB%93%E6%9E%9C%E5%8F%B7%E7%A0%81%E6%9F%A5%E8%AF%A2%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95168%E5%AE%98%E7%BD%91%E4%BD%93%E5%BD%A9","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"183.240.98.228","port":443,"asn":56040,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:11.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=F334B94506E5537F\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=926760382\u0026si=9449080f1fd9d69519fb3ef29e931160\u0026v=1.3.2\u0026lv=1\u0026sn=29411\u0026r=0\u0026ww=1280\u0026u=http%3A%2F%2Fvsebolezni.com%2F\u0026tt=%E6%BE%B3%E6%B4%B2%E5%B9%B8%E8%BF%905%E5%AE%98%E7%BD%91168%E5%BC%80%E5%A5%96-freelancer%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-168%E5%BC%80%E5%A5%96%E5%AE%98%E7%BD%91%E5%BC%80%E5%A5%96%E5%8E%86%E5%8F%B2%E8%AE%B0%E5%BD%95-%E6%BE%B3%E6%B4%B2%E7%BB%93%E6%9E%9C%E5%8F%B7%E7%A0%81%E6%9F%A5%E8%AF%A2%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95168%E5%AE%98%E7%BD%91%E4%BD%93%E5%BD%A9 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Thu, 28 Aug 2025 07:50:11 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=6B3ECBCDAC26F869; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T00:28:06.378242Z","times_seen":326485,"resource_available":true,"data":null}},"time_used":313,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/main.js\u00261698072801","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/main.js\u00261698072801 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Mon, 23 Oct 2023 14:53:21 GMT\r\netag: W/\"pub1698072801;gz\"\r\ncache-control: max-age=315360000\r\nage: 2897031\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=A7t1hBQRIT8Nb0L69WXZEgVfTo5iZ876Zf1xo9rUZPQDyamWUQ%2FNGPcJCjzzqmIQykM9h23t1xlOnaU1ncNEsyI%2FeEUpa8nySHQFMMaHGOwihXtpTPHB5uHHn6Pdu%2FwoFQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 976237730a2a5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=2940\u0026min_rtt=1326\u0026rtt_var=1677\u0026sent=35\u0026recv=20\u0026lost=0\u0026retrans=0\u0026sent_bytes=14397\u0026recv_bytes=3822\u0026delivery_rate=2232459\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5647\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11582,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"ASCII text, with very long lines (1461)","md5":"65776492b4135489d30cdd172e5976df","sha1":"5db5696efba6ff758114bab75420aff105086959","sha256":"7bc569527624cc3a63ac20af9aa59477279a02c723e9aacbdbb61785b4a684ec","sha512":"2e70ffe8549291afcffa760e001a0aad6893d5f94ee5b5439f2a30151290f0292f7c34d4e8896b9b28ee4d3ad8410584836b4d2a2249bd038473a1cbddf11b6e","ssdeep":"192:2Hm+rumCCqpfgrqowmGRR1ydGv4HXcGsnpL0QvwrB5X1GomlOULbS6gm+kl:2G+r1C5dvQXcGsnpL0QmLDql","tlshash":"fc3208dc9580715581e78cc7ea7bd72ff0f19c2aa306d832d0bc89a578a0756d2139be","first_seen":"2025-08-28T07:50:39.181704Z","last_seen":"2025-08-28T07:50:39.181704Z","times_seen":1,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/local/ssc/head_aozxy5.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/local/ssc/head_aozxy5.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 338\r\nlast-modified: Thu, 10 Jul 2025 08:26:34 GMT\r\netag: \"686f793a-152\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":338,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (338), with no line terminators","md5":"c3261b46b0ab83708346a608d8c628ce","sha1":"39835e5d93ce2c5473c7375d9e4492878e598081","sha256":"a4cd3a4af2595491fd9ea98f5faeb959eb00bf0d04c9dfb358dca7685a27ab97","sha512":"cc1ad508f567605d8348557eb0908be2d0638eeb9dbfcdaf750978ed7597efade08560c04c31cdcfb4a7872892cae2c311381fcd91a849628ccda69bb4460987","ssdeep":"","tlshash":"14e078cd45513c04b16dd13811378509d2b2180c104b9d4f1d73e4c3e4d49fd207d38d","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-03T18:23:48.103098Z","times_seen":245,"resource_available":true,"data":null}},"time_used":691,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":691,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery.sumoselect.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:11.543Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/jquery.sumoselect.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:11 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 21 Dec 2022 16:05:45 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed9-2ec0\"\r\nExpires: Thu, 28 Aug 2025 19:50:11 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11968,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11887)","md5":"e60495e58069d493c130917f1e3aa308","sha1":"b72f6ba31a099fe45b4ebd864a7d64a305868c65","sha256":"02cba23f275bf8e09667dd2f7dc7c2c261e88c3527d4ec9ebec3903243b3be33","sha512":"c5981d0338afac1bb943acdfb6231aa2ed9e1c4f5f1dd9ea86ca669894427b8264a19a7781758360ee85a10c17f5ea541d3b9e1d4ec93ee2ad8f433eae300e3a","ssdeep":"192:jQMo/fwbR4rVIjGxoFyrkonrk2IW0cRhaQI+WjIErTPlbFzX8PSa5ONXVSJAp:jQ0bMmcrkonrk24UUjIMT9bFrRIJAp","tlshash":"5332d65972c072b542bf60ab4855b89ab237493ec502d170f225aafd187de01c2a7f7f","first_seen":"2025-08-28T07:50:39.187274Z","last_seen":"2025-08-28T07:50:39.187274Z","times_seen":1,"resource_available":true,"data":null}},"time_used":231,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":230,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/parameters/getNoAdvertisingDomain.do","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"34.150.51.26","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 19 Jul 2025 23:19:33 GMT","end":"Fri, 17 Oct 2025 23:19:32 GMT"},"fingerprint":{"sha1":"10:3C:EE:47:AA:C4:98:DA:8D:3D:84:57:BD:B8:E2:D6:BD:4D:E7:78","sha256":"B5:9E:9D:4B:0E:57:DC:40:50:B8:07:4C:96:6D:33:4C:06:3D:0A:54:1B:81:21:45:3A:90:7E:14:FB:6C:62:A9"}}},"request":{"raw":"GET /parameters/getNoAdvertisingDomain.do HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yzkjw78.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:12 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yzkjw78.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1953,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"7ecdd0ccad41cd367a2c8ee896934a33","sha1":"81a85a497a6d3c1690aec93a1d32d8df034cb9c1","sha256":"ab2996705a41b5da716b687ca0d29d6601350807116ac265e5a17a0ea47a70e1","sha512":"a972c5d286ae479e80fd58d0a812cd0bd4ed618b92f22a44f33638338bbc810a5ddf8a4885fcdd906cba8124f2abbf5508965d0b433b0d512faf6f8e98ade325","ssdeep":"","tlshash":"e041f17b6f1c35db32a506d12ee16c84417cac761f71d8f59729320584e47ac0e5e2de","first_seen":"2025-08-13T13:08:13.288581Z","last_seen":"2026-04-03T18:23:48.121761Z","times_seen":1111,"resource_available":false,"data":null}},"time_used":2485,"timings":{"blocked":1074,"dns":399,"connect":225,"send":0,"wait":336,"receive":0,"ssl":448},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:11.801Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:11 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:11 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/dropdown.min.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/dropdown.min.js\u00261671638745 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:45 GMT\r\netag: W/\"pub1671638745;gz\"\r\ncache-control: max-age=315360000\r\nage: 2976990\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=0DyGPKkdKbn%2FBX3J%2Bc2sI1N5rezLB1hyO1jvoqQAqErvsUVMNVXZEt0HSQ8wxddpmpWNuzt8sF2Ke7Zfc3yelOEhPJPDeeR918kFoPFzftO%2B%2BiZHvjeOnMNnoupkhYa9iQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 97623772fa045687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=2433\u0026min_rtt=1091\u0026rtt_var=1490\u0026sent=52\u0026recv=23\u0026lost=0\u0026retrans=0\u0026sent_bytes=33087\u0026recv_bytes=3953\u0026delivery_rate=10975316\u0026cwnd=22800\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5651\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4197,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"ASCII text, with very long lines (350)","md5":"75dd57590b1c2ce5802f01dbff8af119","sha1":"4e048f06575a33067af7667bf6cd2f7fecd47853","sha256":"93e3625e92f4449b68cead84a93cce66c233ddb795c399584440e72acc58c8c6","sha512":"17c405751d454f776936accc829e67d244007e4c95047cb4e65d47e934b865c30e8011da4b7424dd37da02f702cdf9847e06a4009b39d3e3bd8a2c5cdaf66296","ssdeep":"96:WtfkI2CpVJm2UDWxlIgYT4pS5RFntslqZ:WtfkI2CpVJm2UDclnpsF7","tlshash":"d58163997093a0b18b90a3f9366f5558f930c801a405f448f6dcd5d9827a976b0f7e4e","first_seen":"2025-08-28T07:50:39.194879Z","last_seen":"2025-08-28T07:50:39.194879Z","times_seen":1,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/bootstrap.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.232Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/bootstrap.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:14 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Mon, 25 Jan 2021 22:03:59 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"600f404f-9004\"\r\nExpires: Thu, 28 Aug 2025 19:50:14 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36868,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32003)","md5":"c5b5b2fa19bd66ff23211d9f844e0131","sha1":"791aa054a026bddc0de92bad6cf7a1c6e73713d5","sha256":"2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a","sha512":"d9ef2aab411371f5912381c9073422037528c8593ab5b3721bea926880592f25bd5dfdec5991cdfe5c5ef5f4e1d54e390e93dfd3bca3f782ac5071d67b8624d4","ssdeep":"768:4UfYD27UwlNHMl9lqNuCPNjhqg8epm5CCJFXflA8Gf3ZTbQ:z/76whqKGvlm3ZXQ","tlshash":"47f29606b23031a147efb1e1525b020a7239696ee906907c78b9daf53db9c48717bf3d","first_seen":"2023-03-07T01:02:25Z","last_seen":"2026-04-04T00:33:01.341928Z","times_seen":16097,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.hs-banner.com/4041721.js","fqdn":"js.hs-banner.com","domain":"hs-banner.com","tld":"com"},"ip":{"addr":"104.18.40.240","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hs-banner.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 16 Jul 2025 22:18:09 GMT","end":"Tue, 14 Oct 2025 23:17:50 GMT"},"fingerprint":{"sha1":"B3:FB:09:B4:51:72:98:46:AA:20:53:FB:CD:3D:F3:7D:43:12:C2:A1","sha256":"38:52:80:07:1A:69:99:A4:E8:C4:F1:84:A7:49:9E:95:61:58:0B:94:D9:6F:51:8B:6C:A8:C1:8A:5A:54:68:42"}}},"request":{"raw":"GET /4041721.js HTTP/1.1\r\nHost: js.hs-banner.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncf-ray: 976237758ba3b4ff-OSL\r\nx-amz-id-2: SLUMtgUskiX/us4dII0B0PiLEsHBzX8DL0kWtNocIxBhp0qfL3lo4vv3ZQEtZehrdroBem92suA=\r\nx-amz-request-id: KDNEKZQM0RWR8589\r\nlast-modified: Thu, 20 Mar 2025 17:27:46 GMT\r\netag: W/\"7058dd1723d33a1f6f0baae3b6ceb114\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=300,public\r\nx-amz-version-id: fXXG7IjwQVLTuDsGsJ1Z4tpzad.LGm1B\r\naccess-control-allow-origin: https://www.proz.com\r\naccess-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id\r\naccess-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 604800\r\ntiming-allow-origin: *\r\nvary: origin, Accept-Encoding\r\nexpires: Thu, 28 Aug 2025 07:51:01 GMT\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 31\r\nx-evy-trace-route-service-name: envoyset-translator\r\nx-evy-trace-virtual-host: all\r\nx-hubspot-correlation-id: fbbbfea3-b475-4a82-a752-1e3692317d54\r\nx-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-fbbff5ddb-2228f\r\nx-evy-trace-listener: listener_https\r\nx-evy-trace-route-configuration: listener_https/all\r\nx-request-id: fbbbfea3-b475-4a82-a752-1e3692317d54\r\ncf-cache-status: HIT\r\nage: 164\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67271,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (59171)","md5":"7058dd1723d33a1f6f0baae3b6ceb114","sha1":"218ad2aa444cb8e93d8af3406898f6b12f5ff8e4","sha256":"8a0685b30cc6ffeef431556d407e3c010fc870add4d6910c28fa470ba3b7b0f4","sha512":"a660d92b1b03f25b651839dc643a62cc5debd532d4e8ee87ecb460b0ce0f78c9c4be1728bcd5a01920d4ca1ea2e147c499f2d75321be9056600f576979538259","ssdeep":"1536:zcWl4bbg0bq/5KyGpmU5xjHKHuCh2feXQN/:AKGnSuC+","tlshash":"9263f9bbf4ec107c13d746a666229b1cba3444dc96064f7cbd6caa990be14c31a7b371","first_seen":"2025-07-03T05:33:45.177678Z","last_seen":"2025-10-18T07:34:36.683285Z","times_seen":3,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":15,"dns":2,"connect":1,"send":0,"wait":16,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-discussions.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.924Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-discussions.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-609\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1545,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"aa799043156a5d21d031818564d4c97c","sha1":"183a69b87455d32ba5f8d3b273fe35dc86ca3147","sha256":"a50ef1e75ff624b84a374fe2e2c0a7fc216938a25d60516cda65cf7164382d0e","sha512":"a4e3e66dd4e2292b8a518b931bf15a3d415f2cef326c6cac5f3ae7cb3ef00c1daf3cff968c86d77b1b52c97621586598bcc65b5cebb48594805f50d16cbd0d77","ssdeep":"","tlshash":"0d312c12d132e55885ed58abd83810d8d4f75992f175be9bed20d75272cd31f3d11e20","first_seen":"2025-08-28T07:50:39.201639Z","last_seen":"2025-08-28T07:50:39.201639Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1128,"timings":{"blocked":890,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/011149_r47134ee849505.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.935Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/011149_r47134ee849505.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Wed, 19 Jan 2022 22:29:31 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"61e890cb-7b0\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1968,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 50x68, components 3","md5":"2c00d5ec22262a75d049c29bf26beca0","sha1":"3bb9bb83356eb2f80f3f4994fc1f21432631a02b","sha256":"e68a7d98901ec2375e36b73453d519a29faaedf83e51709cf8c5aa168d8d6d06","sha512":"c1bf4c900a2dedc5ecceb2808434f744342d33c7ec78fbe3ce749ec93108a4213d5f0e8b13e71374b30a9fd5fd503e9de4b77d29959db5201e8c07165ccb64cf","ssdeep":"","tlshash":"04410a2e0f6eef88d20905b30dde2a71045d4f875a1216537228823dda53a814bedb5a","first_seen":"2025-08-28T07:50:39.204085Z","last_seen":"2025-08-28T07:50:39.204085Z","times_seen":1,"resource_available":false,"data":null}},"time_used":624,"timings":{"blocked":282,"dns":0,"connect":0,"send":0,"wait":342,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/proz-hp-bg1.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.775Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/proz-hp-bg1.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/css/home.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-5c46\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23622,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1440x750, components 3","md5":"5649fa0047b3185fb9340727ad0f273e","sha1":"d61a22203535d5ec46757079b7dee12d5b3d84a1","sha256":"a5279498c0b3e35c4cb1173ade498a69fd7e47885fe1126d15ecb6409411bd1a","sha512":"f4143d167c311eae054d1958c2511321f1983cbbb44e9bcfe455297033a19174438face3d3621f1c373c90b36ce083bdfb543ef75bf704e3d950cedf1a9d5eb6","ssdeep":"384:fBhy86P+VSyKbHW/3f26vjI0sLvN0nal6hOuMCaFCHjS7COijycsBCDMNjysS7z:fBhy86hyKTi26bI0sR0lMHFCH/OiuBCR","tlshash":"88b2cf42a7539a82d86e1b302e9f5287f2b952f1d7729ea5b2f15e25712df087dcc000","first_seen":"2025-08-28T07:50:39.206398Z","last_seen":"2025-08-28T07:50:39.206398Z","times_seen":1,"resource_available":false,"data":null}},"time_used":984,"timings":{"blocked":489,"dns":0,"connect":0,"send":0,"wait":262,"receive":233,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 12 Jul 2025 02:43:39 GMT","end":"Fri, 10 Oct 2025 03:43:37 GMT"},"fingerprint":{"sha1":"C1:BD:D6:84:57:89:FE:9E:6D:F9:1F:26:76:1D:7C:45:E8:23:F6:35","sha256":"42:6A:B9:E6:CC:53:CB:12:2A:7A:43:B8:3D:90:FC:5E:4D:CA:A2:E0:3D:B4:2E:38:10:A6:6F:26:86:7F:D5:A0"}}},"request":{"raw":"GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://vsebolezni.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:09 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\ncf-ray: 976237574d1c0b31-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\netag: \"af7ae505a9eed503f8b8e6982036873e\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:55 GMT\r\ncdn-cachedat: 08/01/2025 14:01:18\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1333\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 3d79dca97f8a82343c129aad685e0e3c\r\ncdn-cache: HIT\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-04T00:27:36.90825Z","times_seen":409963,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":69,"receive":5,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/html/public/head.html","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/html/public/head.html HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 10 Jul 2025 08:26:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f7932-532\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1330,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"626eb9ecd82619ad149f5b4aeb530720","sha1":"c69c26a74ba1c15ab35cb3b48242603bbbb83cb7","sha256":"dd472572f54f664106cd0ffc2a5e3266bbfe14067b202b26d29315a1479ed062","sha512":"0627d3cb18e744a86ee878194805d402182c839886fddf75ef16a2d9d5e273ead1d5e570b6ae518ce2217cf9e0cdea706aa8f34db6a8d72b3200ae31d9400d9d","ssdeep":"","tlshash":"8321e260f5ac6b2b40b323a2a17b8b45942f9d1ad3009c0076ee57f7278fa68710b545","first_seen":"2025-04-07T08:33:42.704596Z","last_seen":"2026-04-03T18:23:48.091546Z","times_seen":1197,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/jquery-migrate-1.2.1.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:10.544Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/jquery-migrate-1.2.1.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 21 Dec 2022 16:05:45 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed9-1c1f\"\r\nExpires: Thu, 28 Aug 2025 19:50:10 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7199,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7085)","md5":"eb05d8d73b5b13d8d84308a4751ece96","sha1":"743052320809514fb788fe1d3df37fc87ce90452","sha256":"1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d","sha512":"7b68a43a22a41404a2ff58e0da6a237492cad0fc3e56d216980802b4d5fb483895262a7e049340d6670002bdf899ba88c319239e60d0aae1ac31d98556b0ad6e","ssdeep":"96:tBySz91Gwyk35YrfBewIt9jKLKDs2SFNK7wIDBRANyCfVJ45NI:zySzvGw/35YbMx9jKLKD3UIDBR8VVUq","tlshash":"3fe196dc72aab5611ffa30a8503bd21b72b25aec140d95a4f08ccde5392cc5d413ab7e","first_seen":"2023-03-07T01:02:56Z","last_seen":"2026-04-04T00:27:55.941185Z","times_seen":19794,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":237,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/main.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.558Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 10 Jul 2025 00:49:38 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"686f0e22-4cb\"\r\nExpires: Thu, 28 Aug 2025 19:50:08 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1227,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (472), with CRLF line terminators","md5":"a2149c6ee4d1f516ea182456c121e184","sha1":"957f97aa97237cc1e0e954c174f172922b91d0fd","sha256":"baf173e75a47a2048b481a8290c373cf5eedfe2b30de4527c6029c72213662bd","sha512":"4606a221e83621131532fea67f33eb9f4d12226486c23652c0ea5c37c8e840565410d8a08cce5ec121fc77a504fed7a06ad793094fc419a3e3976905bfa10692","ssdeep":"","tlshash":"712189af5a8531a0d57b2390caa797bcfeba8017471118b07c1c7b224b79c930426eec","first_seen":"2025-07-15T23:09:24.884548Z","last_seen":"2025-11-04T04:58:37.197035Z","times_seen":11,"resource_available":true,"data":null}},"time_used":497,"timings":{"blocked":-1,"dns":1,"connect":233,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-contest.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.926Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-contest.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-608\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1544,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"def8b6b66d44ca5cdb3ff07196ba7ee1","sha1":"cba2759c9d7f039083e86f46b07bd98b9c5a2732","sha256":"479cf00fbae3beae674d84de1ba5df8598238a0948aad336bab38d4df5b19ff0","sha512":"312a101d3da2bd93d0ff548fafbc1e6bd0340267d91f4113e72bee9d0ef566054ae99c81e3f4804dee92916326056d5e5021e6dcd96fd7be2d68da562ed9226f","ssdeep":"","tlshash":"5c31f9af9224d861d57f092b867f0bc1b46de3711a037577d45bc1f16a219bc79be020","first_seen":"2025-08-28T07:50:39.213296Z","last_seen":"2025-08-28T07:50:39.213296Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1231,"timings":{"blocked":1006,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/netflix-logo.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.930Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/netflix-logo.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nContent-Length: 752\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nConnection: keep-alive\r\nETag: \"63a32ed0-2f0\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":752,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 83 x 23, 8-bit colormap, non-interlaced","md5":"170f22456bf0b559d2383e0d2512d3aa","sha1":"e497d53bd9367d9e5ff95bd4c2d145bb3b204a0b","sha256":"a8364d0aba17c999f9464065fc39c9eef13e990bfcf4e49e0cf80d644eaf5a57","sha512":"6e4ee2abde04ae89425d096c0f24546aa3f4118781a5dac20bd3b471e347d05022d7dd4dfdc7519d8b69a7ac09beca541675e666466c52b1d3399d9a7d447d2e","ssdeep":"","tlshash":"0f01658bb5d4e42884f658500962142b648b39e57c4310ad16ce948cfb48731dda47b3","first_seen":"2025-08-28T07:50:39.21522Z","last_seen":"2025-08-28T07:50:39.21522Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1452,"timings":{"blocked":1227,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.722Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js-sdk-pro.min.js HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 418 Unknown Status\r\nContent-Length: 0\r\nConnection: close\r\nServer: TencentEdgeOne\r\nEO-LOG-UUID: 12816426573756793457\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"418","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/x-javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":115,"dns":0,"connect":19,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?9449080f1fd9d69519fb3ef29e931160","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"183.240.98.228","port":443,"asn":56040,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?9449080f1fd9d69519fb3ef29e931160 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11292\r\nContent-Type: application/javascript\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nEtag: 4de0f78c9a545691c8fc835e5b371648\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=F334B94506E5537F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29898,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (622)","md5":"bb959ab6c74c2057680e7070716b5920","sha1":"bc195528421de1bc5a6fe7d51d33f3eacd5f2ea2","sha256":"2a170b3c21829dd47fbcf78d4a1baa5306649218963eaeee4dce95bda2907898","sha512":"92cec2ccb4af20947afff26fb87270dae16eab3896e815e74e2c706d7a907786cf387eadbdd194451a1df6432e38d0f1618eae162a3812fbc1c986c38e94dc3c","ssdeep":"384:vdJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:vd4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"58d2d9e9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2025-08-28T07:50:39.21689Z","last_seen":"2025-08-28T07:50:39.21689Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2444,"timings":{"blocked":1067,"dns":325,"connect":244,"send":0,"wait":307,"receive":1,"ssl":495},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/nikon-logo.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.930Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/nikon-logo.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nContent-Length: 748\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nConnection: keep-alive\r\nETag: \"63a32ed0-2ec\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":748,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 94 x 24, 8-bit colormap, non-interlaced","md5":"6c3c5c2d75e6b9e383748e37f4c8566b","sha1":"53ee0acd7c86b091b72ba438df4d7372da671413","sha256":"e67c7f597d3a34b9031ab74d5ed7eea7aef2c9aa7dd3389d6c742d14aae0c271","sha512":"bd164bde144e09541f92a6a6c09f80f1e18258e65fa7963deeccb34b0ff11baa2136dd1d0a1c93b58bec44914d179d16e6ac1b1ce7aba6003911c6c3a9a216c3","ssdeep":"","tlshash":"f301833a1a3a1c9ccc91a23ce51bf4a0cfa068f56d4fe907647a565f1e000c781c5356","first_seen":"2025-08-28T07:50:39.219044Z","last_seen":"2025-08-28T07:50:39.219044Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1362,"timings":{"blocked":1123,"dns":0,"connect":0,"send":0,"wait":238,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/meeting.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.928Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/meeting.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-28fc\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10492,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 440, 8-bit colormap, non-interlaced","md5":"eaf43ad17672531530acd34a96b250c6","sha1":"fc563df7c7c70b46af52d09cc0a6ed127c73d759","sha256":"36da75eb44a8a5cd13eb97f386bd4cea5b2895d50951ce352460037391ca2663","sha512":"42893465be79984b04341ae939a5cfd1b6fdb6cdad102c0fb970185f5040eb5d815b9ec8ececb6ee3dbc867ab62a7b58dfe0eb0bbf7cd7eb5c45c0dad0323442","ssdeep":"192:IbkuT6m0ohX1UA8fFSf+eFEOzS+EgFpM4wwYJvtsN2CgEX4zHKd3VN:6TmogAGFSf+eT27gF6tvtscCfaYlN","tlshash":"4b2290a800e6ccfaa2a975f248039474f7279e2b5d526d7e20ed242f05ed0589dd0751","first_seen":"2025-08-28T07:50:39.220924Z","last_seen":"2025-08-28T07:50:39.220924Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1327,"timings":{"blocked":1076,"dns":0,"connect":0,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Nunito:600,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css?family=Nunito:600,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sslcdn.proz.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 28 Aug 2025 07:50:09 GMT\r\ndate: Thu, 28 Aug 2025 07:50:09 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3422,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"c0e73e2ee9de705d2f9602eb67f64195","sha1":"0fd50559d9a0d3b4e5c5b5d0205f2fb4dfcd8736","sha256":"73ed67a06ad8c39ee9eb15fad1c4c7a6d790bd878e0e718aec2c28f9fb1ba3dc","sha512":"0aa1ea747de0716a266a4214988b61ff65c5c20b76c2337d25e19fffd4c22568684bbbd61676aff090c8db490d140866b02134f3a3f8dcc14e2bdf312d30f61f","ssdeep":"","tlshash":"4e61a991142ad400a7832cc6a7df7e33dd4ea2143454847aebfd9898dca7d272260b5e","first_seen":"2025-07-02T01:28:14.646955Z","last_seen":"2025-08-28T07:50:39.222796Z","times_seen":3,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":134,"dns":0,"connect":28,"send":0,"wait":47,"receive":0,"ssl":123},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/proz-header-logo-sm.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.939Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/proz-header-logo-sm.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nContent-Length: 720\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nConnection: keep-alive\r\nETag: \"63a32ed0-2d0\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":720,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 116 x 22, 8-bit colormap, non-interlaced","md5":"1da0a360558beaa6be2e809de51d3d64","sha1":"06c3271a8d6c69e3cc45398dbbb80d2e3b4d215c","sha256":"1143ebf3b158f436284d74af8ea248d42f9b1f48a0f8d6da051574a200d3e6d0","sha512":"9dd9c004c9732c3ca63774c97f92be8cf883e8b18ccd6eba16108ca398cbcc02b0b105d91d3174104578d29b416eca70f37a7a60d5ef190cd9406eaa5cce5f3d","ssdeep":"","tlshash":"110194dfe01079318905a479856d6581be8bf5245d2faf883c37c0352a4c309c6e3200","first_seen":"2025-08-28T07:50:39.22363Z","last_seen":"2025-08-28T07:50:39.22363Z","times_seen":1,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":279,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCaiList.do?date=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"34.150.51.26","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 19 Jul 2025 23:19:33 GMT","end":"Fri, 17 Oct 2025 23:19:32 GMT"},"fingerprint":{"sha1":"10:3C:EE:47:AA:C4:98:DA:8D:3D:84:57:BD:B8:E2:D6:BD:4D:E7:78","sha256":"B5:9E:9D:4B:0E:57:DC:40:50:B8:07:4C:96:6D:33:4C:06:3D:0A:54:1B:81:21:45:3A:90:7E:14:FB:6C:62:A9"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCaiList.do?date=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yzkjw78.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:12 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yzkjw78.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":79329,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (65520), with no line terminators","md5":"4fcbba1d3970e5582b32b2e9c04b1645","sha1":"492b401481dbd8b218edb5949fcfef2bef45a721","sha256":"f4529d50904146e140dffa7d34f843874008f94976791618bbf25d689c97a032","sha512":"950659e06f20d032bca4b351ad3727c7a13f127f51132929c94c3ed8cee9b7aefa0fc2983e2ec4c7245bf8746c96601350adf7c97f4f2417d4fd972b05e7e2bd","ssdeep":"384:5E8w/ZE2xMFDZqq03w/Zq8wSVBQ96iw/zjh2DuxQ2OwSZqd9R5rEBUmZ9B3B/uhV:J0sOjPRWQnd1ciEDHCrckm","tlshash":"ee73ee293e6e24736e10777038aab4e7f46547235ee24f578b5dcb60c141b1e2a8f90e","first_seen":"2025-08-28T07:50:39.225374Z","last_seen":"2025-08-28T07:50:39.225374Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2420,"timings":{"blocked":1024,"dns":353,"connect":222,"send":0,"wait":370,"receive":0,"ssl":448},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/css/pk10.css","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/css/pk10.css HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c4-53fc\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21500,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"4ad2a39088656d3fbc9a8695463fb540","sha1":"c736fced00b9a629bb98d61e8e662394ff2afe53","sha256":"ce537293741ba0dbc920bd27a9bcfb575ce7382ea545f812071851932bf5a8f9","sha512":"c8648f0d3db43f80502064c7c0bf8a29345de217b3363eaa77e78c4a13f759c173f867743b80caedab875603c1d36c690d1ad8a82c001514ca9c64cb8d02a907","ssdeep":"384:Il/unsDrTtY0JMVYTJbtl/wqozQ2isEUc8JvWNJo4OD2bMX6t2Wn00LtK0N5djwC:Il/unsDrTtY0JMaTJbtl/wqozQ2ishcF","tlshash":"37a20439166a2d8db2539aaabff41fd63ec084150b0b42eff5d3ba1853c56702c631c9","first_seen":"2023-04-07T04:13:03Z","last_seen":"2026-04-03T18:23:48.10748Z","times_seen":1274,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/css/common.css","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/css/common.css HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c4-f71\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3953,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"e5b033e1840c9ced6b1373bd703f48c4","sha1":"39b3c23ca20086705ef134eb88b287704aad1931","sha256":"c2485a8fcb032d8921a78c0c0956e8842f4b6cdbcd2a0266cb1197ef96726f47","sha512":"f0c5d2797a9182391247dedae9d6449b46fcbda7f4b2ad8f30bb243cf474ae87bdb1fa48a4fbcd3e81e512e135b4acc0bab7e10478f99728dddfec414a92d565","ssdeep":"","tlshash":"818102b226353e44b519f4bcae60bfd19b2a4126bf0f0d562491b43cc3859f8077b28d","first_seen":"2024-08-17T08:27:12Z","last_seen":"2026-04-03T18:23:48.089211Z","times_seen":1201,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/config.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/config.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Jul 2025 04:07:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68733118-2ad0\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10960,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (485), with CRLF line terminators","md5":"ae683dcd70a6ac6f9f160625b7060ec9","sha1":"4c596fef13f36d28916e4213eb968c457b8b2a46","sha256":"069bae28b51a8ff46fdb6e2c0c722660b8dc544e93fc75a62ba142aeb5f72082","sha512":"6b52c0cefcb6c7143508b2bc14f0bd6d46ba1a7a76db8c7fc2011d6c94e7ca2e77be5615cc4575546fa3c0675abbe939141f454695af037785dca0177367f084","ssdeep":"192:qSa/WVpaV8Sx4AKtPxlmrwGGfdc8t5LxCDZV:qd6I+o4tPxESc8ten","tlshash":"b032101b845043a6a173d779247a2e48e93a135f80058c5b3fbd4ac49f3be369059ffa","first_seen":"2025-07-13T11:51:38.287222Z","last_seen":"2026-02-01T15:09:25.747652Z","times_seen":209,"resource_available":false,"data":null}},"time_used":688,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":688,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-28T07:50:07.954Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: text/html\r\nLast-Modified: Thu, 10 Jul 2025 00:49:38 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"686f0e22-35308\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:1.10.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery Migrate:1.2.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":217864,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2305)","md5":"43ea09fee2d77fa143436324310b7e01","sha1":"09e469cca3d46d2a6c9708973c0a5d314d7429a7","sha256":"a243940eca3a2467edc07e261165e86d76d8eef951a3d8e87565cc9abf6ab0bc","sha512":"ed80fa9e885d43c329622e9d84b0738adeeaf4e538224afc7ee612c94983c4245fe088ff10b1909dcc0e7ab631892fc9f86df9aac62bb3e4cfaa47d45e02db60","ssdeep":"1536:cId0A3BiNFZGBlKGMqUCMhHmrDdftgAHlrDdfogNNtWYhabl+1Kmb80DiXdZJssy:vd0A3BiNFZGB4GMta5fp5fBbvB1","tlshash":"5924882038f0d8b640eb48c856725a2eadf99307e5165688fb9d8bf60f73d6dca33145","first_seen":"2025-08-28T07:50:39.229893Z","last_seen":"2025-08-28T07:50:39.229893Z","times_seen":1,"resource_available":false,"data":null}},"time_used":920,"timings":{"blocked":220,"dns":1,"connect":223,"send":0,"wait":249,"receive":226,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/jquery-ui-1.10.3/themes/base/minified/jquery-ui.min.css\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/jquery-ui-1.10.3/themes/base/minified/jquery-ui.min.css\u00261671638745 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:08 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:45 GMT\r\netag: W/\"pub1671638745;gz\"\r\ncache-control: max-age=315360000\r\nage: 2976985\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=E7iWoR4czinBFYNRZhk7h5nAwyv5bwuHjjB0lmft46gPEvUXOlUG93SPVk83LbyEtTizrPRDQFlvEQGGQ44VOpP7QGYnWvRRK2DYmcEOj1ET9sod58hRQLbxKonYm%2B95tA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9762374fcf5a0b69-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1871\u0026min_rtt=477\u0026rtt_var=2186\u0026sent=20\u0026recv=17\u0026lost=0\u0026retrans=1\u0026sent_bytes=10584\u0026recv_bytes=1675\u0026delivery_rate=686907\u0026cwnd=256\u0026unsent_bytes=0\u0026cid=74b6ec5a901c0010\u0026ts=86\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26322,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (25902)","md5":"4e6ac827f947edf1eceef0600dc1f176","sha1":"d20bab2e62a16e864e1031b68d17d777e97c6894","sha256":"6516f94915eea8a2e77afc7c6cdd17f1a1c72267f4a2b7374eb1cbaaea1f9b9e","sha512":"c8eb412fc0253bbb5c0faa35a77ccdbb9b868ad47fd4fad8bd4f04c5850f34bb70f0b1be3ade43d34dbdae0937aed47fd874d605d4fefe4c2ca9a314a12c497c","ssdeep":"192:Q1StHG4D1bXrJLzBeN2NPLmSuxrjQ2ZuQE2QDjcA2CTB+48VIyB8gB6mBpNPzFhJ:ZhhFLzBTmaYRm+48VvL/72fZBhVbUR","tlshash":"d2c21130a4c2212efe33d13160e11ff4623bc242eda65f7ca05ab79953e98e4857b975","first_seen":"2025-08-28T07:50:39.231662Z","last_seen":"2025-08-28T07:50:39.231662Z","times_seen":1,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-cpn.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.921Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-cpn.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-ade\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2782,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 72, 8-bit colormap, non-interlaced","md5":"82c4b78511b8ffc4cc5df73f2ff7c730","sha1":"13c9ea1ac4d417cfd4a006bd7cbf666b31789c29","sha256":"61c4ccae41d014774c7da0754462081fcd3e28e86338aafb77912d20950d96d7","sha512":"c1e62f2860f34c33c6a9acc8c08a1877045e7b57045b1bbf40c7255a6e6bca849a5ee55b896cb8b7385ced0cd6c8fd30ede6db22884b70fd43fb93929504e3d9","ssdeep":"","tlshash":"cc513e27b136fe73799dea26980dd5a9d4a023a5c6011a316d012f78cd41f9bcb6bcc4","first_seen":"2025-08-28T07:50:39.233622Z","last_seen":"2025-08-28T07:50:39.233622Z","times_seen":1,"resource_available":false,"data":null}},"time_used":818,"timings":{"blocked":581,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/target-logo.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.931Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/target-logo.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-864\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 104 x 24, 8-bit colormap, non-interlaced","md5":"6d76076b9cf9aafaa12d196f2e8d253f","sha1":"d1f0b6d9bc49348af86e65a21ec036465b22fa8b","sha256":"47abc9aa038c9f5784b881bc9edc607fbe36d6ca8669da8ad5a69a118bef7f8a","sha512":"189a618cb3fbc0fd175bacabc273b519e96e44deec8454f4ec13b7c3d537d032df372b199a543ae04fc7ab185893728d6b6a3998735ffd12207c6d3c513de7ad","ssdeep":"","tlshash":"544107e18529c2bc8c85392e26fb5957e6d9bd7a692b06e8c16da80e0fd039d49401a0","first_seen":"2025-08-28T07:50:39.235384Z","last_seen":"2025-08-28T07:50:39.235384Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1486,"timings":{"blocked":1261,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/3567541d55a4c956a8edfba6f036ce5a.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.935Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/3567541d55a4c956a8edfba6f036ce5a.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Wed, 20 Sep 2023 07:35:50 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"650aa0d6-f9e\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3998,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 64x69, components 3","md5":"c2e1eee08160c23b999fc9e19ee511ac","sha1":"19dd12ed5ed87bafebdf38d6ba89b494a4d484b6","sha256":"45c20c67053103b6ae71926cf184297aaa142efedd2a4611110513893d946c02","sha512":"612291eb0e239419281f470dc14455ba9f095f23996bd754d160c0dd82ca9ba85cac5d65b67d53f042a3514bb24ce593efa17aa684b572207b5441cb9670794d","ssdeep":"","tlshash":"3e817c4bb97a2ca2cbd422b33750c3076523a84ea8035c9c42fe0546b223780fe156b8","first_seen":"2025-08-28T07:50:39.237111Z","last_seen":"2025-08-28T07:50:39.237111Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1812,"timings":{"blocked":1558,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"34.150.51.26","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:11.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 19 Jul 2025 23:19:33 GMT","end":"Fri, 17 Oct 2025 23:19:32 GMT"},"fingerprint":{"sha1":"10:3C:EE:47:AA:C4:98:DA:8D:3D:84:57:BD:B8:E2:D6:BD:4D:E7:78","sha256":"B5:9E:9D:4B:0E:57:DC:40:50:B8:07:4C:96:6D:33:4C:06:3D:0A:54:1B:81:21:45:3A:90:7E:14:FB:6C:62:A9"}}},"request":{"raw":"GET /CQShiCai/getBaseCQShiCai.do?issue=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yzkjw78.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:12 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yzkjw78.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":955,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"c927713e10bba89295ad4d295a22e3ef","sha1":"717634edccad7dd0031fa9e49437753cc9c90ecf","sha256":"18d785d4bd5d189c6623de551bc898bcd1d26ae13d0a006d65d63cf3ea67ee7d","sha512":"5ae62ed680206f12b83791bce72e87ca5b1201f245fce78d7010f60ddc59ddc32ac0281c368dbd298a54e688250b318945e4dbb3e802b12a8380e2e77f28a2d4","ssdeep":"","tlshash":"ed119e74be6c2875af1271713827b1eaf42427132de55e95c74dcb14c04162a2bcda0a","first_seen":"2025-08-28T07:50:39.23929Z","last_seen":"2025-08-28T07:50:39.23929Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2435,"timings":{"blocked":1035,"dns":357,"connect":227,"send":0,"wait":365,"receive":0,"ssl":448},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.039Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:09 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/jpg/0af74efd2b7883b8cc0aa5f140d4f949.jpg","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.937Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jpg/0af74efd2b7883b8cc0aa5f140d4f949.jpg HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Mon, 27 Feb 2023 17:57:41 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63fcef15-14a6\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5286,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 435x435, segment length 16, baseline, precision 8, 64x82, components 3","md5":"fd6a92ca01e5b8e30a6c3670591b4538","sha1":"854979fcf3e75dbba67ea8e9975b6f1ff5a9d460","sha256":"946fbe0e006321d219961df0cc2ca85d69a8c1189f8339efcc4ce24102064183","sha512":"b084ae5d1982f1cb337a29b0a6e2e44ddf3bcfbb528ef27839e13227795ef1879c8779ea2fbc62f78aa6a9fc376bf79ec67c043e08de9691f6c1f791066308e2","ssdeep":"96:MsdQiF9XmLj212fx7Pi8RJ2Tk9CFPf5gdG35qOvu8Bqib1X2bjoPb0yTUUegI:MtmXMNh+TZf5EG3wOvuzq2bsPtFegI","tlshash":"92b16d306805a968be74233f717fe944290c1f47add6def8462e0d11f3e4cf66689149","first_seen":"2025-08-28T07:50:39.240994Z","last_seen":"2025-08-28T07:50:39.240994Z","times_seen":1,"resource_available":false,"data":null}},"time_used":638,"timings":{"blocked":281,"dns":0,"connect":0,"send":0,"wait":357,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.545Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:08 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":718,"timings":{"blocked":232,"dns":1,"connect":237,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/css/public.css","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/css/public.css HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Feb 2025 15:37:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b0b4c4-59ac\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22956,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"7c54605cb3f71748fb879ee8e6b705ee","sha1":"f8c8be00cc570ee35564f543357034e6addd2500","sha256":"5256fc07502ba8b4af3949b231c9bece358850eb090c6c547e187ef423527f78","sha512":"a86d4d412d17e3be85097a53b5074e38a65900299ca40a7fc38a62fedf0c923d536a07974be98aabee1c71ab3560b05415c8f0e56813133182650b7bccd7db6f","ssdeep":"192:iSICtkWbE2ofggVdomdEP7WaGvuHRVrhF3hng65t71xTFq9YXRHecX6oEg8JYWYp:iSIyxh1r1eo","tlshash":"b4a2ca342cad28c9b11f96ac3d7a7bda4a1c8044de0f4e6cf1bb7db5b7492504272ac5","first_seen":"2023-04-07T04:13:03Z","last_seen":"2026-04-03T18:23:48.086622Z","times_seen":1298,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:12.070Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:12 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:12 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:13.484Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:13 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:13 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":221,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:13.747Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:13 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:13 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":221,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/jquery.async.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/jquery.async.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 902\r\nlast-modified: Thu, 10 Jul 2025 08:26:28 GMT\r\netag: \"686f7934-386\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":902,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (902), with no line terminators","md5":"2e3cd10cd7579756c32b479d018996ce","sha1":"f802c0231c81b061352b3c7bb4c64c143ce353f2","sha256":"9b52ff42b1430595e38ae165b5a8ac6719c0bfddf9407ef9bc720dc30f2d3e5f","sha512":"f268b0dfed8599261280098146616a56bf347d56edaae23924373d6f09c09df07eae57e89cd05fc86175aaa6e3c6d1e12a987a5ee5bb5d678a8e65db3a04c421","ssdeep":"","tlshash":"4a119cd87791a6050752b46c077f211cd23638141c1f9558b6bef4e25c1931eb12e9b0","first_seen":"2023-03-07T12:24:04Z","last_seen":"2026-04-03T18:23:48.119729Z","times_seen":1326,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":465,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:13.043Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:13 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:13 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/4041721.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.240Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/4041721.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nCookie: Hm_lvt_9449080f1fd9d69519fb3ef29e931160=1756367411; Hm_lpvt_9449080f1fd9d69519fb3ef29e931160=1756367411; HMACCOUNT=F334B94506E5537F; _ga=GA1.2.1173603844.1756367412; _gid=GA1.2.1823858415.1756367412; _gat=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:14 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 05 Dec 2024 09:55:56 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"675178ac-9ce\"\r\nExpires: Thu, 28 Aug 2025 19:50:14 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2510,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (560)","md5":"12997b3fac63265b7b3c3f3c606eb95b","sha1":"595c7e81d709ab698c5252276ae5235632bc6538","sha256":"1b3148fd2ece996c15c7b8e6c03a0a6fe023b4ce86a9148decd65a80f1e7cb8d","sha512":"f2122c86820e506550d37125d457cf6bd47ee54df6f478e7d2d2dc90b42ae2dc13366d7c9e078bd6b0c536c9ecbce4651f961eefea29a2427fad7a08bea40d95","ssdeep":"","tlshash":"2a51f33f7c198c384ac58ada5779c959b1f530619510cc9198cec88cd5bdfe62417f5c","first_seen":"2025-08-28T07:50:39.244238Z","last_seen":"2025-08-28T07:50:39.244238Z","times_seen":1,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-events.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.925Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-events.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nContent-Length: 995\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nConnection: keep-alive\r\nETag: \"63a32ed0-3e3\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":995,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"6714e6de884e4838cc9b4cdb8686dc21","sha1":"e8b167d1698c9c8ea76454706122ddce758e3a8e","sha256":"5ba1c04a39ea390c7b2ae432b1a3066d233c984f3d2e8cb11dd7a7c39b5b4aec","sha512":"f7172c0b6b6ec3f7d8d36f792f5ca393925b94e835b7ae73fe7a66e09549caa0fe8fcc2e09037ac27079e3f72c3b61acad030910e675256b2ba028425fb4fc72","ssdeep":"","tlshash":"1211a5fe5725eafadb7489d24a1a3494f984142472e50a432189841818ced435498ac3","first_seen":"2025-08-28T07:50:39.24576Z","last_seen":"2025-08-28T07:50:39.24576Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1123,"timings":{"blocked":901,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/js/rocket-loader.min.js","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:09.269Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/rocket-loader.min.js HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 22 Nov 2024 15:59:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6740aa56-302c\"\r\nExpires: Thu, 28 Aug 2025 19:50:09 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T00:32:01.537578Z","times_seen":94312,"resource_available":true,"data":null}},"time_used":436,"timings":{"blocked":212,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.api168168.com/CQShiCai/getShiCaiDailyDragonCount.do?date=\u0026lotCode=10010","fqdn":"api.api168168.com","domain":"api168168.com","tld":"com"},"ip":{"addr":"34.150.51.26","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:13.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.api168168.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 19 Jul 2025 23:19:33 GMT","end":"Fri, 17 Oct 2025 23:19:32 GMT"},"fingerprint":{"sha1":"10:3C:EE:47:AA:C4:98:DA:8D:3D:84:57:BD:B8:E2:D6:BD:4D:E7:78","sha256":"B5:9E:9D:4B:0E:57:DC:40:50:B8:07:4C:96:6D:33:4C:06:3D:0A:54:1B:81:21:45:3A:90:7E:14:FB:6C:62:A9"}}},"request":{"raw":"GET /CQShiCai/getShiCaiDailyDragonCount.do?date=\u0026lotCode=10010 HTTP/1.1\r\nHost: api.api168168.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yzkjw78.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:13 GMT\r\ncontent-type: text/html;charset=UTF-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yzkjw78.com\r\nvary: Origin\r\naccess-control-expose-headers: Set-Cookie\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":320,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"b7393320f0c7e85df9875ffc48beddd3","sha1":"166a3bf43f10e00f9cb457282f9095493e89e6af","sha256":"cc8b311cc5cf2f9d5c7c61c053e9adf7db34172495a7bfa6dfe7c0cf9b89a8c7","sha512":"fcf34e217a139298298268a9d1b70d7b093ef9f747b3e612ab59f5f57ccc41f1d13a02848410e76a5c26dd04b6405e8e94b4162c57e7767d566e06e17b45c2e8","ssdeep":"","tlshash":"9ce0e2a8b926351faeca0f29f4eab234a0e012518e5897d5c0fc0831278490db02ff80","first_seen":"2025-08-28T07:50:39.247419Z","last_seen":"2025-08-28T07:50:39.247419Z","times_seen":1,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":326,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/buttons.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/buttons.js\u00261671638745 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:45 GMT\r\netag: W/\"pub1671638745;gz\"\r\ncache-control: max-age=315360000\r\nage: 2289250\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=kjjQx0HVskH6Nkw9Ym%2FBfyV1qDStkyN2BsRpuYYbyjAk3YXlIuvYLP5JgscSEVY541b2y54IUH2jTgSFAjsRuAQWDoiGqqlwL22y4udkUQ5pwDrLhSre6wjFddp%2BzJ2kyg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 976237731a415687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3464\u0026min_rtt=1421\u0026rtt_var=2028\u0026sent=31\u0026recv=17\u0026lost=0\u0026retrans=0\u0026sent_bytes=11937\u0026recv_bytes=3692\u0026delivery_rate=2232459\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5637\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1560,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (554)","md5":"b595b33a5ab05a3ce43f140ea681ad51","sha1":"711f25a61cac9b45e6e284c57fc48df4a4689bf1","sha256":"72f82d030c7832c50bed777460b8c7fcc8aabb522aa68037bd7ca71fca2f0c1b","sha512":"ce91b71bc3eba44d418f1e524e993c0b688e877b73992d005247e53fc2caf403bd4dd8f9ebd787f3efda97d9ea285367affac92a1862f1cbf31ff4ec017cbe60","ssdeep":"","tlshash":"db31df4579d9631287bfa135201faec8393bbf9a1010a024f4b969c53ef8c15e537e7a","first_seen":"2025-08-28T07:50:39.24892Z","last_seen":"2025-08-28T07:50:39.24892Z","times_seen":1,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/lib/date.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/lib/date.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Jul 2025 08:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f7934-1edd\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7901,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7873), with no line terminators","md5":"d372d65bf3cac7dd5c8e01e537c1f3f5","sha1":"20d5f82e581928efd22c6422bc0fb6d30f30a4b0","sha256":"e9768904049bc1ebda895c104e828ca51fdfd0ba507c6af453738bd359580b12","sha512":"d3a60553c0d9854a973c563033bebf0c4ceb92699e3aac25b664195b66350089d20524a952c316f7faad5d2eba8dbc05d12bf0a9684bb2fbc3e34f29c09f8d24","ssdeep":"96:JUAuXHhJ376UYX6sfWdJVeAflACAEYB+zq0LfUvsHFH6+PpDQAyiDJpeC78Rf0rq:CAuzYXtANACAEXlc0DQIsRfPcmF","tlshash":"a6f11f4270303048237a91fc74ce928a25f06dffd61a415ea451fa8927deb7e2b7b219","first_seen":"2025-04-07T08:33:42.67714Z","last_seen":"2026-04-03T18:23:48.087087Z","times_seen":1184,"resource_available":false,"data":null}},"time_used":467,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":467,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"bd51static.com/7ry.js","fqdn":"bd51static.com","domain":"bd51static.com","tld":"com"},"ip":{"addr":"35.215.190.193","port":80,"asn":15169,"as":"GOOGLE","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.558Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /7ry.js HTTP/1.1\r\nHost: bd51static.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:08 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 07 May 2025 07:20:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"681b09cf-555\"\r\nExpires: Thu, 28 Aug 2025 19:50:08 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1365,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (554)","md5":"b49cd1dc0129f18f8ab76d9249e0f1d4","sha1":"83de531cb19e73636a45aef6c47de3317a61fdd3","sha256":"96cd0cf7391454455addfd9b6a7c18139072db87453b022adf2cabbf4beb119d","sha512":"c32d63254c6e11fa48d1f036e87c4494657bffdafd31c76c5d43fcfe885184e50e33b486a652b9d527cc59a6e9e8e29f6787d24c90b6956c26901090812f1094","ssdeep":"","tlshash":"6921f05f7c05e1246796383a33bfde9ce9ae0025241dd802a4eec4ac6d28ff90527b4c","first_seen":"2025-05-25T12:44:27.079127Z","last_seen":"2026-04-03T17:55:51.313639Z","times_seen":302,"resource_available":true,"data":null}},"time_used":463,"timings":{"blocked":-1,"dns":15,"connect":224,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/google-logo.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.929Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/google-logo.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-47a\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1146,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 24, 8-bit colormap, non-interlaced","md5":"6b4630c7e9fe01866fb0425cb5e2b28b","sha1":"30de20087b576ff4417147ccaddbc07190050cea","sha256":"41a13a8cc789f3cdef33ff47f717746f75b537bb50b621ed9ce2eaefa6a52620","sha512":"1fb3f794eadc1cc6fc6bc8242ee7baea11fcfa432bfbaf47be4129e3ff3ab1bebea600871ff8e1f135f4c58937df0c1298001edf75e09242e624b4a40a16725b","ssdeep":"","tlshash":"3f21cad3d57a1d39e53f9f1043f2b904b682225b5085a503ce408376b7d8118fa7cb44","first_seen":"2025-08-28T07:50:39.252086Z","last_seen":"2025-08-28T07:50:39.252086Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1334,"timings":{"blocked":1100,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/microsoft-logo.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.931Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/microsoft-logo.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"63a32ed0-57c\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1404,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 24, 8-bit colormap, non-interlaced","md5":"ead5ec2349ba7248291875a6084211f6","sha1":"cdb8e91a79381d1f5aebf68ab2e9833de7433f4b","sha256":"693e4f849b572bdda546215914362e505f254f6bccc02dc1885bae8882b05a0a","sha512":"ee9e6e80842a528bac0081cfab1305078420bc362b15ddce64fe704b7b3fdf984bf15c0cc01669304e81c9edefef301f1cd45b9a631460f6a54c6fde9c0b981f","ssdeep":"","tlshash":"e821e945c5ad8e3a46bf06489267d40709904a43a72ae59209235bf4204f32bffe1ac3","first_seen":"2025-08-28T07:50:39.253891Z","last_seen":"2025-08-28T07:50:39.253891Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1561,"timings":{"blocked":1323,"dns":0,"connect":0,"send":0,"wait":237,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/home-dictionaries.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.925Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/home-dictionaries.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nContent-Length: 926\r\nLast-Modified: Wed, 21 Dec 2022 16:05:36 GMT\r\nConnection: keep-alive\r\nETag: \"63a32ed0-39e\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit colormap, non-interlaced","md5":"b6b8b021855dfcd0d04f46c227a9e6b0","sha1":"79f6756bcf58c978d3b424657725f131bfff2268","sha256":"4ec6e6d9d00b286b4c4abedea42b51a8f54bb825854484bc44620ebe182d51f2","sha512":"9aec9ac6e17af16a04b513c74bff8ce5b772a5ff76444cf78e6a9793976e7673dfb27c3b6d4d231ff7bcfaaf8c9516560100710a9b77e274c5c476776510d982","ssdeep":"","tlshash":"8b11842a42f03c6ecd32757b0f5dea00c423ca910f915b1402c1d8a35d6e509c657bf6","first_seen":"2025-08-28T07:50:39.255445Z","last_seen":"2025-08-28T07:50:39.255445Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1040,"timings":{"blocked":815,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/64_profile_placeholder.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.932Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/64_profile_placeholder.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:10 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 19 Jan 2022 21:59:31 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"61e889c3-f5b\"\r\nExpires: Sat, 27 Sep 2025 07:50:10 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3931,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, interlaced","md5":"864399e53bc6da9d527a989d89da8886","sha1":"ad31c3d6aab6a7077d9574bde751858bda24f746","sha256":"99314b8c86e682a0672014cadfdaf6c2c5ef06dd884c9b9a6dfd1dfdc694a328","sha512":"e67a0f64f6774592a60098569764f3881f144f06dc0497c847e6c5e1ddb300ec841583a3fd482d75b669be49fa3b5cf04b4ec545a4a56a556fc8fd2567af9b7b","ssdeep":"","tlshash":"da817e2f7f49de8ac6282203e6f341a755d30853874f52a7535a722f36c6d15375cd84","first_seen":"2025-08-28T07:50:39.256767Z","last_seen":"2025-08-28T07:50:39.256767Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1629,"timings":{"blocked":1359,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"vsebolezni.com/png/cecdff2d2de2520a4f83f260beb7716e.png","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"34.92.209.213","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:08.937Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /png/cecdff2d2de2520a4f83f260beb7716e.png HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 28 Aug 2025 07:50:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 28 Aug 2019 08:14:13 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5d6637d5-207a\"\r\nExpires: Sat, 27 Sep 2025 07:50:09 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8314,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"5a417e82438e03901571ef64f0fb2032","sha1":"cbd157f06be1ff33a4d07979459879d3257334c8","sha256":"00e75728abd4d9f5add4c088c2de9bdf4d68c474ac190780e6424e2974e2d544","sha512":"7b62f61914b374f7d366733b7f2f49f5d2874841cc451237ab8dd784a578e2b8f6c245b1d52e9bc3515277ce25ecd882a2b83ea470ae64b975b812e0c6a9eeeb","ssdeep":"192:Mmi3MIeGG7TLF4Mx/NaBossko11JJ/WDmvAbHw:Y3McG7vFVQlsj11WmIbHw","tlshash":"b6029efff447813fe05e69e2602ba574892285865aafbe1c1e18c7a08c5e53843f6446","first_seen":"2025-08-28T07:50:39.258276Z","last_seen":"2025-08-28T07:50:39.258276Z","times_seen":1,"resource_available":false,"data":null}},"time_used":665,"timings":{"blocked":323,"dns":0,"connect":0,"send":0,"wait":341,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yzkjw78.com/webapp/js/local/ssc/index.js","fqdn":"yzkjw78.com","domain":"yzkjw78.com","tld":"com"},"ip":{"addr":"34.92.79.113","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yzkjw78.com/webapp/html/aozxy5/index.html","date":"2025-08-28T07:50:10.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.yzkjw78.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 09 Jul 2025 23:29:40 GMT","end":"Tue, 07 Oct 2025 23:29:39 GMT"},"fingerprint":{"sha1":"C8:1D:EC:6B:8B:31:40:FF:1F:17:8A:C1:78:A7:7D:52:0F:5C:25:35","sha256":"F4:A5:4F:CB:DF:CB:AA:3D:55:B4:EA:03:77:A3:CD:98:BD:AD:B2:12:27:93:AB:75:9C:D7:ED:FE:7D:79:81:79"}}},"request":{"raw":"GET /webapp/js/local/ssc/index.js HTTP/1.1\r\nHost: yzkjw78.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yzkjw78.com/webapp/html/aozxy5/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 28 Aug 2025 07:50:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Jul 2025 08:26:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"686f793a-13afa\"\r\nexpires: Thu, 28 Aug 2025 19:50:11 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80634,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1920), with CRLF line terminators","md5":"7cbf7c3e6596443aea193db26588a203","sha1":"dc9284b3d853f40b1f892dc853002b1cbf2e700a","sha256":"ae8b3e11044bfe4ada3cbe02de1e3a8b9f7476b4cb8cf6e8a29074e423d254e9","sha512":"1117fa2b6976546a1a5728c1f7172c80be412380f748f39d60fb5681629460b52d4216c597a249b39001b762b2134c2b40a8c57b960b4aa13fc8ac57b5d78786","ssdeep":"768:q6s2jKBBk2mtGZpkoVXzoeY2X/oDmJwzaORX3j/rtb4ZZs4tR0NcktIR+Z0eADjM:q9AFgDSmJAJtIM03DjCVM7kI/2","tlshash":"5973851566a5222a20b773f2582fd604f171893782148d05b96e69c40fbfca4b1f7fbe","first_seen":"2023-03-10T14:23:05Z","last_seen":"2026-04-03T18:23:48.104045Z","times_seen":245,"resource_available":true,"data":null}},"time_used":691,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":691,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"yzkjw78.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vsebolezni.com/","fqdn":"vsebolezni.com","domain":"vsebolezni.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-28T07:50:07.289Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: vsebolezni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":649,"timings":{"blocked":0,"dns":201,"connect":220,"send":0,"wait":0,"receive":0,"ssl":226},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"vsebolezni.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sslcdn.proz.com/min/f=/js/responsive/nav.js\u00261671638745","fqdn":"sslcdn.proz.com","domain":"proz.com","tld":"com"},"ip":{"addr":"172.66.43.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vsebolezni.com/","date":"2025-08-28T07:50:14.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proz.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 Aug 2025 17:44:24 GMT","end":"Sat, 08 Nov 2025 17:44:23 GMT"},"fingerprint":{"sha1":"D2:BB:CD:22:01:09:22:89:96:EA:37:55:4D:69:9D:02:D4:D0:57:D9","sha256":"03:1D:F4:20:F5:5A:E6:3B:95:B4:79:EF:1B:38:F3:54:7F:6C:E1:19:F3:8B:9A:ED:DD:69:02:84:3D:8A:AA:10"}}},"request":{"raw":"GET /min/f=/js/responsive/nav.js\u00261671638745 HTTP/1.1\r\nHost: sslcdn.proz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vsebolezni.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 07:50:14 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 21 Dec 2022 16:05:45 GMT\r\netag: W/\"pub1671638745;gz\"\r\ncache-control: max-age=315360000\r\nage: 1047870\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=BwszqZZO00IUr8XXAZ%2BaC8AnX1teMTLPeTBhrydnIcTdss65uy10hzNUHB9gf6LUJFCQ%2FxHsnwf9SxvPG%2B0gLAW4apngwgpb00QB0yacE04NZLGgqg33tRm3p8Yaa5V96w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 976237730a345687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=2187\u0026min_rtt=1091\u0026rtt_var=1247\u0026sent=56\u0026recv=25\u0026lost=0\u0026retrans=0\u0026sent_bytes=36012\u0026recv_bytes=4043\u0026delivery_rate=10975316\u0026cwnd=22800\u0026unsent_bytes=0\u0026cid=f57b90efd9fcfaa2\u0026ts=5658\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5195,"size_decoded":0,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1298)","md5":"824aa97a6b271629f827eb965dec0b7e","sha1":"1daf760e9754ad81260fe80be2d9986782f2341c","sha256":"bbbe4aa39c83ded2ea9cc1a14101f71b4cefce4f607b4efcbe389adce319d13c","sha512":"dc5b46c46fb7aa83dbbd6d08944cdb8cf045ec3263e87f6bdcb51d54d6ee58d75c9db22ef4732307e1ba490002bc3c56031ff83322118095367fcf27a60e705b","ssdeep":"96:2SHN7/bT5MS/EkQBQVGUSQBQVnyeHGd4vS16T6fd3+OAN:2SHN7/bT5MS/EkqQYUSqQZycvS1c6fda","tlshash":"9db1136ce590923900ff13ba145f2b807a722c56db05c524e4b5c12c2ef9fb197a776e","first_seen":"2025-08-28T07:50:39.260701Z","last_seen":"2025-08-28T07:50:39.260701Z","times_seen":1,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}