{"report_id":"f084d626-3862-4951-9c4f-64f32f6b685b","version":6,"status":"done","tags":[],"date":"2025-11-26T01:35:22Z","url":{"schema":"http","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"104.21.12.96","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"title":"BM39 | မြန်မာ ပထမဆုံး စလော့ဂိမ်း ပလက်ဖောင်း – PG · JILI · PP အွန်လိုင်းဂိမ်း","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"104.21.12.96","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-31T01:35:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"bm399.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"msg.salesmartly.com","ip":{"addr":"104.18.23.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-07-22","domain_rank":360322,"first_seen":"2022-11-29T17:40:54Z","last_seen":"2025-11-25T21:23:34.328951Z","alert_count":0,"request_count":3,"received_data":1884,"sent_data":2526,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"bm399.com","ip":{"addr":"172.67.186.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-23","domain_rank":0,"first_seen":"2025-11-02T10:05:02.215141Z","last_seen":"2025-11-22T16:37:21.415929Z","alert_count":1,"request_count":1,"received_data":2209,"sent_data":1038,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-11-23T22:17:41.224107Z","alert_count":0,"request_count":3,"received_data":229132,"sent_data":1352,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"client.salesmartly.com","ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-07-22","domain_rank":491526,"first_seen":"2024-06-25T09:52:15Z","last_seen":"2025-11-25T06:41:50.640955Z","alert_count":0,"request_count":2,"received_data":84985,"sent_data":933,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"plugin-code.salesmartly.com","ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-07-22","domain_rank":530835,"first_seen":"2024-12-12T08:03:04.74606Z","last_seen":"2025-11-19T09:39:23.521478Z","alert_count":0,"request_count":9,"received_data":946765,"sent_data":4013,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"images.5204495.com","ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-17","domain_rank":0,"first_seen":"2025-11-20T07:58:17.319371Z","last_seen":"2025-11-20T07:58:17.319371Z","alert_count":24,"request_count":24,"received_data":1593950,"sent_data":11866,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.bm398.com","ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-23","domain_rank":0,"first_seen":"2025-11-09T08:42:21.017913Z","last_seen":"2025-11-22T16:37:21.435445Z","alert_count":76,"request_count":77,"received_data":10239629,"sent_data":46155,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"assets-cdn.salesmartly.com","ip":{"addr":"54.240.174.25","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-07-22","domain_rank":507251,"first_seen":"2024-07-26T10:32:03Z","last_seen":"2025-11-25T21:23:34.553869Z","alert_count":0,"request_count":3,"received_data":54082,"sent_data":1765,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"srz.salesmartly.com","ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-07-22","domain_rank":378797,"first_seen":"2024-02-20T03:50:45Z","last_seen":"2025-11-25T21:23:34.309385Z","alert_count":0,"request_count":7,"received_data":4432,"sent_data":4974,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"api.salesmartly.com","ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-07-22","domain_rank":387428,"first_seen":"2022-11-29T17:40:50Z","last_seen":"2025-11-25T21:23:35.242628Z","alert_count":0,"request_count":2,"received_data":6382,"sent_data":1373,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"js.sentry-cdn.com","ip":{"addr":"151.101.130.217","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2018-05-30","domain_rank":43025,"first_seen":"2018-07-13T11:42:06Z","last_seen":"2025-11-24T07:54:41.195773Z","alert_count":0,"request_count":1,"received_data":4630,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Algolia","description":"Algolia offers a hosted web search product delivering real-time results.","website":"https://www.algolia.com","common_platform_enumeration":"","icon":"Algolia.svg","categories":["Search engines"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/40.6275b48e.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f1a7c1058a0d396cf6f7eebb04b0238","sha1":"e91bd00b495bb4982f3533bf432945509b956fc8","sha256":"834bc50df5bafffa8249eb5d293f8816ee92864676b8f40af1bc4073d50ec615","sha512":"ae7a234400f61112b0858207654ef804b8663fe894ccb0b9f259d6081851e4fc81eddc3fcd1792faf38a394590691c81e61a85ce6842396fbc9bb4a8a3fddd78","ssdeep":"1536:R5vPbF3qzXuqiIhFTX0uRU7lXR05iNksyr56Xx:R5J6aZyb0uRU7lXqoNxyrIXx","tlshash":"e38338656cafddca8453e205b5c7514830f9744b99ae8c61cff68e1c82c8e4b63a770a","size":81704,"data":"","first_seen":"2025-11-21T06:16:49.865383Z","last_seen":"2025-11-27T04:59:19.255844Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c6d4209bf0cc5eb73c728d7fe7473227","sha1":"1e1c2b694e550cdbaa5d009224dac2e598a451fa","sha256":"d9c176ae01223cbe73e2dec7882c3cca53cff20f121e41d6475e79a9969dd2b2","sha512":"2d2567bcb4547cca35149cb5a5868ca59d5c4abe119b96c1d51f25290ccb2b17f7f6b711189a317bd5ce82fa400cc42071869b72e8e68177934149acd68bfe93","ssdeep":"","tlshash":"62e07da03351120d81ae489d24bbef0471c11314640511d0397fdc4d7f2add171638fb","size":329,"data":"","first_seen":"2025-03-09T10:41:15.781447Z","last_seen":"2026-04-06T00:47:51.401907Z","times_seen":408,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"d68cc695a75bacbff410a014e2bf9e25","sha1":"e136986d098bdb515e2d4f4860716fe753317431","sha256":"196f634af86f3696d80b2effd51cabcf77bea9642f2a249a0425b1bdb4967f7e","sha512":"238efedbaf13fd8a9be86e80770686bb5656e309bdd1e4c942aa726eec739037e837b3a658ec8e414c0b49f32e64f4236c9cd048d66c42009f8f07ccf3a4e060","ssdeep":"","tlshash":"bb90000c0a30c0883e22af000202c202a082202f02a023acf823bcf2a0b888c008fea0","size":40,"data":"","first_seen":"2023-10-10T03:56:52Z","last_seen":"2026-04-06T00:47:51.403407Z","times_seen":445,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b5098a4ab30b3d6e6c4f2d3154d9e3b1","sha1":"63b37adfd293624b9dd32d868b453ef5a2f95787","sha256":"530f25a26af82eea415e838910aaf738b886c49d27d660235f3dd424df9fda9f","sha512":"8a7b733b5a24880fb71cb627e106b3cb264f6bb252838ef149b4edaebb0752642e0c53d025244ecc437b32de798d8c3cceccae13846c5af98d501ea81933a40e","ssdeep":"","tlshash":"83f059dfb1d6127147335c6a566632202637c908a81f124411af87543669c1bd3b3ba9","size":498,"data":"","first_seen":"2025-03-09T10:41:15.825134Z","last_seen":"2026-04-06T00:47:51.406906Z","times_seen":406,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"fd45928d5c8afbe89a4bc1c4868b03ec","sha1":"1a99f82f15c8d0d114f6e79143cf8e16422f17b7","sha256":"7e55fbac6eed853a1748ea1f861bce7aa3b29ac422cb04fd4ddc14014f8819cc","sha512":"5a91224e94c2390a60a6a43e2869c9ec8f3e4294b3ec8b1e40cb2a778a4d3bdd3d350bf19011c1dfdafb386234cdb715db4850d6a045650f522dff52d0dbea7e","ssdeep":"","tlshash":"c2b012c535c36191b733227540fb5ace5438989030845b445018c0662873433413799c","size":94,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-04-06T00:47:51.467154Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4a626d36b5971250cf3dafcea0a46135","sha1":"359ffdd3f08dcd0b90b2652840e6f677478e1ec9","sha256":"aa07534ecb7f3a3ad5f2f30213417481a607bb4e67831ca9a6b319b40332bd1b","sha512":"401e9b1bceab14c6e35c5648b925d7fcd23e64312dd72b47959d6c3c35bbf20e33a508781c9becc8fc48cb53b2cf6ec0f9515beeb3dfec640d9186c5b4b84628","ssdeep":"","tlshash":"2bb012d431cb6141a67222b640eb59ca5038885030850b404008c0502832420813799c","size":87,"data":"","first_seen":"2024-11-30T23:22:58.593684Z","last_seen":"2026-03-08T12:41:02.714559Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"85ae22bf6c4bf48c4906d14b0d9eed17","sha1":"559cd1838761c91803c9ba070cbde462f84a02bd","sha256":"e6c50745fa47f2783be53c9bbc2f282637bd57ef604cb767f78507e94f60202e","sha512":"d25865b8bca4903056bc44e5bb00711b9703a498b71339f5508376bb5089f0ccc5b3be4af66fcb6c9bf71f4c9d142fb32707158d931244dd170d96691c2c5cf3","ssdeep":"","tlshash":"69b012d432db7243a772337a94fb59c55039e85030849b444438d6723c33024a13b7dc","size":104,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-05T23:58:53.89257Z","times_seen":357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a2cf2871b9e73c5a511deca8af9b813f","sha1":"5171d838640e953863a0b7d90816156a13bd26dc","sha256":"bfc5128fb663b5981a03d9e855fdfe6ecb3d65e40015583dca54a2315b3a20a4","sha512":"e0caf003f70406602eb333de48cdd0b577286b4ca6af61002f3aab5913b4d3f6dc433acb6d72dea20589fb6385e9c1cf386b38d61a5f197768a0c1362cc954b7","ssdeep":"","tlshash":"72b012c535c36555a7b223b540eb69c59038cc5030850b44800cc0502832030423759c","size":89,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-05T13:13:39.040884Z","times_seen":261,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/chunk-common.fea271ec.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"53faec0d982006d05b2d858d97d583f4","sha1":"35830cc8f10269af69a8054f76d7dd1452141e91","sha256":"68fd8f46e926736fbfbe36d10906f0c55ab81d86dd5f770c5b2147ad5f761c48","sha512":"7352673fa0958eadd66f8096c9823fa160460c01adc7a2cbe8025835fe2edf6982c560c0cdf9059414af92d005f592de0271b8abee308b5fc49cbcf6c3da9bee","ssdeep":"192:o4abJTJY2f2tuXUVzf8cjyjRYiYj0zcM/XCBIiuY64cL0ORZEvfSzG1my0tqv5HQ:o4A4iXUDDjGcGsOL+lRv5HWocVhym","tlshash":"cba20cccb0d7f1550a523078c0bf208ae63e6c94784e9252da66d4ea7c3455eb277f8e","size":22811,"data":"","first_seen":"2025-11-10T12:55:36.348477Z","last_seen":"2025-12-03T21:30:25.071509Z","times_seen":282,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"53fc3bd63b4573e93ae5fa6b1baa27a6","sha1":"3c01294625933043f39221f65f1bc1b6aeac8879","sha256":"cd9f5486f6742f6f066963141774f54d5daee4bcaf401c56e15e937e87a13818","sha512":"443cde2f930ca2e70601611ec4ce0d8861385529808ca253eb6fbc0ccb35e6ba04ab9cc40c7511d63271c71ed4971f3e3a08033c7ae0e8ffc72ed59a0fed001d","ssdeep":"","tlshash":"b3b012c431c76141e772227940ef5ac961388860708507445009d05128b207241375dc","size":93,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.425776Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"67fd01bc7c34c31f54091a8e5e3da94e","sha1":"963c0010b72ba0ac1e63b49531b671e64ee4105c","sha256":"dbab5961a1183e806aa5d551c63d29a45c7cb0844d9d1332bffdad512ca51970","sha512":"0dedba5c406d8f79cc1c07734c68484be7678d097d0fd315fe69dfa9d2030fcfcdc1ea0ffd35f2f01162f92f220f26243e819bd4552245f6832d422f2bed515a","ssdeep":"","tlshash":"51b012c532c3b189aa3332b588eb79c5903c8c50348557448078d26428764314177bdc","size":97,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.447406Z","times_seen":468,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8bc9b61d3c86d9e0f96992fd8d48b702","sha1":"8a9ce3b5297399bf4cf8d0ff4a60ef94aece5cf8","sha256":"801c2e72f817921ed8b19e28a5426df7d347c5ec4781e277746dca7db246bcea","sha512":"c72cd50fdc315c3fbbe4085609a0bc1630f34305487c995bad28202af0528dd26aa71a4c531f386270a8f84c81ab55fe03f867215933363505a18d8366f89e15","ssdeep":"","tlshash":"64b012dd31c762c2ab3632b544eb9dc5603bdcb130864784a11cd8712c73434417759c","size":103,"data":"","first_seen":"2025-06-28T14:50:14.668613Z","last_seen":"2026-04-06T00:47:51.39227Z","times_seen":375,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"92aca0405702dceb05abb3c1b9a1ddda","sha1":"ae79b1bb6cb782eac87e8fa26cecf08028e493c6","sha256":"d3d9fe708eaec41e6e71bf93538fd89006411a07b28a863fc4f1241eaec5029b","sha512":"2628b714936908ea4509f9055e723d03152bf69ea04dc297a47ceb85c6c2bb60945f25e35ef7770d490c73e34dcc6fc18b1e0e73324a077bd9b0763bb36b07a2","ssdeep":"","tlshash":"c0b012d531c76199ea3222754ceb69c55438ac5030854b404018c4602833420813759d","size":89,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.447929Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"660d84afef0c4224b98ce135e2e1be70","sha1":"be36dd973765ee9cf05df0d275e392df28ccc251","sha256":"183742379235e86ac093b5865a6a92917933a65767ad59922792ebd5286f4849","sha512":"7baf0df50a7de6c8e5b190e2469a49f94c0773605674529af63cc38e7d40a00b2cdef698193cd2183de7709e3b7c0ab8b4a0e197e354b4e389351288d6d792fa","ssdeep":"","tlshash":"e9b012d531c36189bb33237580ef69cd5038ac5030856b40401cc4a13833024813b6bc","size":93,"data":"","first_seen":"2024-11-30T23:22:58.041548Z","last_seen":"2026-04-06T00:47:51.402918Z","times_seen":429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b246eb0d3a5776e63aadcfd75a68dee2","sha1":"e040f87f7ca280fb81306403a24f47de4ff9dd42","sha256":"4e000ac62c0b33024a5864478d3338b1db3bc4799ca49093e5ebb84ec711c62d","sha512":"decf5ca7868ee17add9c1eb1a3be8f7dd4775eac30b7e58a1ab8bf0cd74ff236edcc52dc81d942f51efd459df04c44fa2a08957c1c1e05005f760ecfcbeb04aa","ssdeep":"","tlshash":"72b012d531c36245e732337544ef6fc5543c985030843b408028c0a02c33034613b9fd","size":97,"data":"","first_seen":"2025-02-23T00:29:24.617044Z","last_seen":"2026-04-06T00:47:51.450189Z","times_seen":399,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/A2HSModal.6c15f811.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e13716d9f3277890ef5ddb2a83563e6","sha1":"ec0b4dd810ee20edd1768bcb26780f9555baad94","sha256":"8921161fbd3b3c842cfdc418427a37ecae66ecb57a2788d005f21df8b4b0b9ca","sha512":"a210f66cd8e58bf403e6eb7bb0b6f363c6e70497ffd151d5abb11f5823d85611728af984909d909149267795c7d6ea79108d05610d268f189c3b4916b98ef7a6","ssdeep":"768:kT4K5yqQasRshjZq+7OIMd2OP6iyHjgG1N+Raf978Zc:jpyPSO","tlshash":"beb2b69ba757e0c820f2d2bae07f0a72e1757b4a2108e455787f88c4a2597cf711b937","size":25353,"data":"","first_seen":"2025-11-09T08:42:38.468419Z","last_seen":"2026-01-13T10:36:26.436296Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/nosleep/0.12.0/NoSleep.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"19c1506fe0859fd64781bc6ac192eb18","sha1":"4157a57cb65607c161f3be1d0a0da86810e14880","sha256":"887b763e53ecaeba7bdddcacb29f7ffaf9da8a3576c2cca7ea4a1ecd14ff731c","sha512":"0d2cef61fc495918b713abdf70641f2f90aa3a5029c58aeb76a44fde14429e8899d2833af9c7188dbb5dcd0154ac0388fde84a93454a16e2ace46b1e18f9158d","ssdeep":"192:e06JaOxe+f1/HFOjoKXWbBVIXk5Vq4+tHFpaxx/26:e06Jf5KXXXk5v+tlparl","tlshash":"3c72e8b72222bce65f674c84c42730066d247c6b532c8064bf085afaaef9528d967c74","size":16732,"data":"","first_seen":"2023-03-07T12:03:05Z","last_seen":"2026-04-06T00:47:51.351196Z","times_seen":3653,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/js/project_468062_482129_1758700975.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6a0d7c405f6e84013670ba3b331e589","sha1":"4e0c0c0db907d5c6aa0d13a3c0194dcfb28a1b2a","sha256":"7d09009d162866bbcac244517f1ba42db0306ad20fb50dbbedbd7f5ebf7e2047","sha512":"9abfbb2124607f01ab9cb51a84683a6adf72bc93a0cccd566752293837c99262c376d9031a314ce3c548491f729f84f9022b983c1a0796e6fc21921efaa821b0","ssdeep":"","tlshash":"0821eb471c63a4797bd5727b8b3f88ad3998a2437004cc10bc4dd46c1f909e20e9eee4","size":1184,"data":"","first_seen":"2025-11-09T08:42:38.51337Z","last_seen":"2026-03-08T20:41:40.169393Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"914f4f75aeba6daf95a74a7a9e1727de","sha1":"5abe02eafe5a20b85b3224ffd0e357ea97834bfc","sha256":"9f083efcdb70e56bf80170b621d28a8d346615a0aab5b8cf6e91e47a696d0553","sha512":"ea5a4d5a5bd4f61eec3859eb6079780ab7afc1f10dc35735e989ba49e5f3fbd146a5f1e09c26af965cd7e1087a227108a7b1d9496d3a153ea25e73e27ced4eb1","ssdeep":"","tlshash":"f2b012c531c77142a633337544fbd9c95038ac5030c407445028d5613833025513b7dc","size":97,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-05T23:58:53.894566Z","times_seen":321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a0a99feb7aa69524bcfbd31550e222db","sha1":"c953126006a10939b0384792f500354ca4152912","sha256":"1d104901f7ad532b9d0c193c478045ac7582b9dcb577449cc5111588337217cb","sha512":"d172535f42ec564942d9efa81483eb15169102525ce0d5ae0a324b0b7a4515ae02ce58da3018d91f5e65b635f1a6d49b8144fdb19d735e6ef437996eb9b3070d","ssdeep":"","tlshash":"0fb012d531c3a14aa6323375a0eb6ec954389c60348407404028c070297343443775dc","size":98,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.40098Z","times_seen":367,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/loadMemberCenter.js?v=1764120898667","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"abb7f8d1fad8b2ee971cfcd19d04f251","sha1":"bc98a2b6c20c55e2be3b87b7f84079d0da3a7711","sha256":"87577322abf50a9a2d6aee6a618e70c3d2e2cd3cd0cd917fac3300ea41961387","sha512":"c7f485ae543d5953bfd2047c300aad242f087133fb6d99e8b4145f9c089a10432c455f69e63190808852e1071e7dfd15c2798b3f9068acadbf5dbe1bae7544d0","ssdeep":"96:EYpbXKdqqIIQZF+swZqg+InBV7C65Ff9n62:R6dqqAwZQEC6bg2","tlshash":"5791c5ca3565b8b253e964bce03fa665f2b126111418c4509106dcc67c78fce832bfae","size":4552,"data":"","first_seen":"2025-11-25T06:42:06.076519Z","last_seen":"2025-11-27T04:59:19.254631Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7e8f70355d9c80efffb928488b1109b8","sha1":"a316361631b11e5fb1d0739bbf5b68050f1c1642","sha256":"638e29fcd06dd854f0b9818c4a5a98b15c9da29080079fb0f70410294f45b944","sha512":"09d25df4ce4b1d538676954f33998133711e371e15ebee5c9d85cc81820fb368b0992c9efc7dda36db07a2c8764586f106f2b226b8a98655b7536fd31ff81343","ssdeep":"","tlshash":"e3b012c432c36352f6f2377e54fb59cb5038d8d0348517404428c0b1293742081375dc","size":97,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.413308Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/lotto/lott-common/bettingCompress.22844977.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0e9473155c92891f4386dd0d8069e9f4","sha1":"9267afe6b0d97cf53172044ae9a42265d9a3d363","sha256":"a0e031682a12d70795625a3dc3b2ef78cb8e1df947e2624b6af6e4c29f51ee1c","sha512":"fca9d9ce963c1d918968709e1d4cde135d229c86f061ebf6424e7795b0f82a387090afec4e53a14f6b08b4b818bccaade875977c4b9240694221c067b5ed9624","ssdeep":"","tlshash":"e611ab5930c1699a12a2f568c90fb31e54664e2012cae018ca1ed88cbe755fa85a2da8","size":863,"data":"","first_seen":"2025-02-23T00:29:24.577675Z","last_seen":"2026-04-06T08:29:59.429486Z","times_seen":2017,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/PopupV2.2d814872.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7ee455ff681eece7f02bab680345daa","sha1":"1d99a316d2e82ceadb326fc78ba044a03f27a5cf","sha256":"90c73f940321d01ccebeda2dec514400e3ea5d897e61c8e9a213669f34885b2b","sha512":"278996697067d5dce6e09b505bab8bdeb83fc1644f99541006a04524f68118fe2f3c94869299b91de9b57a4dace967667eb7e1235c929f8578c070d93b3287d5","ssdeep":"384:QJYImWwcCMe5JvWBwUITy0zHbFATa6zHbFRdL2Yne6L7E5Jha7n/dHb/YLQROh3t:QJLfCMewcT/zHbFATa6zHbFXL+6Yha7A","tlshash":"ffa2c9647180a06d45ea0067803f4a06f1a43d5ce5557d5873f9ccd8aeeabad222ff3a","size":22316,"data":"","first_seen":"2025-11-09T08:42:38.489242Z","last_seen":"2026-01-13T10:36:26.53403Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0656082126ea6562eef547bc4c0b2134","sha1":"2e9924237ba6297f16ee0857d6c59f62678e2a97","sha256":"221590e751f6bf74140fbf8d2832c425093f2cf75ef96ca20c51325ddfb600a5","sha512":"625af0a7416393e1c859f3fc8c40413d1e207fb879cc504e3dbee65514e05cbdf70ff1e7826827597028622ee67b198b8c93d269a35a4743d839be9aecce1416","ssdeep":"","tlshash":"26b0928826c3a182a672237940eb69896039985030856a44c008d1a128b2020812a5ad","size":101,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-04T14:38:34.274261Z","times_seen":178,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e2602816e3c4a897fce047e8b7e95197","sha1":"736aecb8e2d7e423838a2c76bf758651996f0f5c","sha256":"7a761a94335b3d622ce6b397b00b072e285be25d661a224b122eb14b2e6b7adf","sha512":"5aed926c03ea4b8c24c3fd55f8083be33b9a4a89bdacc6c0f57b360a74b0903ba9845fbc71482eb9c0e5dfec1062a09987c203f00495617f7a3dcc7ce06bb683","ssdeep":"","tlshash":"71b012c431c76252e672227590ef59c76238c85030851b404008c052287202081379dc","size":93,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.41267Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4c4b26b47c2bc529989ef6886d272d61","sha1":"74706e8028f1827be73a1035d5ec1ddd66d8de3d","sha256":"bcda427c9427645ce66ab0128fe927a29951314099ce4385669ffc8e4e3d938a","sha512":"8f46e7320eda6f2bd774337dd84e70006508cdd34ff98c8169c19493a5d5884859c183cf45554514486bd7b308bc3b5d2577441c5cc90c81ff560599265cfd0b","ssdeep":"","tlshash":"f7b012c571c7a382a73222b9c4ef59c95078985030854b504008c5e03833020423b6ac","size":97,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-04-06T00:47:51.457344Z","times_seen":454,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4a4eec8d29e85f78517a006cf9815990","sha1":"a355c0e8d28daae12187c0a465b3fc69555ce3f1","sha256":"2eab32e3773d602b573b79abd30cc43a9e9710038f171c3812fd61d1e2b8d1d7","sha512":"b09c57bebb5a27688fa1f351bf92ad54e9e05400753b7ad40795176e76367dfd6a9a5f83d78205678e4b5f3e0b75ec0b479bed07503afdf757aa7e02cd45477d","ssdeep":"","tlshash":"d4b012d672c3e2c2f63377ba70eb5dc9603cb86034854b40d05cd16129b742165775ac","size":107,"data":"","first_seen":"2025-08-15T03:39:41.645063Z","last_seen":"2026-04-06T00:47:51.446891Z","times_seen":325,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"96865de8563047523266a5bcac6c0f26","sha1":"938c0eaf32a918705264de56b85de1fc0529fbe0","sha256":"777a2142892568d77217ec8572406929d9f699f437c43dd99b1e83aebb9f0f93","sha512":"9347f9bd9fa4ad0ad80ab01c223199a87e575e3d0bf8c378ce5f3d9e8798bf305d288ff76d19684de2649129ad041c4151195b0bb59159c70dc57cf833f21989","ssdeep":"","tlshash":"3db012d831c76141e73222bd40ef5ac96138c85070840b445008c06138b243141375dc","size":90,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.438514Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d273e8788eea73f643943b24cf0a3e1a","sha1":"d6219524af74dec221ad5dd252bfc2317686abb5","sha256":"52633bee1d1204424a0c1f153d050514a6dfcece5f57316a83d584d179d87313","sha512":"cfc0fb5235a84ad7f578e9d8dd9606bd85e284ea0dc89fcb9dbe9435171021a33383d2531e36bae9552761603b2da7ec68f09ef9ed97de9f43077bdfcd8f40c4","ssdeep":"","tlshash":"31b012c531c36281ea32227540eb6bc55838985030855f409018c0a12c3303461379fd","size":94,"data":"","first_seen":"2025-02-23T00:29:24.533188Z","last_seen":"2026-04-06T00:47:51.391625Z","times_seen":411,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"35c976acdfbd2475a789b9ff8d00090c","sha1":"e9ca1bae7b09f37951bb96266ab2b50b939e6a4a","sha256":"8a24fb6f3474437dc9a630f9620d79b2c32cc8b25387ea65809c0dd2e44d1018","sha512":"9fc99c8e4a5a1ae304ee8bda6efe8747031d9c34303de58d026f523bd7a15366b6171d301adf171f26ec7a01aee74bf16f556fd8700529728cdb7230912007e0","ssdeep":"","tlshash":"e751b59d36baf6e7633511f9102fa268e03c35112d2ccc9193d9e0765828da05326ab7","size":2622,"data":"","first_seen":"2025-11-26T01:35:43.599825Z","last_seen":"2025-11-26T09:58:32.227309Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e2cb59efca6445c44e9e0574201278b7","sha1":"7fa6c1e4d16c5a0a22d8823ddcb0ea6250c7200a","sha256":"457b9867801737e4e9ac68a1f11201461b7eded9a8be422122479e17e6c74dbe","sha512":"884f0310287832a02153809a6e5c4b0357abb5777cadf09fa92ca6a706af4ad06959dbd8641ba33e64fca1ba98fe404c4cae133ca36898185e279e5f51167a19","ssdeep":"","tlshash":"f4b012c532c3b1c9a63332b588eb79c5903c9c5034845b444028c274283743141777dc","size":95,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.427548Z","times_seen":468,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a6930447a63346835ac2e97d66e12315","sha1":"68af0c376f1fa6dcd903365a99c37066bf2cce1f","sha256":"025e4ed70e413ff1cc690cdd088c78086f62094a884a796a609a49eb3c08fb62","sha512":"2f8ea84e011762ced6b09e6b8046e08cbc084bf74eeaccd413ab4d2ccfd1b2b776db8ce855e5906f8fdeb050de8e1090333b3e72593a2e30a1d71a5e508b261a","ssdeep":"","tlshash":"e1a012c831cf6152a632227540eb59c6503c885030c48b448018c0503c33020813799c","size":85,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.401458Z","times_seen":337,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e6562d2f87984738eef2b84567b13459","sha1":"3e3bef928f835f8c60c2dad1fae03dfdc9c6b749","sha256":"8389a93ae1f708c57032367771dcdd03911cce79db2e58e0e0d0df81513c6fd0","sha512":"921229a4ec5952599b64fe792ff48998e29dba77ae8ca8cb8b59fd5aa0b24ac1e063ca37b5ed2b3a7da4a22a56c38935dee3390ae553faf6e822cd4c3ea349f6","ssdeep":"","tlshash":"a3b012c632c36341a6b2337940eb59d550389890308557404018c071293342041775dc","size":91,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.407402Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/54.571635d9.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a617ccdf353043814047182c141ce08b","sha1":"948007e5f8bdee62d8db1d801c737b0ba7350149","sha256":"51a01fc93885fd56d392c84424c0afe8168c6462de1dc9862a9d905df9dd9eeb","sha512":"9ca52d73648adf3e7d6d06a88943682f610836c43894de19ecd6d18a482fb832442f45c65f49a98124b6e2a066f9f0e24ea1225bb42502908d0b06dfdca71c73","ssdeep":"96:lIRZqIXFUt6FPMCeYKFIK5iEdPdlRssfxvtlGrnKSzc4Wfqn7xH:uRZlXit61MCDKWK5NXxODDIcntH","tlshash":"66b164cdb6d7b1295373a5b9803f6047e63b3c11740d4851e626dad278791498333efa","size":5202,"data":"","first_seen":"2025-11-02T10:05:17.029237Z","last_seen":"2026-01-06T05:38:19.634808Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"13ab992efcd93b824adeefa9c943c42d","sha1":"8eb56b5037820d6aba25ce85c13b2423d80bc5d9","sha256":"5971e5f74186cf746664c8afefcafb2c54eaae5aa9cb485ccf5390c7423df274","sha512":"758ed063fdd05a1a9376a418d4ea90e5acd3650f0065159028d58dd9f3a5d75eb09af26445be24ae72f8ff281afb9d1aa2a1e4e432d40b4e41e7c7548a2fc9ca","ssdeep":"","tlshash":"2bb012d931c36151f73322bd40ff5ace5438c85070840b445008c06238b2833413799c","size":94,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.439016Z","times_seen":470,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bce8a31e54d9ffe95cc2d54a5b2983f2","sha1":"904cffb70db1ae839bfe7dac0850665d7a5b9b16","sha256":"8ab15c751995a1ac2f5b61bf175b2e294fd436bba482626ff510d2d638abb616","sha512":"c301df0160d4b22ba769c984ca68c11f549ae533817ad678d0ef0fc111e8e65f9b40227cbdabb0a51f937359700546cd1a64f05d5fb7676f3943ed701cb87e18","ssdeep":"","tlshash":"45b012c435c77181aa32337950eb59c59038985030840b444018c460283342081375dc","size":90,"data":"","first_seen":"2024-11-30T23:22:58.012035Z","last_seen":"2026-02-15T13:16:14.131479Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1e1ec180d8b0cda607683e428e497ea5","sha1":"00858fed65fd2087354761501a10739d712a167e","sha256":"eef06d2dbbdfc57f490befd45a99b21e811ed9f2d4e18c81d76fa2912299bace","sha512":"f840d8286de0250333176b13d1028ab2638f56ee58165e62a8c30515281b70ecc734207116598be3d8cf370a6080f7f6be84c6cd5eda73ed612370007dc657df","ssdeep":"","tlshash":"5ab012c433c76182a632227544eb7ac550388c5030840f409008c1602836020827759c","size":90,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.406426Z","times_seen":469,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7e9e3f22f9630d03b078b140f09523ec","sha1":"82480dfab6c890f4625385f7df11fa02ccbe7180","sha256":"b08b3bfdc5c5ee7e579b5636c7380132c46ef75488cab38eea0e460934d27e4a","sha512":"3805e5fcace93de6baebc97b11d40ba25818a3c76e1be856f87f771133596cff8c7f28caee3ca7f8c010d4c836be87821bc4fc09af87947fa9a9ddc0189a7f55","ssdeep":"","tlshash":"77b012ca31c3a187aa32227944ff5ac55038dc5130844b405018c0602c36430413759e","size":95,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.446341Z","times_seen":468,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"580ebf5fa8d0f5179a1e681e5f6312b3","sha1":"ffa715a0e0bb955b60280e795ca71312ff57bbce","sha256":"dc15e314926a70e99f96e5a1545ca38c35f12c70b21cce0a7e0445f32c1e4aa1","sha512":"15dc34fdf7801448cbd36eec7bd64f43e309a517a59df6ee662b3c188ba921d167a4eac53f61b1188613c8ee9bb4bc338f7ce6dc7112c237b21b0943a7dc7d86","ssdeep":"","tlshash":"c090029a31ca6205d77326a4409f18c8d17485a52d855d409054d9921d6507c5316c5c","size":57,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.420113Z","times_seen":463,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bb3c65c1634243d67ede4f4756d35fd5","sha1":"145a4e988de07d894f00d59af77b1add7b2d73e1","sha256":"6415aaa6d7d12afebebc37d38003fb5d4ecf17a7a280d4b290efbbae5cc842bb","sha512":"ce3cee53de8fcac1fdb6e43bfc7028720e175d09cf446cfb01544a9f48edea60dba715e03e983121ae4930aebe3501d92d92460f6d9d272769a5ab3603c8f0cd","ssdeep":"","tlshash":"19b012c53dc761c5a673337964ebadc66038bc50348d37409018d1646a77028813b5dc","size":101,"data":"","first_seen":"2024-07-26T23:36:06Z","last_seen":"2026-04-06T00:47:51.408407Z","times_seen":436,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"198481304dba1a275e0d8754091809df","sha1":"56e16d551a6513697354a6d9f095525f34b7d4df","sha256":"21edb1105f8cb6fa445444d4a08ca8105a2879e5fd579afa82dd5d638239e27e","sha512":"4da859bf03e38f197c64e7835d09e9137c0931b13913b8e4ca80b2d461ac1a36884afed86515c31a852c362e4ed814c6f4d2911af1b1afd764106b547f87b6ac","ssdeep":"","tlshash":"45b012d431c36295e673227540eb69c9903898d034884b485008c0612977420413ba9c","size":92,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.417861Z","times_seen":362,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9201feae69bfc60c2961264e70c58b70","sha1":"9959a05e077e313ec81e520786d1705e94a8ddcc","sha256":"f04f6bbeb5d0515e726e55528470cf511b346de4cdbe412f37aaee7df10a9291","sha512":"36bfffcfa47f9c15a93e94ec760ebc3c645fa8c972e9f6ec7c939c5bd1523e85ed6dcbcf1946c9b965ccf4f71e13055ac744940f0408c0c3fcd801074bc2456a","ssdeep":"","tlshash":"7cb012c535c36185a73222b540eb6ac950389c9030845b445038c0652c73032413799c","size":91,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.405378Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"76b18dfd1236bde2d58e0b98e39eca16","sha1":"13f16a6f68ac4da5ce1b84241645345925dc99db","sha256":"7174dce49484f62bef45301056dcf11eeee045345ab54a3cfff878bd24bcd7c6","sha512":"2a5485eeef15731b6c8796598e6eb9405412c1f95df32aa56c972758ad0d3c605b6b208c5199d5865f90cb35df4b9072193b75342764c4a7d7c0dba3c8b9b3b6","ssdeep":"","tlshash":"49b012e471d772e7aa7222b540ef7dc5603cc8d0348a0b44800cc07028b3030813799c","size":97,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-03-20T10:05:47.291914Z","times_seen":97,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com//TCG_PROD_IMAGES/B2C/libs/gt/boc.js?v=1","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"845e2236627b939e57fb462ea29ec554","sha1":"9e3bf49321d552ec26777a8c6d9bf71530f47bef","sha256":"cf2e948263c1ca01e8f6e163439d99a176345e0a41bc93104608f675b2f4145c","sha512":"b3f6919c720eae8d2aa4f12a9657d936c5c52206ca2bcec44920c2d76be5fce6be8e2c5bf1dab20aef890fc11a149321c7199a0e44296f51e7d77878d6dbda39","ssdeep":"384:OcB6Y6+HiaWSXauU058DIml6yDwFJQqVqB:OcB6Y6+H9HII22ze","tlshash":"1852114d68f7609385a3b428ca9fa114b9788a57002ccd85bd4ce3589f9447c9bbbfdc","size":13353,"data":"","first_seen":"2023-06-14T14:59:52Z","last_seen":"2026-04-06T08:03:54.981789Z","times_seen":353,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/lotto/lott-common/lottTranslator.c6284a7d.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0366e65e37d971fddb185526e5cbd1d0","sha1":"0ab8abced80bedda7e35568ef258fd283156e4b2","sha256":"9d85cd8f38af3d44aea1c6eeda28cfadacd0dd2c1bf50f5662b4095412d29b1f","sha512":"f053f83b4b47dd43b69c4ad2d590a6c62c6ca960782713335c22e015a890de91eed8963601ee8789c8c6f30d28ddde46a2b15e85c2144cf4b268ac1f0e8db7b9","ssdeep":"12288:6uDcCDPGZbPZkSGV7dJ8TbGGZmIYmp2sP6JSzrpmfi40prt/2ZrH:FRPGZU7Y/Y5sP6JKrsiFB/krH","tlshash":"34453bbe93a62aec0d5db75b5e9b30a1153d0508acf427c2cdac1e1877ccd1da072a67","size":1214038,"data":"","first_seen":"2025-10-17T01:15:15.771145Z","last_seen":"2025-12-22T07:27:15.814475Z","times_seen":475,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"08aa140a3d5469bbf78dc1d2a683ed15","sha1":"79563f77daf8d6ff1c4b797752b6fb511aeb1e7c","sha256":"f5d420609cd420cdf722fb3ec245f288bfab9b9cce12e1d9eaf2adc21ce98d4f","sha512":"06cd08265e10cc4bafd546950307a3000726c22507e59acc111e1e5da7f83e090ee187dbecd5a086405b80c67de066ee9c5492917e58dd12a5debca8225aa2b5","ssdeep":"","tlshash":"1cb092892aca61d1a632227584ebd98a503da85434848f844109c4602867421512b9a9","size":104,"data":"","first_seen":"2024-11-30T23:22:58.632003Z","last_seen":"2026-04-06T00:47:51.404875Z","times_seen":432,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/MiniGame.86b930a0.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"21847d578f29c32a1f1793f6772be2e7","sha1":"bb0f4e2b7382fd40e890aca35e3d42eea48a56fc","sha256":"70567b84217546eba0c9bb1b13d45f12b5873bcb88acd6666cab52ebf0f37bb8","sha512":"c0c3d819f6ac2d2965412a37ebcf00b79e15a581ca8887582929e4e4b757548aaea53d966d57a25b23535ca054f4f002a852e530aca8a12f9b7a833f69de0b72","ssdeep":"384:uZZChsIOKawabFwoCi9rEEnEezE2g3kXteFhAVPVIK0lUc5rWRXZAQQPqM:ufCOpjwLoCW4TgZKK0NSRXZARF","tlshash":"28d2e7847092f0b942d650e4406f6206f1799d2ee15af094f376dce0aeb859f816bf3e","size":30971,"data":"","first_seen":"2025-06-20T20:04:45.604629Z","last_seen":"2026-01-13T10:36:26.567063Z","times_seen":117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"28ea4e0e52253dd48a697f48753d7ccb","sha1":"fbae38abcde4a01b855cbf4413c27ad75a2b14f0","sha256":"6b7d55ac832e239a2ca869eeb1d28cba4d1c112ea0c6b0f6f924f7e1303b0075","sha512":"c72acd404a53ed9e4ed63a3d898a3295f827a99fc9a5d128be58d1584845cf975b124b2ae5850a2d20848e4751599ff8e403188af71a4a4d38c277a4823ae6db","ssdeep":"","tlshash":"b8b012c633c37283e633327544fb5ac55038e85030858b444408c0b02837020417b6ec","size":94,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.437239Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/lotto/lott-common/lott-js.js?t=1764120900028","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"67894759f2a29858696ded34d7a5ad27","sha1":"9c0f3cce7ca31ce67b82681436d8895773874043","sha256":"40dee8e22e3e97e34e2e5cd2168db23870158cc6bc0063d08addda505878ceb5","sha512":"6cbd484269126295fea2946bb5f110ca0f62de0bbdda8992557ac5fc5678ae179bc812d617e0302a06ba37aabeccd01886104ad300010d9841de1711781e84ef","ssdeep":"","tlshash":"2ff0f6282ea0f936805f2c57777ee24872a2151a9011e00468cfec1c6577fdf8eb5a94","size":574,"data":"","first_seen":"2025-10-17T01:15:15.112362Z","last_seen":"2025-12-22T07:27:15.784351Z","times_seen":497,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bm399.com/d/.js?oref=\u0026ourl=https%3A%2F%2Fwww.bm398.com%2Fm%2Fhome%3FaffiliateCode%3Dproads01%26cid%3Dw4thi1a12f2p11ee348m4ri4\u0026opt=BM39%20%7C%20%E1%80%99%E1%80%BC%E1%80%94%E1%80%BA%E1%80%99%E1%80%AC%20%E1%80%95%E1%80%91%E1%80%99%E1%80%86%E1%80%AF%E1%80%B6%E1%80%B8%20%E1%80%85%E1%80%9C%E1%80%B1%E1%80%AC%E1%80%B7%E1%80%82%E1%80%AD%E1%80%99%E1%80%BA%E1%80%B8%20%E1%80%95%E1%80%9C%E1%80%80%E1%80%BA%E1%80%96%E1%80%B1%E1%80%AC%E1%80%84%E1%80%BA%E1%80%B8%20%E2%80%93%20PG%20%C2%B7%20JILI%20%C2%B7%20PP%20%E1%80%A1%E1%80%BD%E1%80%94%E1%80%BA%E1%80%9C%E1%80%AD%E1%80%AF%E1%80%84%E1%80%BA%E1%80%B8%E1%80%82%E1%80%AD%E1%80%99%E1%80%BA%E1%80%B8\u0026vtm=1764120900226","fqdn":"bm399.com","domain":"bm399.com","tld":"com"},"ip":{"addr":"172.67.186.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"340397059972033bb46b643aafd08154","sha1":"d22680b4d46624742b876598e786fc08590b9088","sha256":"9b75b8e0ba280324615fef0142a2613587299f90811b9191378aa576b2ca4f6c","sha512":"34f892d62dd72a97016393416bae0f2ba6d344016f9f74eb22c99db66806f7033dbec28385e2af7680d0375c577fdaeb9441cbf699a73a42dd15380c7693dc87","ssdeep":"","tlshash":"e721755d31a5741e8022a175187f012d737a1592334a8a9d959cc2843e298bf03e7fdc","size":1299,"data":"","first_seen":"2025-11-26T01:35:43.504957Z","last_seen":"2025-11-26T01:35:43.504957Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2c1c52804c8d3ffa24c0b9cb16973289","sha1":"be318275b457c95a84b9dba942e497fc9859a737","sha256":"6405f6fe0df823a65dd42914cc89758434982f57de3b83a969d5e9052518905f","sha512":"9b36a4df10dc7af6c8f7d4085359d86f2b3d7e86d349fc8aacfd8a8ef8548264c909f597eb780cd3da53995011a8e86443808e4243a8f09ba948d24d8720d6ac","ssdeep":"","tlshash":"ecb012e431c37142aa7333fa40eb5ac95038f85030844744801cc060283702841375dc","size":93,"data":"","first_seen":"2024-11-30T23:22:58.745887Z","last_seen":"2026-03-07T15:41:19.649295Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/install.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"83af7244bf70f99004209493a33faa7a","sha1":"c44c481438beeed3454788e62e8482ec7a91aef5","sha256":"74f037cedc02034f64c41a541baa3b52ca0bf202a23834cd08b477dc5b9d17b3","sha512":"87dbfd42110a2beec70a63579576d83e686178d2de078e2e70c59aa9e7dfcf26b4e8b909a2e77cb9fee14da0d11f49b8aba453f787f418084b283229c4438d1f","ssdeep":"384:BbyOPN5pAeLaCobr0yB0YjyyPDyL1hmGadeBPq0wQU:VyOPfFyGxTLGdeBPkl","tlshash":"9492194834693c78429e5b3315fea214307f1b856931c0a0f26ddbb96b78d8a5177ebc","size":20541,"data":"","first_seen":"2025-11-10T12:55:36.427742Z","last_seen":"2025-12-03T21:30:25.018368Z","times_seen":284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"client.salesmartly.com/js/marked/v14.1.2/marked.min.js","fqdn":"client.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4726c8d370952011c5137ee8e13eb6bb","sha1":"96c7a41fdc5d4530bb46f1a629f86ecaf068de82","sha256":"eeaba2c06a990d4602b4142cce579f4cce16fba404e6cc82c5c2f7ccb1e7bd1f","sha512":"6d7c814f6fec623660d43ef29034ba789484e0314354f247bdb4407dd7d82abe88bacac2cfbc009929b7eafcfd1bcccca1bdb946faaef74bdfb77248ef5ca071","ssdeep":"768:aH13NvoICzvRDEeJX2QLGbdpB+xJhuLPbBc5jI0sJMF2/bOCbnEytnbBOmVzFoso:aHOXo5ECPbBc5MB2A/blnEMRoaM","tlshash":"67f2094832ae3a6987d439e66cf81060e27f8e68344c545cf664f5f37c2690a61ebf70","size":36489,"data":"","first_seen":"2024-09-13T03:55:13Z","last_seen":"2026-04-06T07:34:33.702233Z","times_seen":1727,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8be6231f806c431c6d7b18daed1dc9da","sha1":"aeeaefae930b8125f8d75c1b96852b8886583acd","sha256":"3654045da4721a2470ae187f665ed7db0743d16cfebc74e6ccac0aeed3dc2d86","sha512":"4dd2c18608dfdffda7f6abd6540f1eaabf392bd7fc72bbea414bf8bf85e0a074471a7055745f8848a2d60284365c85afadca95a1d99a753016e30eb68b8ee0ef","ssdeep":"","tlshash":"1ac08c60674f6990bcdd160a7c6ab5103ebdc20d85b5c142b3bcdac403bdd97b06e46b","size":183,"data":"","first_seen":"2025-06-20T02:18:28.018925Z","last_seen":"2026-04-06T00:47:51.42088Z","times_seen":418,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9a60762bd1fadbdaafe254e3eb0a2474","sha1":"5103f00bbfb387dc8e9e2ce995562648ab047e3b","sha256":"05e05db6329ce4ae3f20af0b667c9bbd8bab2ab92f1249206816884fd1adc23b","sha512":"b58001fd832ec0477148bb815741c835eb5243a0977d3470667fa101c94003ead249ad8676380d0a27db9489c68d7e6fb493829fe83d8bb9b9f8685aeccbca93","ssdeep":"","tlshash":"bcb012d433c372c3e673327544ff6bc55038e8503084cb444008d4a12837025413b5ec","size":95,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.396662Z","times_seen":464,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/vendor1_b8775aab.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4dd10bf9e3a55d04fb02d076f8d888fd","sha1":"73fe2ade639561e0fbee753a10ab3a8f64457ba6","sha256":"9b5cc937de300ae7ed821b3c25405086cd9fc0c25be5f6afc2213b06d1981408","sha512":"768877b7f6860408251dfc60ac57ed4499ac9ff259f506f98020a848b1f8dd67378758074406603c95d98bfa621d4d451d9a941f9932c2bc9ecfe1eb9e69f9ba","ssdeep":"3072:hUj1XOH0ipFe9OY0ceCK7KtWO77yzk83UzlgE6CjnWO:2kHbDCK7gf7n85NO","tlshash":"b22408c8b295b06143a770b4407f550bf13ab915680ec5a4f226e8da7cbc98e907bf7d","size":225000,"data":"","first_seen":"2025-05-10T22:57:10.916725Z","last_seen":"2026-04-06T07:34:33.855776Z","times_seen":1793,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"5f635b2c65e3baefb2f87122d065bb87","sha1":"10df362ff71bf7eb9e48a7b8fff362ac7e0575c0","sha256":"1eabad5ab35a4762624c04a08717e4f7cef9b3cc7dc1980bb2f2da401d53fe3f","sha512":"fda642248a67303153677cf698766ea3fd4259658a903dfb58b706a77361a735a35b6d162f22974e655633cc8e4104f70fae9f64e161fbf8c9f76a016c1e71cf","ssdeep":"","tlshash":"08b012c537c3a243aa33377d40fb9ac95038985030861740881cc0a03833565413b6dc","size":95,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.393997Z","times_seen":465,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3063994c641724e1bab95e4c075eb944","sha1":"7d772a6138101e8ac88aafc2f054e698e53ea071","sha256":"9f4cdd1c1dc24e8741abf6c17ae60fc2c37f12d4195456eab31ca124ba05738b","sha512":"036a8065ab3b088f528380ca8152dab66a2c30236d90cf5f9f71f7ccdb7556add372442a836fa9feff20caaf58dd18eab80df07a283b7633ebfb9e3528a2e216","ssdeep":"","tlshash":"28b012d432c36185a673327540fb99c95038a89030ca9b606008c1702833020513799c","size":93,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.418437Z","times_seen":456,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a952f9fd77e3c52f041ef0a4f95f75af","sha1":"ffe4709ebb083365bef2cfa97c0ed94fa36adc82","sha256":"3bf5a9a0dcf7f2673017c170a93b6ecd1bfefa8f776958da31eb0837ae3e7f8e","sha512":"f6f44f04750a519dec25a717efe64a77720652e538e166e8af263c0c616ce8550d9e9ade43e3e14471f2c57838861cfa2f49713738cf05b0dc46fed78d2280bd","ssdeep":"","tlshash":"fab02b01be1ac180600404d4ca70c438743ce034c0488c48004f0c111581b474c06580","size":123,"data":"","first_seen":"2024-11-30T23:22:58.166835Z","last_seen":"2026-04-06T00:47:51.465769Z","times_seen":436,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.sentry-cdn.com/d246589a44bc1730e42d1e967d9c29ce.min.js","fqdn":"js.sentry-cdn.com","domain":"sentry-cdn.com","tld":"com"},"ip":{"addr":"151.101.130.217","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ecadabd00c2040ea21a60d51207b99a8","sha1":"bb265db1ed1ee2752e0bc956eac9936eada93fbb","sha256":"249796fbb4c77d1237f30520713ea1239a753eabc70ca253ac7478b8712f2189","sha512":"2e04ecb26576be08334235ea8600199c5495ea42f36488e14f3ae74c3ead7a530a09d9d50baf2918583491280689c7634f80ae8ab26fddf8d0d1f6cb73795777","ssdeep":"","tlshash":"4751c7a47fcefc730ba32731407f690572726a59a449c280991af9d41c71859375fa0c","size":2768,"data":"","first_seen":"2025-11-25T01:10:57.028926Z","last_seen":"2025-12-01T08:14:06.183335Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/chunk-vendor-app.32708a95.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c4af207a799677f1afbf50eba79184fc","sha1":"df9c86fd405973ddcb2a0954959f7d58ae6c42ba","sha256":"f2e53cf8272ce8570f1d89d6ae27ef5d347f10a7bcc0c9544b8f82db7981f6ae","sha512":"991500bd3a24255780e02ebfb926e9b0f3b2d12ceda53374dc201b547f954cdf233cc171024c1ab96ec7adb249253371f35cd489d6261354c71a0e78f7a62997","ssdeep":"6144:SBim+piM+GmhLHTp2stmYtpbfTRS/fFgKozFUTKhljGt1K+S8cC:u+rsp2shby9iOTUjGGF8cC","tlshash":"88e43a8572d1f0a546d651a6903f1006f3ba1d6ca80db04cb3b9cce5fe6a94d623bf78","size":706170,"data":"","first_seen":"2025-11-19T04:37:15.550713Z","last_seen":"2025-11-27T04:59:19.216894Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"71b7a0e5ae2b899174c7f08c2b2d34ff","sha1":"33cdcbd08843772412ec548f6bfc7bf49d20369e","sha256":"78790f41e219074e78e02fb6bb8b748f6820ea5bec71b2ac383ef681b49ab580","sha512":"2ac9f6e2a2ace4f1da668c650a25d17421cce4db47fc16c31432fbd18e9c6caccb05062a60b5a4f36d0525cdc4fcd9009cf0a8fb4b66a7e80cc871c4c1e36d91","ssdeep":"","tlshash":"e1a0029a31d66114a77363b5905f1d88957888e228865f504555ecd25caa07c531685c","size":62,"data":"","first_seen":"2024-07-26T23:36:10Z","last_seen":"2026-04-05T05:42:42.666809Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8cb4fc557301d122802a5ea8438e1fc6","sha1":"2c050be0149ec5106f3a09db714667091f3110a4","sha256":"3e56886dc222678b37ee28217b6206a4bc884643e76e6a6a3dd6e216210bd5bc","sha512":"9c27b68412903a8dd82382f2ddd2c7f261d0477ed09723840543d16b7e9496bf4efe9d0935ad3b9a6e81dcaaea6db614940d23063a3b97e65f0eb248adfe2cf4","ssdeep":"","tlshash":"2ab012c931c3f193aa76227d44ef5ad550388c5030c40b405018c463683643541375de","size":97,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.400513Z","times_seen":468,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e763c89c0663a18f19697403dfaf2c8d","sha1":"5c20934388670411309b17ec055b1af95d192c29","sha256":"ddd0f7b51d2142cbc019e8403f5cfa92415fc2931aa5fd3ba7913f70a48476d8","sha512":"45747248fda7d278da883b983b5c8e24d5a1f832bbae0e9ccc3416228b95e32efa85a8fa374bf24043726f1d20ba26aa66123d2bcaba37a315e0e995913219dd","ssdeep":"","tlshash":"11b09bc435d651916672237540e79985503d945030d566488414c5601473415416f5e9","size":112,"data":"","first_seen":"2024-11-30T23:22:57.705571Z","last_seen":"2026-04-06T00:47:51.399531Z","times_seen":433,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c985fcaba59eb946c39a072167771613","sha1":"7306c92ba6b011ca3dc2c61a7d18f2c605a3cb71","sha256":"49e1fbbe425dad9be4a71b45d2eb17feb80198f37f12ce836bb05ba87f0cd2b6","sha512":"c02699e9cb686e443aa75f616579a09d869e0ad37644b42fa3c2ec5f6e78847af38ca39f4be4e665d7c466bbc5755276794249993a839bdec7e82e0cde34aacf","ssdeep":"","tlshash":"27b012c431c76182a632227550ef5ac59038985030898f464008c0602833030413759c","size":91,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-05T23:58:53.910513Z","times_seen":304,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/compressorjs/1.2.1/compressor.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8486526e5f5162882691ecc24a6a8ea4","sha1":"73fdc423f6adead042bcc65db6884a5d006f4578","sha256":"fd1b40a1808fb4901bb33f0905305af2e435442ada7afc74f81b0a96f0242f03","sha512":"32061e6058fc4774baaef647889d7103d70cfd50c6713e1e451150c0603ba833fb3476e758a366026dbccf42d58ceb94aa30f44fd271a4331d56ab193921da48","ssdeep":"192:1T7WZaQUCEUqlnRdI/i/Dh/jep3QHJzKGJJ9A+uYaVPKEpw+f:11UqtRdndKkJ2yJ9ApKA","tlshash":"81222ba83110b092507361e9807f450b7132ba391695c550b325dadaacb48df73bffb7","size":10663,"data":"","first_seen":"2023-05-08T15:21:30Z","last_seen":"2026-04-06T00:47:51.373263Z","times_seen":575,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/vendor.encrypt.v2.dll.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"de3f964235925f8116bf7fe58bbc413e","sha1":"8fa4cd59f7ffac428b44db7ed0bff76126172316","sha256":"a13e94749de511d0da9f0f923a772708e7dbcf49f7da553d80a02798621262bf","sha512":"735383998427a4ecb96318ffa756d61c950708e3885134454e8e13cb723bfe3dd2a9efd1d587c266d98367151ba66251484262e9e7540db3bc8cd118de0ebcd5","ssdeep":"12288:9NM98phMNWk3VK/NuhA9D1n9qIxJ3kUHI1Cp1sqkg0E:nYNWk3VKwiD1nkoJ3kUHuCpaTE","tlshash":"101519cd7185b4a247d311b5403f250bb33e5a6e680d8458b6a4e8e9bcb89ad4337f7c","size":881707,"data":"","first_seen":"2024-11-30T23:22:58.431849Z","last_seen":"2026-04-06T00:47:51.386083Z","times_seen":447,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0e884800aaf774bb9d233c42379ac76c","sha1":"a6d35972ba86b5168528da6c29691d4ed005594c","sha256":"ab371beec11c69b75da69fc322b4cda810aea740ff0c42ef84c3eaf646894eca","sha512":"bb6792827d2a314931c2b4a671cbdcaaa13927aecc2499d085e7905905223509d46d598b41b64e3aa176d636840d35b4e05858b8c47a8cc8f4c74dcfa8a033a9","ssdeep":"","tlshash":"e7a0020557ec50725415290584f86556e5095fd10561de1570f8d01600754a91a83b1c","size":64,"data":"","first_seen":"2025-11-26T01:35:43.612969Z","last_seen":"2025-11-26T09:58:32.262035Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d4577cbfe64681889c167c7a107d0296","sha1":"714d7f8ff740a27c58ea1d0baa25ef8fe84432e4","sha256":"782760f79567a0f5c3b9d363e019600c9126d91a73cb08fbb6d329943c4f8713","sha512":"9ae5f5e942e15838b5880fa0bf6c019d905c0c11dcd1e0bc661aa655b6e3833b67f4bb6be2eb0df72d35a91c6cd36584421539ad3b6e1e457d90e30083b41d7f","ssdeep":"","tlshash":"37b012c476c36281b7b2227d40eb5ac9503898d030845b445018c0b12973432413759c","size":94,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.397152Z","times_seen":468,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9511bc99d065251e80330fff8297d6f2","sha1":"062bbf5dcb0cf9983ca9dc18253c409f478b79cb","sha256":"70202631ef076efa35ed23a9db59ed4cb08f78d0a942286424c91b63e3370ce2","sha512":"191e442ef77f40cabffe5c8c8d43cde548c8bb273f287699aa3153eab2231c6d803217b5357e33cfa8320d0299cb83d35ae36eb53085818097be62b9ac8ce858","ssdeep":"","tlshash":"deb012c431c77142a633337564fb9ac55038a85034c407445028d5713833420613b7dd","size":101,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-05T23:58:53.893968Z","times_seen":385,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4311b37ecde6d281061d9710b0f6a700","sha1":"4bcc2541011b47e2b89e25fa731f8d451033f15f","sha256":"f226a2486cfed434f0a684be89d69d2339779229629908e3a11f9a952df54f10","sha512":"59546910ec7914de57941ba2cd6bcc6bc6764dec203254e92ec3cf59e3e7e5014633c7d9f1bfa4260e306b5a9fa7763df66f110863ade298af507e4da225dd79","ssdeep":"","tlshash":"08b012e437c772c1ee3223ba90ff7bc56038a89034848b404008d4a0283382051775ac","size":94,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.408967Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e2265c74521d25dd3d5d793b714644ac","sha1":"94ee0128f8a55420e9eebefa828a99875e51b5cc","sha256":"244cf95aa528f3ba120b0906d4c1449dfc9854c11d2dc11d213b0b922f462c35","sha512":"8927e6ce53c727b2287955cc0f5f0b1b7b61e2548dcfdbad49dc6f194bb9d4e181c0c0e228cc961a17d1d152fc38a1f51ed23ee4b34ac391dd46d9f953e63b90","ssdeep":"","tlshash":"78b012d572c76142e732227540ef5dd66038985074ca0741900ccb503832020427b5ad","size":93,"data":"","first_seen":"2024-08-19T15:40:12.397691Z","last_seen":"2025-11-28T06:32:25.893964Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"448d5ad8291bf520e63117635f296e6e","sha1":"08363bfbc1c373edbcd09e0978c5198e8d4f05ca","sha256":"40fb98bb1f997eef095790d1a0d940d97b5227482981e2df043df9bf7b9cb224","sha512":"5cf013863a4e1ca145d797e3d08ad8ce88bafd9ee85e7d940695ba976a361270a0a7446c49865f9c3b6caa7cc93ef09216b1d4cf62b6f8b92864d054d2aff6a1","ssdeep":"","tlshash":"0cb012c436c36241b7b2337d40eb5ac9503898d0308407445428c0b1397343341375dc","size":94,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.436005Z","times_seen":469,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2f01cd8b4eccb44e0f5dc68331624b75","sha1":"0a45ffc81de256dc165599b77dd2a81dc0eef6bc","sha256":"24c292083e9a6631ebd7672a2483c596075dff5e299bfa771dbf54d31a7f3516","sha512":"49fbd85c2cce2dedff531359d008a35b5aebd765b66e424089de8353e738e55c875af74772f7d9ae7eb58705705b5c010fc9ffbc75663febf5aa3582102098ab","ssdeep":"","tlshash":"e7b012c431c7b291a632227560ffd9c66038e89030c44f484058d1613c3702441376ad","size":97,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-04-06T00:47:51.416198Z","times_seen":460,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"24243e0020ebf193b0fcd07b4bc167e6","sha1":"3178c1c91aff87c60703978131740bb2f05e980d","sha256":"d4b9da224886e99d45c9c887f9239304bcc6d3acd295c993c65ec9c52c57e9a7","sha512":"c379ae8a0557528b3158e39f1f4b27d3f5387a8b851dedd0a2be62dca61c81fe5c73377e35270532649666f6f7f8cff029bf357e7072da3451a4b2edb12b3962","ssdeep":"","tlshash":"f0b012c435c7b291a632227570fbd9c66038e85134c44b484018d5713c3702041376ad","size":101,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.452241Z","times_seen":460,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"322977a49ce9e12bbc2c25eb4bccac3e","sha1":"970c4472665f36060a6c2d6f4280dd91fb036938","sha256":"1bae74ce4580bc8bb9ced4adb081c2e858a9bb40bec9b91d1ccc17a05b66e3d2","sha512":"2eed0bfb716afb4590d7b4688402538a2b6b0f20f2f510af1595acb2e563d7fe2bcce9375a17ff533a0e45becb3cf779589f02390933c3aadde9c868a762f707","ssdeep":"","tlshash":"4cb012c631c36185aa3222b540eb6ac550389c5034854f409028c0612c3303442379ad","size":92,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.454525Z","times_seen":450,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ef30702c71e45897469e80807c025b64","sha1":"c89afc354266efe3ecbe5a41d58ee37e7c372206","sha256":"0d5aeb4f42912fd68c64ffc0d8458f5b7b8dfe587c21417e87a7390a6eca8569","sha512":"ec05fb36815f6bcf99eb1c0587dfce53f9b252828922ece82fa934ceb60acdc47263af0ffcfb6ae675dd6844eab4507fe4fa96e384c78e7750b596939846e775","ssdeep":"","tlshash":"97b012c432c3a391b6b2227d60fb59c65038d8d030844b444008c0b1293742041375ac","size":91,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.45798Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"580f71725f3401b9925faba63fe8231d","sha1":"179ab7bded1455d3a22f916e33c617a680390b8c","sha256":"0c5467075ce0776036aeda74c31c9fd194cb76c512504d05d1c410b412cc7011","sha512":"0dd9453521c6375b13098b5eb53d84c07007ffdba8056cc589ca6390c213310bbf055e733deb1cc0254721437c3fcf218b1acadf23535e22729f4d6e411c89eb","ssdeep":"","tlshash":"a0b012c432c36351b6b2337d60fb59c65038d8d0308407444418c0b1293742141375ec","size":91,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.402426Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bc3e3c169c18763c421d8a036f19b424","sha1":"6cf005f3a62f433c47b1bf5955d755d428e34b30","sha256":"922e42accb17364a1edb5c5aac7f8a2d1f8705ae6f103e33348ca57303bc1d66","sha512":"0fc084c5678312a40d5cf76b43fa4a2bd79601e1ccb41d77b0923ddc97e290e77c5b6ec2b6c394433674d42034a24e7e300db358418a78880de51108dc2b5fe5","ssdeep":"","tlshash":"72b012c435c3b281ea3232f580eb79c7603ccc50308507404008c0a43c320214177dad","size":95,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.392886Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1b9ba695c4090f3addd8a54a6b07b68b","sha1":"dde442519648c732024d279cb39a957145d3e894","sha256":"7c9df70b2a0d8ee819bfb38c1079a22ed2c2fd7d900d07a56d95c734329ef847","sha512":"fd5a4c9bf127d6e5db92032b1d3a41302a06b3b47344c76672a314440030ffd81226bebaaf51ad1465d28a38df82e29b92b045e8ae034d4493013992666ed916","ssdeep":"","tlshash":"28b012c435c771c2a632327540ef5dc5903c9c9074848b405008c0602cb3420823fd9e","size":98,"data":"","first_seen":"2025-06-20T02:18:27.982616Z","last_seen":"2026-04-06T00:47:51.422811Z","times_seen":409,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c9c319ff847866a40b61ccb039d64f19","sha1":"712fd40f97493abc96ab4a9426a73edc2bf12cdd","sha256":"f27d8f7bf81d7d20e4672b460e777c38846857f4717e02ca031688dc15f829a1","sha512":"caddaa53b2221ad46cc3c3a38b3606dea857f783690e07b5211b49bcc38410249e89b774f6ad0c9c30995d9f8b14d614eaf9b2f0780053d70aa18f7d14a0d43c","ssdeep":"","tlshash":"55b012c535c36145a73233b540eb6ac950389c90308407445038c0653c7303341379dc","size":91,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.415507Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ad038e6a4e6e142339ea140150d80f56","sha1":"777e8723af170e4091fa0b292b2620fa2a5badc8","sha256":"c5b8a88f393f4ee34045315181e085717ec23f31de93e9a2d12aeb81b18c2fbe","sha512":"a2b3c49756dc8e28b94d6fa39b4436ccc6883d94cf9298e772918b4955c30293b93a7c61bff11f15a63ac29e18c09cc01709546fea1ccf53d367faf3e911aeac","ssdeep":"","tlshash":"74b012c431c7b391a632327570fbdac76038e89034c44b489058d161387742061376ad","size":102,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.394537Z","times_seen":450,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"17c8a5a09ff3f62ffac9e28f4cb531c3","sha1":"f02d14020a1c0c6f94d5c3da446fb1780d489176","sha256":"5e545267f6299ee1fb45acf13dfab20ad561f0f448b57cfb6c1e5e11bba57507","sha512":"b13cf9fc88ff4d00583073e6074eff8acb51460f3a7a6145c209b397ec743433cc5243ba804722461534fb79f84f6dee5160bdda8544e8655736b78a062b2b7d","ssdeep":"","tlshash":"22b012c431c7a246b633b37964eb6dc95038d86034840740541cc0602837420413f5ec","size":94,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.400067Z","times_seen":374,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"01791cfcbe6879bd8c66131411b6ccb8","sha1":"9e5cd47fed65920df5da5164078fa6ffc9c253d2","sha256":"142229831fa65788f2843c61ed6c6f219f4f81e7051d17e1b7be5807b273d090","sha512":"dbcddd8d400d20834a54f927200c53f85b9cbe1b574ce3079e83365c1b58b8d56606e2a5bfbe4058a732d0670909d00aa07b5470810939e4d5d8765be142d05f","ssdeep":"","tlshash":"fda002aa31c773419b7b27b5c05f6c88d1b495e568896944805cd4971ce60bc631699c","size":62,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.46477Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"18a5304bba30b2e64cd46dbb3821220d","sha1":"fec79899797e5ebe3c5d2477811a3d9f06867b42","sha256":"9dd946fce4a66ee257244a3e7c11d4e47ac5d8dbb993168090184d7d969ec750","sha512":"dacb815e837fa01802e0cb6f7a3d62208c19ed80e10c694eb983c4d2c648d5b986a911d55037206b65348dd49ba602886573da34239957f2dcf539ad1b2c8f17","ssdeep":"","tlshash":"eeb012c432c363a3f6f2267e54eb59cb5038d8d034855b404008c0b12937420813759c","size":97,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.430674Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"fafb912631c9a34e62f5fe9b0ff73621","sha1":"00c455179f6cf476fac3e2fb4ccce596db122777","sha256":"a475b39a179a79ccf2455f6feae129f307213bcb4a1463406fe73d602c14f516","sha512":"29dd1c2c2e03251655a8240f8aaddeb9b6ed06553542e06bad759f7a168b62ee8084d3ca28a33a056e93834e7cee0661571aad1837aeb34a1c04147c1e253bb5","ssdeep":"","tlshash":"74b012d435c371c1b632237640eb99c55038985030844bc0400cc1622833020817b5ec","size":90,"data":"","first_seen":"2024-11-30T23:22:57.730563Z","last_seen":"2026-04-06T00:47:51.397656Z","times_seen":426,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"343861b3feb65d909064016a37b558e1","sha1":"831f12f9e8f3f58b96424b854f31e948affd6c8c","sha256":"b52d07ac88f81dd2c6b27719b1220a0570dee012b80dbdea9318d02abb9f18f9","sha512":"2684005ebd5c412271872c14ed33103fd1959670d8792003277a90753b4c29323576ce815591eb9eb1ee630b853d503f16be24d819bea1c043803ee4a382e6de","ssdeep":"","tlshash":"cfb012d531c76356a63233f560fba9c65038dc7034840b4440acc0613c37021413b5ec","size":94,"data":"","first_seen":"2024-11-30T23:22:58.64545Z","last_seen":"2026-04-06T00:47:51.443737Z","times_seen":429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"07a978da96adb515d513a164947fd1e5","sha1":"fad0d06eda367b0e766776d0f22ad659ec20de0e","sha256":"bb01181365dd1b9413e8c7793926f4aaf712fdb7695dd1b1c2d5adc2401a6630","sha512":"0bd385c9a24579e20d46e54ba80ca7468429133e640893aad637860e789495116da167de07898411f9708047ce7fb630e4454ee68126caabdf4f8f3ffb971dd3","ssdeep":"","tlshash":"1fb012c431c76191a63322b640eb59c550389850308a8b404008c1a02c33021413769d","size":88,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.410275Z","times_seen":392,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2b28a160dc816b7d97bc9f8af9236f26","sha1":"f72692158f37c7d8ed4e00279f5961c8489d8fb9","sha256":"684b0b3e327178f0aed2b6c432302a99adc9d2343fffe8e43f93b8c962863e9f","sha512":"8e8629e3fdf95f1e3251bcf2e7fb84c1013e0268c2e109cb2386a85ef3f3e0abd849d200440a5f50210bba3deb9b33201d9d8003d99f6ae64ee879dc790e04de","ssdeep":"","tlshash":"72b012c432c36285a6f2267944eb59c95038d89030c44b404008d0622933420413759c","size":89,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.458511Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6f95a58d80bd4f5bc506fc51193ad969","sha1":"64cf70745be3ff01604b5cafff0c07c4abee3bf8","sha256":"f624398ea26606596cbcefeaa1bb7538fbf3cf2794a2b679d6f734d2c831a410","sha512":"fef0050090875a95c8e4e1477e38d11c42bc9a6b2b97891ad2492015f4a7e0975a2571f15d2728ceebc072fa3f9b3d482430d7f05a50523539ff1a6fe380d2db","ssdeep":"","tlshash":"23b012c431c7b145a63222f990fb99c9503c8ca0308407408008c0503c72021d13f5bc","size":92,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-05T23:58:53.917907Z","times_seen":245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"cde93b0a5e35216f7132f15634bdb2d4","sha1":"a1dde2613599daa4a20070de4c71abc18a14c474","sha256":"f3b8a1f25ffd682800fee7d83e638f93ace7ca17777ef2448d07f6b3d4dba3e7","sha512":"48cc6de062958f67789abe3ddb6acc7d59fdc5f99fdb4ad6bc6c7d47640f4c66a7e00e7ee926c7f81f5b98a8959192ad349383679c0ca946301ffff19247d8df","ssdeep":"","tlshash":"c4b012c972c76251b6b2337f44fb59c5503cd8d0308417448428c0b0297352041379dc","size":95,"data":"","first_seen":"2025-08-15T03:39:41.695624Z","last_seen":"2026-04-06T00:47:51.461612Z","times_seen":352,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"00e24bff7d0709f889a5954db841837a","sha1":"2012e03496e113a761fbdfdb834d95225617e7aa","sha256":"fd308b77a71d060441d7e8c9f20f19aa796db7f25fd6c6573a6fe324e2d37b4d","sha512":"121c8e42f76e6c85ead2f729ffe3ca685c5fe5ed65eedc62388e7d7e4d76c84f4f1fbe9aa10bfa97dd6c77a03217791b6a6617647c4848c240b5ffa15a6d3976","ssdeep":"","tlshash":"abb012e435c361c5b63223f960eb59c66038a85030844f84400cc0602c77030c3bb59c","size":96,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.405933Z","times_seen":468,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"deaf49d808f6eb08f45deb58530932ba","sha1":"4ef42bed47fe019f65d2d230de41c154dedfc54f","sha256":"4699868919f1fa550be90b56ff92ff6bdb8972352acf31343ce5c4672602d344","sha512":"48b655d30c490a11f023cccac91e4fc7cf4e997629dddb57e1d56870f0fb640ea1bb429541306ebb5fb1a1c5d2604ca467aafba7c11e6efda0b05fd1e8176f50","ssdeep":"","tlshash":"49b012c431c7a181ab32327540ef5ac59078986030898b446008d5612c33434913759e","size":94,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-04-06T00:47:51.409614Z","times_seen":428,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/A2HSModalMain.7c8aea44.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea7b44dcebc8c0d65dafb60c17056b93","sha1":"0b9b678dd36af46a6a89d34ace71b48a2b799b8f","sha256":"9e8f7361d672e77ed566e39eda849a758d6a0aa4dbc827d2bd631658b3bc8f5b","sha512":"a48e91b8fac4d48464acbd86052c8a8142864e0b9cb84edf6ab9d3781074847356075c2ab8459299418c2b2ebf3fec149059591c1b3ca00afd0001819f359857","ssdeep":"192:jCoDc8t2YfbK3p9mF7bpyjcCD0Hg8CDErsSaNo26oDJW/xXP:xttDfbK3LIb890HgREQN36LJXP","tlshash":"6e520ad5b2a091dc08a6505e8a3fea42535e3a9d74389c4569beccd8b5c7bccf227c30","size":14125,"data":"","first_seen":"2025-11-09T08:42:38.494346Z","last_seen":"2026-04-05T23:58:53.799275Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/chunk-vendors.fc137ccb.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d4af22d55304ea7bc9e6c092b6ed5d5","sha1":"11e11c53e0ea51d22f887f5b6bc3efafb3d55f86","sha256":"bbd89be03d610c05e8a3d11b28f0643a68b3acd91d1c90b1c828871a90dd63ca","sha512":"26e011f9827847632df8846b3dde5232e23a744d266ef106ec70e9ef09af1336731354394e56a511bfa978c7f9a37519a669b5e52a117fb1aabf8e830e767732","ssdeep":"3072:gZcBj+T4Cm4l5bJOQYBbCoc4OjFW78+skrqJz+x:gGe1JODzmBWEkrqE","tlshash":"1014e7c9bb92f0a843a335a4806f150bf17b6a28f40e81d4e666d1d1ac7898f5177f3d","size":201661,"data":"","first_seen":"2025-11-10T12:55:36.380242Z","last_seen":"2025-12-24T06:13:20.917967Z","times_seen":360,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"362e5129e4a9962318cfe1c4566c603d","sha1":"9bffbf50d9151fb3b772c666d1c94db4ccdf41d2","sha256":"0bd29af57b56cf0d7a01d631a434ce1d734956672b8ce6956d0638a8c9533901","sha512":"b9135a0266a6c9c8f06e7b6c6fa54561cd03b4add71d2382c0426e99605cc0d0709595d9905aab800ed52c96495de57d78420b80102997e9eaa4e736f9b4891b","ssdeep":"","tlshash":"02b012d631c36149e73233b544ef6ec5503c9c5034842b408038c0642c33034423b9ed","size":95,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.43794Z","times_seen":440,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0067b94e1de35dba931edc8ac40b84b1","sha1":"3d92e3b86c1720774a359bcb97355b94e3a61a27","sha256":"64fee154acfb219d4f187f69176aee9ed7d8fc8a111b2c46e3c645aafc5666dc","sha512":"57c20c16117dbdabc802730b0f51cb27bc4be521dba19a91b967cad141fac125c3ad2656c61f25dedb298549bd4e2ab3a9c860c5d95a1dae198a04525e07be0c","ssdeep":"","tlshash":"50b012c531d76185ea322276d4eb59ca503cc85030858fc0d008c4623c33124433f5ac","size":96,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-01-11T17:35:07.929637Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/32.baab8dfe.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3a1d7c92816b6c38fc261ca81d68922b","sha1":"faf80f7e7bb605c2dc475ed17da75eb4a3c8564f","sha256":"ad5a88e9da5354ff20d3fda1afb2becfa467a6e22fbcd51084dfb51f4a92f64e","sha512":"9b88bceb824a20a7db99aff685bb6a1585d381fcada85de9955243f58079de7f467ca054e8899b8d4b925a3a49e2b4574db720ba3f66d3a41d20f804aebb0fca","ssdeep":"","tlshash":"f3517b853ad6e406a18ed4291aaf7e66b9de44c30c144c80a75004ee2f7f799c5a2fdf","size":2636,"data":"","first_seen":"2025-11-02T10:05:16.968342Z","last_seen":"2025-11-26T09:58:32.17415Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ecfd66091a75316460ea1470962cac55","sha1":"d63e1332a9796f229fb27353ab857fc9e5905e62","sha256":"b1b6c699a1f2a1b2c0e38e54c5d1fa23bd75647f4295a4dcb6f0ff32121fecf9","sha512":"3c275932e1c0ab4d43c12abb9a895cdea591313b2f037d8bb0ac803156d49a988bc21aed3cd0ed456fb1fe43f6bd2b1ff5f89923418c7919ca2b05afa4b8ee63","ssdeep":"","tlshash":"40b012c532c77192aab3337548eb69cd6038d850308517408028c1a02837025823b5fd","size":98,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-03-05T02:36:42.913352Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e4bfae24669250240353fa9669942bff","sha1":"8a0a0a18133e32de7086c19a36a5b9f965ee9ec2","sha256":"a41e3aa20336640b9dd3f3d394f5a84259c072a38001ee29dfdddc0e7ecfe438","sha512":"c06055057f8aa877206126850a689fb68914848ac0cf5d0898fb60e81e4a737030fbb7f2173b92f38896ad45245a65f035a643d4824a16302b1577fb488952f9","ssdeep":"","tlshash":"f790029a31c66200977723a5405f1898d57489a128955a405058d4923c6507c531685c","size":56,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-01-19T22:44:24.960639Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7e4d559668d20fe193f02a476762d808","sha1":"72399ed3e3a7f67aab8af13325bfdb0c13a93835","sha256":"4389c80184bf3d0eee7a75b76432cd66e344d93102cfef40f1dbe93137a70ef3","sha512":"5208f19684d4d7d55b2a2640633339cf1abaafaa9b22933bb82404e6ef02d0dad3755e48124ceb433f49724eb988886d8950b1b5c81d949f370806ecc58c9430","ssdeep":"","tlshash":"bba012d431c36242a632227940ef59c56038886031840740400cc0902c32820533759c","size":84,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-03-25T21:39:57.412255Z","times_seen":127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"fae767eab9ce84f53b99d888f994b3a7","sha1":"6f17c4e8fc000f42253881f5096f90b603a02f0a","sha256":"07240a52ee4d5ecb471b799e849b9704d79995bc59fbbe2102711cb0593632be","sha512":"4fd9d40f80c601cdf0429000904bb59aea45ef210024ba8877a723dcc8033b70d4e2ad7bb131095f8d1b60fe8b3406c7c94e222c82959443425414602073be8d","ssdeep":"","tlshash":"1cb012d435c761d1ef32227954ff5dc690389ca43088cf44401cd060287302d81b79ae","size":101,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-04-06T00:47:51.395092Z","times_seen":464,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4eb07cd250aa49f0b623c48212f53fbb","sha1":"8bd5b90fbbad904f5588435f5be2400cbab2595a","sha256":"2a74d59427fc0939b0b2cbfbba595ff4d5682c8ebb97ec5164ae4ffd30862e73","sha512":"aae558c4d54bbc683129532b7246ef49bd7669c474597bb644e6604892e7381c0dee7fe756d7ec6141674d52b4dfd4caf7b945c0c4da410e02cd74596691a12d","ssdeep":"","tlshash":"fdb012d635c76297e63232f564fba9c65038dc7034844f44509cc0653c77020413b5bd","size":97,"data":"","first_seen":"2024-11-30T23:22:58.292517Z","last_seen":"2026-04-06T00:47:51.456005Z","times_seen":427,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e2a12ab20ed1bea318013b9aa22fb1fb","sha1":"c97cdeb1732f7cbb1c5962f836054ede6913e7a2","sha256":"9bb43a5ec71cdcdbef9bbe598c0d8ed170fad820667b726ba3f17594e019005c","sha512":"9edbb45ead2f535f4c9090d9a99ae37db4be631ad5e16854bf3c57c22caee9b999b3f655006030a46ed8593638a8f204d42c4802d75d888714450fe9a3e5f1e1","ssdeep":"","tlshash":"a590029a31c66100d77323a4805f1888d174d4b1288559404055d9971c650786316c9c","size":56,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.462219Z","times_seen":402,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"de6ca8d13922a0f1881ec971a89ede12","sha1":"1a1a0cf1f2c6223d2380d3103d61c6f599bf92b1","sha256":"da3e00dda6707c1443a814becbf73f522a1eb045b439bd6528f35c8bc533218f","sha512":"e1f2f0ba35616fcf219b7c6f4c5a9a9ff87a90722aee06a5ab67a483b7f01a0a26f0266ae2c2c15957c6899dd8f8e6e3a35a8da37f1a7f87cad9ec42b8d2e60b","ssdeep":"","tlshash":"f6b012c531c36151b773227940fb5ace54388860708507445009d05228b2473413799c","size":97,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.41484Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7b9f7f2d84a70e5500a564ef70fb2cd9","sha1":"329139ef5db214b59e64535a788abf7b9ddf3f8a","sha256":"da4b0a1a81f0087f3af0374386c510fde947085607365105b293dd040253ff28","sha512":"12e6379ca86e0ef74036aec6c44bbfbb41d6ee53ecd1b0929366aad20d58099bfc6cc131dd56f2754ccfa114a05e91005763a930ed76721c24b9115ef8624b2a","ssdeep":"","tlshash":"13b012d533c36191a6b2337580ebeac95038ac5030c447404018c4702c3342541375dc","size":92,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.390772Z","times_seen":465,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c748f0f93066fcd02a7ee2da9dbcbfb7","sha1":"7da956b4ffed76216781482a1bf4ff531c1dfa03","sha256":"9c372d44cbdf96bbac702aacedfad65ed0cbbe6db64c071a8b813d80486ed6f8","sha512":"a006cfea00347d3152120ba23f3b2d04222033f5e47aa74d7252c0f74591a9c3a097767a8369612a5bae57e91efe59674432194790e19e9d9398c1726e1f2305","ssdeep":"","tlshash":"46b012c432c3618aba3222b680fbaac66038d85030c45b40400cc4712833420527759c","size":98,"data":"","first_seen":"2025-06-25T19:25:28.007067Z","last_seen":"2026-04-06T00:47:51.441767Z","times_seen":388,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e51572831369e11d2ae428713efba479","sha1":"03a039453ce0af9560ea353dc0c74b35f0dff4a9","sha256":"0eeeca258b0085098a359be1ad1a60d20a60ee3b43e068a7133c1086ea0cb356","sha512":"d67ad4383fb80a9353a1078fd3871eae446305beb1dc28e87a0581467d1cdd8425810b211c9da89b52319e2cc8660b8b2804812cd56f9cd11027afa181cf711b","ssdeep":"","tlshash":"d4b012d433c763c1a6f2267940ef6ac55038989030848b404008d461283342541375dc","size":92,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.393456Z","times_seen":463,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"580f71725f3401b9925faba63fe8231d","sha1":"179ab7bded1455d3a22f916e33c617a680390b8c","sha256":"0c5467075ce0776036aeda74c31c9fd194cb76c512504d05d1c410b412cc7011","sha512":"0dd9453521c6375b13098b5eb53d84c07007ffdba8056cc589ca6390c213310bbf055e733deb1cc0254721437c3fcf218b1acadf23535e22729f4d6e411c89eb","ssdeep":"","tlshash":"a0b012c432c36351b6b2337d60fb59c65038d8d0308407444418c0b1293742141375ec","size":91,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.402426Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"785f9846feb605ffc04f1e21a91c495b","sha1":"45db0b5332346ad0edd5fda73c3e68daf13d5a5b","sha256":"fa478f66ee16991a3d91d8af32427c40200bcd37cbe2d53a1f8cd037a5ee850e","sha512":"5bbe4e23ded82a7d97179193c2a8816ad2e9f53bd86d6b19eb69760b3b73e1faae85c495e2c8ea0fbf9c0e3befb4d460997d8a0f6638b01ca34c4aa4a6ea6d5b","ssdeep":"","tlshash":"87a0029a71c66100e77322a8445f69c891b985f139959e408554ece21d6a078536b85c","size":61,"data":"","first_seen":"2023-06-18T16:31:35Z","last_seen":"2026-04-06T00:47:51.460777Z","times_seen":469,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6a8445c6326218953fa2c3f820287b81","sha1":"cd17e8010abaa888dfb405d816ff13793e4a8075","sha256":"5958bc95938d65c71062fd26a885c5f60383fb33bbd78f935f8b18511ee9f652","sha512":"6fe4a27db87fc44a14bc73b8f9c26283943267be49f8b7d701a8741b97c5ddfdcab26ce1e87e79429eec571c2b3d5ce9f812edf5bec3e6f07c9a1228a85dfbfb","ssdeep":"","tlshash":"2cb092c826c3a182a672236940eb69896039985030852a44c018d1a028b2020812a5ed","size":101,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-05T23:58:53.872605Z","times_seen":211,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"725063a387e346eeba510ad63f8df868","sha1":"116cc2a99f9b26600dac801f06149e0b79e64f9b","sha256":"c35545d5ff79c343317af4045044352c406d261d1990c7322a6cd4543c7d0e1a","sha512":"a90b68ed4d14f5a65e830f8364d51cd0569b9712a22b6a2a2786f6e18f596524650931f5882caca265ac8152e50277279f78e87a1041d44df96c31366d25e760","ssdeep":"","tlshash":"e5b012d537e76a81ea72337d90eb5dd6603cdca830c84790541cd460283342082377ec","size":106,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-01-06T13:45:00.204954Z","times_seen":45,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3afc260e26af9f3f493bf0c689af7acd","sha1":"2f7284266a2fbd535b2ca46ecdc66d94ae8755dd","sha256":"0b66a9ce14573e6afd1cfc95eb0df6d8da9bf1948b0537b27ef8efe2e9cd5081","sha512":"ab10916edc8704c74827bba36d147db53f7a53e9babce84009a70fce1713914635099aa49b967608c3983731b22564cfaa8f3730b5c25ac61b00d3f0a8fcd757","ssdeep":"","tlshash":"73b092d521c26296a672236940aba98650389d9134855a4444189860a877020412b9a8","size":102,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.451551Z","times_seen":465,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"87899317e6c04fd4d9aa8a8264421d9f","sha1":"98d9d34ebadee17458ad8653ae6cfe0b6b7c08c5","sha256":"5f5be3977f1ff3df1d549fb95d7221fdc2dda31e9360c5ed418458a318f4bbe4","sha512":"aefd67829a553f854a81649673b3031646ebb26168152d89adf0da0f76f2f2bdd50fbad2c10abfe608e6ba326a7ed993e71b2a6fe33e4137d63ca4e3d3034fb6","ssdeep":"","tlshash":"91b012c431c36362a6333375a4ff5ac65038e890308447448028c061283b02141375ec","size":93,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.432031Z","times_seen":461,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"74fc4166b1820902053b4eaa9d3230ed","sha1":"e36540c255515e01535053de9d44dee6e5cb1d37","sha256":"a13d82126deac81ebc5b2cf59e92b06c7f4c3f930631791efeea08a6cabd99fc","sha512":"0564fb3ccc3f89f8f1a382cad4f5384fcc4f3f73dfc31c5ac436c0c8a2a5a7127bb0efec0ddba88963dc50391c9742e60aafed916578937b787719f9c7c9dbe0","ssdeep":"","tlshash":"46b012c972c772d1bab2237e40eb59c5503cd8d0308817488008c0a02d724244177afc","size":95,"data":"","first_seen":"2025-08-15T03:39:41.664096Z","last_seen":"2026-04-06T00:47:51.466501Z","times_seen":349,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6878f49bd6d5e3e18fba460d4098e24e","sha1":"3f83debfc8eccb10ce09ccd4fdc296acf1c07cff","sha256":"3d5f822a935fd74bb9c5608325f2cffcddb6f8f0077b9441c3a2a2e1d9adef87","sha512":"1de2d8be570deb815228c59cd964874a99187298278d4caa375dd7606e8a8344500fb3ba9fe20867b63b5bd440c2dfb7b0613d59c9703ae387e8708d9811ec77","ssdeep":"","tlshash":"42b012c531c36145ea7233b544fbbac9503c986030841b40c428c4602c3303481375ed","size":94,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-05T23:58:53.847215Z","times_seen":403,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e739628cdac55228bbc62a195487c665","sha1":"138fcc457fdd4f747febf0243a8426a7142c0f97","sha256":"ee845b5d58dae73b55bdf1660e5bbd6db8683444f3d1647937727de41d23b0d7","sha512":"b6c96c1162bd77447855e3e7cb38383d9f6778d0ec0e7293bc8dfe7d7c023441946b29f892fd99bb1466feae5a2a26f28fb6c8579c421c9ead2c806cd5a1d393","ssdeep":"","tlshash":"00b012c431c771d1af322275acfb5dc660388860308547c4a10ac4712833431437759c","size":95,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.3991Z","times_seen":465,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f576ccefb29ba7184a0adf5cf695d66a","sha1":"1002f9c1702450663714ece879d9f71e87d43557","sha256":"9fe8847c83ab5f06dd6a3af5a390c93534eedda94d6aa0e0fee4a20be5e100ec","sha512":"cb351d71fafe13d43f08246b84d6e4366e6d4d47d9a73044b490901a54523002d8513bcc5edcbe7a967499fefc5a1951dd3805937bf015450cddf6b566037cc5","ssdeep":"","tlshash":"2ab012c431c3a186b63222b540eb5bc55078d85030849f804008c4602c3702441375ec","size":87,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.44966Z","times_seen":383,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2622cbe26b70ee943adadfb6cd45b7f6","sha1":"76867b537163ad9218643f1fe0efa91dd7f244e6","sha256":"91d67c04787f7244f6dd4431e9b4d3fdf84278db131717e7c17b5534d7718280","sha512":"8e7b37ca88d5e6d9d3d53788aea2f3d97988f09095a30c00106817be0544eae749849283674e7c54be7b7fcb0a384ca63f6e441da17d2a69a0a77bd9354a0193","ssdeep":"","tlshash":"61b012c632c36381a6b2227940eb59d55038989030854b404008c0712933420417769c","size":91,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.444331Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0f4d6d54387de31da965c2264a18cf57","sha1":"37f6aa0fb46255598ba1b1c64435b7e67e48599f","sha256":"479b0916271789451423631d94f110d5afafcad418592f8b7e7c1229b1c650ad","sha512":"f7dbfa2055eb8b93a359a47323309cfc2a5e8946171134e182af18e71e87a2e22dcc9cd766bd1f73ed598d2df8176ffc284933c5858c2204bebeebecea00b645","ssdeep":"","tlshash":"94b012c533c3a242aa33337d90fb99c950389850308727408418c5a03833460417b6ec","size":94,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.467746Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2aa2a99c6ae265f4e92ca4ecea9763a1","sha1":"49061e9cf1acac9b1f932c177c852a7b13b1c958","sha256":"2ee9a375ae7d2586efea5b03da652fdc3bcdafb4954efbcbd23577fef0c5a6ee","sha512":"84e11bef82e8189cc386b09ed7706054de8d8ed4a130aacac66a5cf0bcc64d5d22429cb0f7256d9acd4c29082cfb6a0a1b54b1a72d83e403d0e3348cbf40d2ea","ssdeep":"","tlshash":"d6b012d432c36181be32327660fb59c59038e85030844b404008c061293302041379ac","size":90,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.398714Z","times_seen":349,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4f8347c42203c26865e87ba5914fa51a","sha1":"9bc62dd3e19ba02985e05afd1dd75243e091ee0f","sha256":"fa38c8793c6427c497ad805848f5f52182aa42c582eb49eb289caad4fcd01fa8","sha512":"d0c4e542b7322b814087e8b770c64285f9a36e43abfb8a5f79f05b9e677808381ec0c45601e7276dc8012db2efe98cd362fe697422ef59c5c3cf5061cd80833c","ssdeep":"","tlshash":"0cb012c431c76141a632337550ef5ac59038985030894b464428c060283303041375dc","size":91,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.440685Z","times_seen":318,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"dc441a905dba83a82d00edf64020c23c","sha1":"d9e9983390750971d9f61805df45d719b1f8e4c8","sha256":"4a14658d1d14f0db1525e8bf324fef8fb3d644be22609c9b818d6f65ceedcd9f","sha512":"3a019a95e4065b513bc6a16a21551e75931da4613698bbd05a2798da3fafbb31d05262c0116e961e15b02b0e8d1a2d9888f148a8c0273bbab85ea6dec57eae57","ssdeep":"","tlshash":"d6b012d533c76381a6f2377980eb6ac550389890308447404018c071283342541375dc","size":92,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.445564Z","times_seen":464,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a98a2a4af678e56620242e76d92a2017","sha1":"171bdd460915e4bbdea94c5c93c2b5f6992f89e1","sha256":"9704d4ef0409ab8c46042148d6245c0519dd2c68cbc29ae9ee847ba7b7c4f8f8","sha512":"6cd4a257ac2319f62e5a013edebba423faefba0cb122e7c97de684b4373456483913228bea4a8fd8b4a718a3586febd7359d11fe49afd20a5c1df0fdc441b0f1","ssdeep":"","tlshash":"a9b0928461caa296aab2227ea8ab798960389c9035845b40804881e12833060823b7a8","size":106,"data":"","first_seen":"2024-07-26T23:36:08Z","last_seen":"2026-04-06T00:47:51.403883Z","times_seen":435,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"098d08af7de86fcbc11ff0040e67ab0e","sha1":"40fcd589d95084721a9bb51b2813b20e7147b7b3","sha256":"3a6702b02e3e81971e323a87b0f84e9c2349edc9c751c691201e29a561791ea5","sha512":"85970681b4dc1b3c007291380844be1994ea86783242e78df1d7d1756d1f9fc1002adfb57eef146fa9f3231ce93d1648fe90909a58fd640a5cb32b2583f2f652","ssdeep":"","tlshash":"dbb012c431c3a2a2a6332275a4ff5ac65038e89030848b448018c061283b02041375ac","size":93,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.433069Z","times_seen":463,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"03aed95fc18ba84a19665c1e736fb655","sha1":"f34686856718f37a603bfc13eebdab736f0836a5","sha256":"4c241c0e65e02a98b4c1d259a5203d4ed971d9cc916a7a333eb9f3caf6202598","sha512":"8ba16da16e02f6feee0e35be4a532e97b9867fc7db58f94a49863d35b62d0d39f407b6dde03a26c4ed5d360f08a5aae188819f2e6e068748a3a2faa346d26d9c","ssdeep":"","tlshash":"64b012c432c3a186b632227640fbb9c9503cd86030c45b40401cc0712837420413759c","size":95,"data":"","first_seen":"2025-06-25T19:25:27.981604Z","last_seen":"2026-04-06T00:47:51.395639Z","times_seen":384,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a7439ddaac3bd59c63a1b58f8efe3a11","sha1":"eb8405c949bcb7bf816e84ee99de92f79f3b07ca","sha256":"4ef734e21f146fb174ac3e6b97fd607ab75c4fc9942bb288c278ef6dfb36628b","sha512":"554492f39f41d410bac157b03f1bfcbd5cf3599c62e67ea282ddd850a1ba9c157307c08e8ac37cdec3f18462552c36e105d92d0e8bac4fc4fc7ebe9a481cd4cf","ssdeep":"","tlshash":"69b012c432c36149ba3233f680fbabc66038d85030841740402cc471283342042775dc","size":98,"data":"","first_seen":"2025-06-25T19:25:27.966334Z","last_seen":"2026-04-06T00:47:51.459101Z","times_seen":392,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c230962e46bf58073a0ea8a953b2565b","sha1":"f077aa238e9317b5b68343426ad4b0caf86404e1","sha256":"db216f5bec55a77b4aace82641e5d40c8c9ee2d3efd45f52087a4ed3729597cf","sha512":"636406d73c323b0921f96270d51035c43d73dd0ee1e82d55e97ec599737ca893c3c429c76d9cb4687097856a96aaa3537c6511b1c5ff464512ae428c6489d9d7","ssdeep":"","tlshash":"1cb092c535c76691aa32226a50eb5b895038e89030ca4ad49018d4a12c2243842ab59a","size":105,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-05T23:58:53.90643Z","times_seen":272,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6fd3f85e638d077f140665d20eac5988","sha1":"3e29a1ab48f0e7400d99302b8720fe9a0a17368c","sha256":"1d218a0bfb831cd1a20c78d2a9bf2e855f335bd8db32d16cd7dab848546b22d4","sha512":"aa2a2817806b48c210eda289940e033dc5c0ca902c6e0ebd74f26e4fc8380d09528b723fa79385c7db10af2de3785c533950c6b90e269387dee46ce3951d1673","ssdeep":"","tlshash":"54b012c431c362c1ae3622b554fb9dc6507c9c5034868fc4800cc860383333052b79dc","size":101,"data":"","first_seen":"2025-06-25T19:25:28.041449Z","last_seen":"2026-04-06T00:47:51.41675Z","times_seen":398,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"13e21ae9f2b4d9b3dd174b38f3583324","sha1":"9143589920093f4d3f318e12fb6a1444a7952da9","sha256":"241fe472804ba0c4557d3be1082bae7b3dd9ecb2e72fce090f071e929fce6954","sha512":"81dfb4faad97e8bdf8f58f4c2859b21592350ef4d0ae7e3bc469a61ce17c17527ba10603adfa8262d399b305c7f9938afd1e6bbfed185fc6bfc8ad9da4dd6697","ssdeep":"","tlshash":"c6b012d8b2c36181aa32327540fb59c55038a85030844b40800cc1602873020813b5ac","size":88,"data":"","first_seen":"2024-11-30T23:22:58.565275Z","last_seen":"2026-02-15T13:16:14.226775Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e69d079ffc44dcbf0c4c4530ce3d207a","sha1":"1bae6b3b6dab579559e25bc52c3ac9b0f11797e1","sha256":"3300465855ceb3bfb8cb4616d583365e1b9f9bc27719dd4c45de385c5921c76d","sha512":"31d9b03efd72bea0db9baadaeecf022dd81829189ada51ee603ccee18d545530f6afc9a5c12b1724078f81f438aa3f7d9226fa107e235a7b998cfe60fd6aeacb","ssdeep":"","tlshash":"ddb092d521c26296a672227940abb98650389c9134859a44400c9860a867020812b9a8","size":102,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.423685Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/chunk-common.538ce4f2.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9487ea477e6d4ce292b9dd170aafb9ec","sha1":"6268bc34457fb7615ad991aa5ae174d1a55948f1","sha256":"65e3227c212a0090405fa60328b71e3a3d89691f8d712c8c47d269a3a06bb029","sha512":"fc03a5dc7f7d8951dcff4cc9452a001322ef4b0cc4cea1ee11537b9785ed1331f9ae82192c32f629dea54a435e30aac4cd3069db2155e69a75bdda8911bbecc4","ssdeep":"6144:C/fK3iHcD7EEv5e3hbUh2RonzU0n6lkbUBz+XRf32SOb8P8V853FnTIWDtN674Yg:C/OEq5e3JUh2RoT8+W2HnTxtQkYcAk","tlshash":"38c4f789b5c3f0a902f781e9d03f5216f23a2949340dd814f62acdd67d69d8a8137f7a","size":563652,"data":"","first_seen":"2025-11-26T01:35:43.528614Z","last_seen":"2025-11-26T09:58:32.173133Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6c06bc796a6510b5728df402a51e1da3","sha1":"df9ba098ffe1d271273f0bf4126bfbc96c43c64c","sha256":"7b0b96041ec290feed9793d2aa5a7ef6d866807c8ea413ee79015ea4eafec660","sha512":"38b9a7c7151eb1f885700cc8bd437457769d8923164331f674035eb9f2379d398897cb5bda0756d5cd7a393faea59f55ef1a1aa5728c4a4adf0872f0c2d8a713","ssdeep":"","tlshash":"40b012c632c36551a632337540efd9c95038ac5030c557504018c470283342151775dc","size":91,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.414121Z","times_seen":465,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"5370edda0152ef086af046e64102d6b8","sha1":"486fa807e4e39db4cd04e2061cc7ea5d55fa0532","sha256":"b787d4e3a63b742abdfe629b2fc1dabeb386278969c366cfbdf0de710c5af683","sha512":"2eacd6bd17b97ef767febf31c4348abdbf7dc45650b4e60604e990036f7ce9072f99bb43acdb77e3c50b634ac9170dca5a2c43e08281add5fedbef5af356eef5","ssdeep":"","tlshash":"b0b012c431c37182b67322f540eb5ac5507ddca130848f408018c4602c37024513759c","size":92,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-06T00:47:51.468345Z","times_seen":372,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"53f604961ea5180f274b7c59722ed457","sha1":"daf25a6c511b031cfeffac3706b22e184a7c79ba","sha256":"984833b424db77f01bb646a07aa17ea8da217d31fc5c92d04579b7908d7f09a8","sha512":"2d98db6a543b3df5d3b6a780cbf1f53372bffa0a23faf4fec62867655852ac819f3d4dfbc9e8644f82be714e165dcd7be62f1f455b2b9c4b146331bdbcf8cadc","ssdeep":"","tlshash":"38b0928535cb6141a632226640eb5a895038d85030c64a849018c0912c32028417659a","size":98,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-05T23:58:53.904734Z","times_seen":299,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/app.357e4b51.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6cdf96fdedbf5588e1a352f038e77917","sha1":"eaf4ba173caf0981dcff80062e1566cfab9f8fd4","sha256":"346bdbef8c5958a684fd8f48cc81c1f540a7bcb690439adff566c1745955142a","sha512":"cc7750563496a0e38e1d0434252e43e470ea3e17bbd9ed6ef0477d139451ca672370613967d731c128559e4f7dce56264973151677a5037a9536e3800ca2bfd4","ssdeep":"12288:sfrN1eLxN71/ZoL2xhohfRWA6pxkt+qJE5JouKOjwu//tcIU:sTjeLxN71xoaxhohfRWO0HlK2//tcIU","tlshash":"37056d4471d0f0dd06e791a9902f6505f2fb2d5ca8198840b7b5cce8edaaead5336f38","size":864445,"data":"","first_seen":"2025-11-26T01:35:43.558965Z","last_seen":"2025-11-26T09:58:32.162607Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7530aa0b7587e627484c49fdf8f13f2","sha1":"b987dc0cc6cfcdc2e34499375f505470c5adb891","sha256":"e87e550794322e574a1fda0c1549a3c70dae5a93d9113417a429016838eab8cb","sha512":"04d6914276096223d2a871c36f9f01d3268f7c2bbe5a076cf06a7f814df792a06d80d4b8b523c7b8689bca87aa315fd326548a75ae855f3a04c981a34defaf5c","ssdeep":"1536:dLkw5M8eKEsqi5xpg+n1sPMecC9JmgxBQSFkkZQRlNM7IgeXzh:dLUtZSpg+aZmabZQz9","tlshash":"121457b46ba71cde0a7ef49b00172d838d981b67117fd1e8f24aada62d70702ceb1574","size":198689,"data":"","first_seen":"2023-03-08T20:20:59Z","last_seen":"2026-04-06T08:31:45.791201Z","times_seen":4577,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6b0ea86965dd8b216a1142e35f250abd","sha1":"df92f60c69f781dafea2099b7ffe3432fec2523f","sha256":"7977939fe208573d8f631ff3eae2e48d5465385790a32495c018b9e5663ff46b","sha512":"856620118f49263075737bda807a95acf295cde052a4cd0e97e0793a151bf7b4d11501756c9ad01c75418b070e47ed1a21c5aa54beb8742474049fa1e54f833d","ssdeep":"","tlshash":"76b012c431c7b3d5b632227960ffd9d6e038f85030c44f884018d2612c3b024513b6ac","size":103,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.407914Z","times_seen":461,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/plugin.bcfad891.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9085588285617e81fe050911a98d65b1","sha1":"e3a932474be7ad6ffa201b029ef4e8f4a6426320","sha256":"5274960ad12303c24c703cff0512772b536c80f66d834f60c936ba130b927b89","sha512":"143cbc1a36973851a6493114ae8d76f513060b836d6e1280096790bc9423a2cb47b299527dc63927d60b5a02c83615efe212028dfab177db6c07deb6dd7dee33","ssdeep":"6144:Vnbg3TbPKQQDLVQbWC2zhDetWxzU+gcDLTirqGKAbCPfvaHcqiQUd+wa8Ar4gWDE:YbPKQQDLVQb72zhD3zirqGKAbCPaHcqn","tlshash":"b8843a49f5c9f86b07b361b1602f6009b3ba1b48e409d8e0fe75d6e94ab4d486323f5d","size":379019,"data":"","first_seen":"2025-11-10T12:55:36.439587Z","last_seen":"2025-12-03T21:30:25.088572Z","times_seen":246,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6746964747891ac9e193a92e22f309f0","sha1":"eaa6cb727ee1bd5fff77d52591b9fbb79ce149df","sha256":"7ab8649e0772f1891b2702e242ea2ec5ed60474b6c52a1f56708a6d2b920fb3c","sha512":"c79d725b4cb76fdc505565517940bbe04ea2601ec516e16b92a8d163dd5c8c3ffedaf639ad3347cc2f3127fee647742a29cc3ac2c1d582a13499aac8986d4d44","ssdeep":"","tlshash":"f2b012da31c37191f636237640ebd9c5613898d0348c8b80a08cc0622873130917b59d","size":97,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.43142Z","times_seen":461,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c9f505a68375708efab8293e84c2ec47","sha1":"7b98d25eab5a14be7a7bcbc7d061ab1770b11bbb","sha256":"6d6f4360e780d46319409107e301dd9130869a3df29ea83ce536bb642943d421","sha512":"8d46aa3812a81f30309c0a8aec7f6b68263e2106c038828989d60741638cf0cb10a14c466a7c7a37fedc505261e1b759cc669ca8de6bdcf1099144223c59acd4","ssdeep":"","tlshash":"d8b012c935cb6143bb722276a0eb9dca503cc8a030841b80520dec902873020417ba9d","size":96,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-03-28T15:35:25.949782Z","times_seen":119,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1ca0d847d1e5370dd7cdb499c147cb77","sha1":"92f3915f60a2e2b61d246c9dbf8aac5b81f80bab","sha256":"75b0efcd072c8bc0fbddbc65aa1356806c2dd665a32c935de25f3059f8f69796","sha512":"883860383c7451d6de93fe43175367872631eb77c18da9f9f97b1875d02c28d7fbf73cdd39d3b4e20d4e93703aebde4d1f69665c23283a1a87ff367f833055b4","ssdeep":"","tlshash":"2db012c931c362c1f633237964eb59c75038985034868b809049c9612833061427769c","size":94,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.455421Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4aa5f02d21d1148a5759c49efd990b4c","sha1":"481b598e0654b72b4ab2174adf269a25837f5cd9","sha256":"0fe2dd36337306a04f7da5ca9afe0db88dd0b1eb867d5a91e994e731b4b10c8a","sha512":"6c1a1e32dfad3181d8c6772ec4f46d5161a635ccd4758b9532a0e93fec295435530f8c88a908c8613c08a8c473ca19bff412e1d26ef2d12ed5b32dbc2db62dba","ssdeep":"","tlshash":"0c9002aa31c66100e77322a4905f1888d17494e1289559c45058e4922c65078531685c","size":57,"data":"","first_seen":"2024-11-30T23:22:58.403434Z","last_seen":"2026-03-08T12:41:02.761954Z","times_seen":68,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8d2539a74b6b270008a79bb95c6c8190","sha1":"4d7cd043d9c563e77d4014e3bc7a2496945fd2c3","sha256":"28f3a403938a52ab4138e9693afd64ec7875e3a7c248c3065bb877c89bd96cf1","sha512":"886eb3afdd4eccdfd94bfaa8e0f82e83244ab2548d839d596388e9df1cd388fe33a3e6dc99756be4a41ccf5c2af6f743d2ac0a4c5e504fede74e0335a7c66724","ssdeep":"","tlshash":"9c1132bf1142d3f21ab2249a204bd2a0a1ae3801047ccc40478ac6e52c32d165219e6c","size":1000,"data":"","first_seen":"2025-11-26T01:35:43.650515Z","last_seen":"2025-11-26T01:57:19.448401Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"408f08a3969dc511b5fc17ce2b2b9b91","sha1":"ccfb56aa8c6973b46a5567867c709c9f9bfadcab","sha256":"56be6cb4a2793f3462156a15d064edb9a0a0d9c987d7c846e5ed795e22734362","sha512":"40c983385299712a032b1c26c128d5263f3c135c7ba58fc559f07fbfa2774459355f6ec7c4e9533ee98f35eac079e87e5066e9f4d13c1810bbbfaac9632d490c","ssdeep":"","tlshash":"97b012c4b2c762a3aaf2327e44eb59c550789cd034844f404008c0b0283342081375ec","size":95,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-05T23:58:53.826783Z","times_seen":288,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a7fb4e0a6f14d0811244dfc49faecd62","sha1":"bc78b064b9df6de568a3f5d405e5f0225cce3625","sha256":"1ca9a7d1a35a316613f80a3a3f08bd284b5176a83888ad04a9958eb0eb4de4a9","sha512":"7cbc99ed95f802b511c13f87f696da4970c308da78043c7dbd355bed19894f88ba11d74467a908d437a58c7053b62d395b42b6528d14b06a84d6b2fd6561b4ce","ssdeep":"","tlshash":"16b012c431d763e1aa7222b588ef59c59038dc5030ca5b446008c5623cf7428413759c","size":98,"data":"","first_seen":"2023-06-18T16:31:31Z","last_seen":"2026-04-06T00:47:51.404381Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/DownloadPopup.3ae3a1e9.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7cf01deb2ff3ce4ebd35f7a406065cae","sha1":"858ebc1c8d680b2e8e051d39442331e4f3962f1c","sha256":"a8ba7ccc1327b1e57e5f18c76d5dc6fc84a225ea965f0726fe3126a0175767e7","sha512":"5d6049c9ec16972458360197f67f21c9b13e3c33a6fa28c926c9e609d1cee705f48811c49c1a1695469d93ef01266e612241edd8b2163e578bcb8024c953917c","ssdeep":"192:TNCKKa5VioaVlpnDq3CJFAFf684eQuWbjNCGedIgbmQ1vr1s8txrtDfia2VAXVad:TgCH6+3CJFKy8eMBRtxrwPVAXVY7/ZD","tlshash":"d472f609f662a0bc44d901ba943f4a05fa241e4ca434ac15767dfcedf8d1fad5339a3a","size":16246,"data":"","first_seen":"2025-11-02T10:05:17.026482Z","last_seen":"2026-01-06T05:38:19.689561Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7ce68776c92f0d1fc09e9e8518df5553","sha1":"41d11358928a7ee993b17418ab09fa1324f342d9","sha256":"9f3e9e7fdbd361599987a374955146856ddc5a7e36b480e8fddfe658db4bb613","sha512":"fa20e4ef517aa18ec19b123eb257e1e140ec51534da4d5afc155ab25a410eb7f22043b972c689b933e1c1f3c2f57bc2a91ad4177a75d97e478433b9c0d9b02e9","ssdeep":"","tlshash":"a7b012d431c36181a672227550eb59cd90389c503084cf80500cd0612c73020813b69c","size":91,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-06T00:47:51.459666Z","times_seen":460,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"277a71c1be406bef6aeccc69f17f4295","sha1":"5642b64d8247e3cf151ee65f80805fc4bd2c0fe9","sha256":"fa0be62aa5191b6399ac1c18bead8fbe583bab421bed57811b4fc05ac537102f","sha512":"f8c6f287a041bc9473a0ed1716af0394e4e01e3ff22346591b3960ef9ddb46714e7b507916ccce350ea2dceb6e91789a4b40f817c7f6a92dcff543b302761339","ssdeep":"","tlshash":"a0b012c531c3b1c2ba33237544eb99c99038d85030865b808018d0e02c3302441375ed","size":93,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-03-25T21:39:57.393219Z","times_seen":102,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"c933a4e10fc1c9ad35c0b15333fb24f2","sha1":"6573f0f7c4a6512b0cfefc44492ad9adfa67d684","sha256":"3fbd8ca9177f8abeca2f2149cdf3027b803dd59b4f8a78cd2ef53ddb4113e503","sha512":"2ad9e3340b79128baff2b16365423b448692ad930b89e7b9e512d75e890b311c5a0e0ca47f6bfdf7c44171b7b96ae9e673a9b08fa3af4fdd1c42546491f76623","ssdeep":"","tlshash":"7bb012d431c76145ae32337d50fbe9ce5038dc5030c51740d01cc060283342441375dc","size":94,"data":"","first_seen":"2025-06-25T19:25:27.958825Z","last_seen":"2026-04-06T00:47:51.45664Z","times_seen":394,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a7d7798b0713493ea35587ef3903873b","sha1":"41fbbfaa3f4e95d90823de9ded4f07007efe5dc1","sha256":"980f9afeb5e61bdd69001e2f5152edcea29696e66632b974244f755f5d7063b3","sha512":"5d164c719b156a0d779cfe2e053fb8b58d16d8f20b5f310fd52f9a6cc609ef107bcc30081e446d79d8e37437183c84b1b9144bd8dcdb85b20b4bf9a51e2332c0","ssdeep":"","tlshash":"64b012c431c77142a773337544fbaac65038a85030c407448038d9623833020613bbdd","size":102,"data":"","first_seen":"2023-06-18T16:31:33Z","last_seen":"2026-04-05T23:58:53.840746Z","times_seen":338,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d328736d8813402964b4a586450631fc","sha1":"8da51154ab7de73ff8f4ce44ea21687588af85f4","sha256":"00ac9bfe4a06a1decfb77d2c50da1d2cfa466d1402c29e36ebacbe3c51c0ba31","sha512":"71d65cedb6913b6f8cf654d4763f2f114eb54d9bf1ea20400f87a0560b0dde696e907f94333e36afdff12081cde592a88ea3642a23b14091dff7b617c7778fc7","ssdeep":"","tlshash":"d4b012d531c37182a633237684ef99c55478e8d030848b80901cc0612837020813b59d","size":95,"data":"","first_seen":"2023-06-18T16:31:34Z","last_seen":"2026-04-06T00:47:51.422161Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/notification.34e88a01.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ed6658efa63b7eef905c369ae52b0923","sha1":"3142d14a4ccc36e475725d4b602f404573fcb170","sha256":"08f037b274496c341691f29f039ed043fc7fba8b57c93cb8d8729a7556acda4d","sha512":"128009b611a9785ddd19a0438c26ae90ec6ac579db4fa7c707b377a5bfc03324ec54a3b86bc787a4b3736e449ef0c17d3dbb4b4f1710db268f3bb4752648e9bf","ssdeep":"6144:9DiQHHdTj87yT2CsLl5ryCnWkQt6ReLLFwvTzYQB7xPucRasg/mPc:jHd8OT2HLl5ryCnWkFOwfBlJgD","tlshash":"4b54e741b0e0e06c55ea9165e42f0505b3b62e5ce408641cb7edcceabfadd4d622ef39","size":304673,"data":"","first_seen":"2025-11-25T06:42:06.113522Z","last_seen":"2025-11-28T17:01:20.441188Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-06T10:09:03.453139Z","times_seen":81444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3d6cd94c8ef1422550cc1b82330a053b","sha1":"c1059c1373055e10993aa468eb0bffd20fa11ec3","sha256":"5696af26bb20acbcf205ba1b0de16bac7044184a1e6020bba19c4e37ade8bd97","sha512":"bd8946bf95e95bc41e7934b64664fbd2169d36fd0310a2e7046dd5140a38cd85423cd1fb1d71def7a933e1ab4ac584b9158f366d36dcac10995c98bcfd8553a2","ssdeep":"","tlshash":"f8b012d431c36141a672337650eb59cd90389c5030848b805018d0612c73020413b6dc","size":91,"data":"","first_seen":"2023-06-18T16:31:32Z","last_seen":"2026-04-05T23:58:53.845023Z","times_seen":408,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"507c0bffbf3a4491486490cb23b36478","sha1":"e5581faae28d42bcec80050e8a0476f5be627c50","sha256":"14c830ae01f46dfecdf4f67793b367bcbea21821f5a577fcccb622b6148cd9b7","sha512":"04da4ea7d6024518b9510f6d3a66fdedb6ad651865bce5ff1cc2a6e79577e2df4889cfe61f0e3f5d4c3284344c2ad3a6331e8c07c3a66cbab8c309424dce792c","ssdeep":"","tlshash":"adb012c535c3b1c5ab33337d40efa9c550389c50308d4b404018c060383302081375dc","size":94,"data":"","first_seen":"2024-07-26T23:36:04Z","last_seen":"2026-04-06T00:47:51.4509Z","times_seen":435,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"88b51694da2ce0d3aaae8b28052add15","sha1":"2ff0890fca1738be793c10d6424a7b3ef956598d","sha256":"d184e98312087697cee68d62d0923181f85864c011c0e4cbeb16dad538123af9","sha512":"fa35b8ecad07a8504d24eeaa7fabf56a466350b23309d9f0dcdee9fa6830b9a4a24bb11f2f7be5caf3c893351c5233edbbb56e1e7ce622e7beecc336084ec208","ssdeep":"","tlshash":"b1b012c631c3a1c1aaf2337d64fb69cb50389c903484cb849058d560383306052779dc","size":102,"data":"","first_seen":"2025-09-20T10:40:47.522766Z","last_seen":"2026-04-06T00:47:51.398185Z","times_seen":295,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"31676190637fe7c913810dccec98452b","sha1":"7337a522fffbd77e88719892e4439f2af2e35a9c","sha256":"d15f740a342e8e86c12e2649fd66589dba2e9d04631ad5ef89e75a9c872d71f6","sha512":"5b25fe58b2727a1660a241d8757c2cea03fe711d247dffd02aed93129e0bc90f482efd1af0baef36ab7664d88d75c80c8fc1ad4438700edc6528585b5bcfa1fa","ssdeep":"","tlshash":"0da0029e31c66100977322a5416f298cd1f899e539855a904058f4a26c6907c532785c","size":60,"data":"","first_seen":"2024-07-26T23:35:58Z","last_seen":"2026-04-06T00:47:51.439549Z","times_seen":218,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"42dbc88c48d3503fe528428611131d6b","sha1":"f741a0b1134028445ef3fdb72c1ad055dd69b808","sha256":"51f50131e40da7fd7e872fa45aec14465a7ecfe3acc5ba9ddfea5709a560dd92","sha512":"07c856d0e0872558bd90f19ff47a02588f52578a016ccb21a01bcaddaea53b6ebb839767ced604ca1847d18174f9cc5272f4c6a40e197cd1aeaa470c3f26cacc","ssdeep":"","tlshash":"f7b012c431c77182a632337940ef5dc5903c9c90748447405018c0602cb3420823fdde","size":98,"data":"","first_seen":"2025-06-20T02:18:28.014791Z","last_seen":"2026-04-06T00:47:51.448445Z","times_seen":407,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/28.0a671736.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c59262b29c5a57e8495c2125faa5ba7c","sha1":"02f14f387fcc9a111dbe2fe9f01d6a05064be0a2","sha256":"3960f282b9f53d7c9081b1c34dee097a5b8de7fee141c33c122ed36fdee99c5d","sha512":"7b5fbe1e1602542440482182ffb97373277074ef77cf32a49fa161655c8999271aefe8b33263181e8b51a908369fb0f213b402b08b4df2d3fe33c2722c50b0bc","ssdeep":"3072:S2amaMyyYi+qpmLW6N+u0O6sdXIBq6CcTki0nsocnt9IIgmqus33yQb1OVShcQAp:gXtsp","tlshash":"33141a910a7de40ab4cdd52e1b8eae647cee51051a018cc16fb208ee4d5f7a5e370b7e","size":193193,"data":"","first_seen":"2025-11-25T06:42:06.087698Z","last_seen":"2025-11-27T02:13:57.703171Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/LazyLoadImage.3093c242.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2dd10ee5acba3bde7596fa466b3b9a8e","sha1":"7662018d8b238120d859a11f61da6ef6fce9e322","sha256":"87325e0052eaedb5bdc873c9a4bfe31d64842ba064251a532fffa42607812224","sha512":"6e4d5163e2bb568ddb7d9a63319154f44056901bad2433eafaa0f78735c68ac37439bc2d27f7db99519578d304bf27f9396eaeff5d6b7c9e1e1fdebb1b368183","ssdeep":"768:8sHcP/CYMojLOWXf8vKzXkfHN0FFzzzdL9h/ev:8qYfkPIvT4","tlshash":"b9e2958476a2f07442d7516a803f5507f279693e946da080f372d8f06efa59e8633f3a","size":31852,"data":"","first_seen":"2025-11-02T10:05:16.979166Z","last_seen":"2026-01-13T10:36:26.548743Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"07e9654fe3ee7ade161c3f8afe8a8f27","sha1":"33f88e78f9908ac967061c7d02dd2c8f99a23a74","sha256":"8658eb83e99a923621bbe670844c8c8f40c1386dc64b6fbc49ca4903b4e16897","sha512":"e83622783a1b60dc6ab74eed5d0df6609cc08096072eee8cc8013ece9ae4b071f667ac0521fd87b027002df3ac0957d29467e4a0043072e92b69882906bf19ca","ssdeep":"","tlshash":"9bb01207ad0ac0c540011c84dbf0d438e03890548188ccac42883c5b41427c48c01254","size":93,"data":"","first_seen":"2025-11-26T01:35:43.657495Z","last_seen":"2025-11-26T01:35:43.657495Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/css/chunk-common.047ebad9.css","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/css/chunk-common.047ebad9.css HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: AliyunOSS\r\ndate: Mon, 10 Nov 2025 08:27:28 GMT\r\nx-oss-server-time: 7\r\ncontent-encoding: gzip\r\nx-oss-request-id: 6911A1F089FDF53739E6B8E9\r\nlast-modified: Mon, 10 Nov 2025 08:26:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15301035701198459371\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=15552000\r\ncontent-md5: kuhLBjVJMHRRHJR6J/nD0w==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: wzQuzGZaEhLNBvBzsuGnRz1AiawKbEQLbfP4f5ObO2hnpZpirtT5Tw==\r\nage: 1357653\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":3567,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3567), with no line terminators","md5":"92e84b0635493074511c947a27f9c3d3","sha1":"1063727a5ae72bb23c46dad693b4b45828e2a74a","sha256":"85172738795fe7c2d724963c00cddb49256a70767071cea32d1729b809702ffe","sha512":"9ee606d5139307b4a204d111caf4297943a1894038526b59e9c0a4bd5a034fd328cdfc85edc24dd76732407f80e93aafa317fa53d85471a7dc45c23f4a72a854","ssdeep":"","tlshash":"e2710de5d50814ed7333c902a385b298ad92f5b2d8e04e67f01f562c8ff2655a291f39","first_seen":"2025-08-28T20:02:37.799245Z","last_seen":"2026-04-06T07:34:33.895604Z","times_seen":1504,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/wsd-images-prod/bm39mmkf7/fe_setting/desktop_app_logo/desktop_app_logo_192x192_bm39mmkf7_20251126020528.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /wsd-images-prod/bm39mmkf7/fe_setting/desktop_app_logo/desktop_app_logo_192x192_bm39mmkf7_20251126020528.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: image/webp\r\ncontent-length: 17898\r\ncf-ray: 9a45a596df2b2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=18671\r\ncontent-disposition: inline; filename=\"desktop_app_logo_192x192_bm39mmkf7_20251126020528.webp\"\r\netag: \"6925efea-48ef\"\r\nexpires: Tue, 02 Dec 2025 18:07:27 GMT\r\nlast-modified: Tue, 25 Nov 2025 18:05:30 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 4489\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17898,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b0aa400c626dcf2d0ffa3f844ed5b039","sha1":"56199638f40bf91cfaebac3e9ddd9b8c6ef52f39","sha256":"ae1569540fa9ce1aee1381d1e3d0b6de6f4391829071fdb61cb9c25baa55bf90","sha512":"a2774849acb2710cde378ddb726b7bfa24414ec5ce9919c709b0805959a4870b1fa5134b4483680ff91f7e155a1950bba6880a9660dbd89ab782d3837c3fde0e","ssdeep":"384:Jkvf3Ti778sNbSaCzLB9YanzDHjFJ8Fo0eNMLJJCftQ:M678sZStLB9YazTj8FobMLj","tlshash":"ff82c0898c7195a5d09023f22d3b4b4bc2aa1a1efab92b7f1bd2f5115008837b157dc7","first_seen":"2025-11-26T01:35:43.491457Z","last_seen":"2025-11-26T09:58:32.166678Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/JL-COLOR.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/JL-COLOR.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 21754\r\ncf-ray: 9a45a58fff412efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=24483\r\ncontent-disposition: inline; filename=\"JL-COLOR.webp\"\r\netag: \"691bcda4-5fa3\"\r\nexpires: Fri, 28 Nov 2025 20:42:28 GMT\r\nlast-modified: Tue, 18 Nov 2025 01:36:36 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 327817\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21754,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ab92f739a999e3f89b4fb35bc7bbcf50","sha1":"41452688535d81888756fc7526b0aa9a2fb00d75","sha256":"a26ffc72c7feaef1c4bdd436b17c54a1778823a36446941167283add6cf5c024","sha512":"bc0caae7000ac3ca40c587fbae4e2b10a2e22ce65cb5da6e4e0dd950c8ac1667fcf29674fef34e8db163fc8a03db0ab9b2b40b01562d0ba206ba54e15e04d3c3","ssdeep":"384:IXvxlvksg69/H3pr/brA+Lxfjf4B2oF2klcPWgTygWoaC8oorTdQU:sl/gOH3/Lx7fDVke7H8VN","tlshash":"5ba2e1aadc186e9616a3b40a730dee45d923b83570ea73231a4accd142075fe16d9c3b","first_seen":"2025-11-19T09:39:50.471907Z","last_seen":"2025-11-30T14:48:07.29381Z","times_seen":34,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/asset-manifest.json?t=1764120901459","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.462Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/asset-manifest.json?t=1764120901459 HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-18d7\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Thu, 27 Nov 2025 01:35:01 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cze%2FdXoNbWkha0MsUS9BHq%2FBUT7LPDM0%2BRd1EM3Mm5KoDcBy4oT84UJZiXEvG2ayLF%2Fk4ltosz%2FYmMvvtGvymScYGF48HArSVPPzQqg%3D\"}]}\r\ncf-ray: 9a45a5922eda4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6359,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8771aca20e67cbc84fec1f55b288ef1f","sha1":"fc9ef3221a22d7598a51c565b01fc4dafca8476f","sha256":"e72bd5cdef3638cde48aa461425f2e5c2fdb1d6e27cb075566e0a496adeb051d","sha512":"9f81b6d778c9f41e591110ac58c6e2135bd837d9eb2ecfefbda8cf505359ba224974625f278b028766f960a97cc90e273df2cd8af8c1004e7732e54100073e74","ssdeep":"96:tybYPfNbiht8Y+qMZoX567AWHJ15RHm574ZnUkeegg2zMNYLi+iM+in/limRqa:Ib6C+NlT5Rs+nUkxH2zji+iM+WNd","tlshash":"e7d156d896452ce3b2c42ee568874cd910fc5b5382b4741957bfaa41e4ae82f5bf340f","first_seen":"2025-11-26T01:35:43.49292Z","last_seen":"2025-11-26T09:58:32.176097Z","times_seen":2,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets-cdn.salesmartly.com/prod/project/g13cr8l/p1/integration/plugin/image/20250924/1758702474369/image_1758702474369_9a48c7f30c7d8fd10459e3e7cd9.png?x-oss-process=image/resize,m_fill,h_120,w_120","fqdn":"assets-cdn.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.25","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /prod/project/g13cr8l/p1/integration/plugin/image/20250924/1758702474369/image_1758702474369_9a48c7f30c7d8fd10459e3e7cd9.png?x-oss-process=image/resize,m_fill,h_120,w_120 HTTP/1.1\r\nHost: assets-cdn.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 18753\r\nserver: AliyunOSS\r\ndate: Tue, 04 Nov 2025 05:38:11 GMT\r\nx-oss-server-time: 102\r\nx-oss-request-id: 69099143E7A3CA35331985FE\r\netag: \"A82EEDB1D7E6578752DF419CCB0EF8D2\"\r\nlast-modified: Wed, 24 Sep 2025 08:27:57 GMT\r\nx-oss-object-type: Normal\r\nx-oss-storage-class: Standard\r\nx-oss-hash-crc64ecma: 17552913403920926331\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: vf0MpU-rde0ZgN2DaRiNO8oNkKXJwJIxpx2hNkC3MIUfL914T7ayDA==\r\nage: 1886211\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":18753,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"21a711bf27e38f415b41dc7810900b23","sha1":"3e3ab2289a6cd237a31cba922f14aec8ee110e65","sha256":"bc136d235ab9492ad86b24049af8fb62ddca8cbb99ab848a1df5258b5af941ff","sha512":"204d3e84fe9c7020de4c43cf898fa151ad63a1931c7161e6ec3c02efa7e8960f3ebe85facc1e421a9c6cb0d7b84b488072c6bd8b6ffa779236e1049d97033673","ssdeep":"192:986WkiuC9mjrP/vzaj3XPNJRqw0zsxwveSfKmA9uwsrf44eQjGMxcBfgN2fAp3kL:9nhi4+zz30tveSfeUwsrTtxcB23chH","tlshash":"d082bf57953672abefa9709ddbdb7033a0341402625815f5023f8f5addaa2ca9e38806","first_seen":"2025-11-09T08:42:38.576298Z","last_seen":"2026-01-02T05:36:01.944826Z","times_seen":16,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":94,"dns":77,"connect":1,"send":0,"wait":3,"receive":1,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"srz.salesmartly.com/client/log/log?plugin_sign=56a89c4a9814594bfa506dd0a9f8a067\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902489\u0026_lt=\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062","fqdn":"srz.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srz.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 10:01:00 GMT","end":"Mon, 16 Feb 2026 11:00:57 GMT"},"fingerprint":{"sha1":"B8:7F:BA:F0:14:CB:9A:7C:67:EE:76:AF:D3:02:5A:DB:ED:46:9C:93","sha256":"0D:ED:10:48:B0:E0:8F:D2:F3:8C:32:C0:0A:BB:D5:A0:3F:A4:73:D4:F0:61:65:6F:56:6E:F3:BF:0E:85:79:81"}}},"request":{"raw":"POST /client/log/log?plugin_sign=56a89c4a9814594bfa506dd0a9f8a067\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902489\u0026_lt=\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062 HTTP/1.1\r\nHost: srz.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 835\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":835,"data":"log_type=CHAT_MSG\u0026data=0qH8PTXG1nmb1nohMhHGl2cEI3Fqyh8htTV8rCyiyQV%2F1Ncb1nmvrN%2BvsVzVfGHWfhypyGcW19X%2FyAKhyh8hrQjWtazErdyiyhypyQrpPStbfQXQyAKhyh8hfQzWPXz40NYVyAK9BdH9rNH51nz%2FyAKhtAO%2FlAR%2FIeO%2FlXFjI5sqI5s5l2Rkl2Omyh8hP3u%2FrSX%2Br9DhMhHVPhaXDqypyGXqPdyiyQ%2B4tTY5MhFWtStSBQHwl5vkBQIWPCzwB9%2BWPnD7snrQ1njEsNcVo9zvr2a8fQz%2BrTl8lCrA1nozt5c413vjs2OqrAH8l2uVr2l4M344fQv4yh8htnOhMhHIPSEEP3j%2BB5D%2Fld6KX9V%2Fr3zSfqYMXd6jldk8MqYN1nk9IepR0es4MqYqtAKjl5o%2FldvRc9XA19FWlA6jle6jleORcQVqrnrW0dFjl5o%2Fld6hBdHpP9tbr3u4sCyi0qHvsVrVfGIEP9khMAOpyQXk1NI41nmGXQXqf9VWPhyiyhypyQXqfQzqyAKh0a8hPnX5f9uGrX8hMV8hoCYwtNc%2Bt3VWPhYWf3XqsNcEP9kRt9u5y3u4t3XwfTcVrdYWPhY%2By3c%2Bt3uhsNIVyTcKsNoRr3Vvy3mWtdY%2BP3jWtqYwtNc%2Bt3VWPGl%2FNdHzyh8hfScWfQXMsnaVfqyinSphPQuwrCyiyGI%2BP3X5Pnuqt3jmNSYbr5O412cWlVzp1NI4yh8h19XmD3u41dyiyQVvyGatbN4%3D\u0026base_encode=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9a45a5989d128deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"77e652f404f47086bb49598b43b92d9a","sha1":"9b4981aa40e98879d7f2efda3261e0f0c76a0d78","sha256":"052a4866127cab399192f6179141e92ce42742a7c09ccf7a0ffba2f0583869b5","sha512":"70e55dcdfca4754735386a3074c028d1047fce9b9d946cc84c2ea59d57799ffdc8071abc4c62142e2a1c319a948ad71eb696e0892bcaf1ce41f4616026a6bb63","ssdeep":"","tlshash":"bf900433341cc3470d05504f50053715d0f410500f104751ccfc0314430c4d57143410","first_seen":"2023-08-03T19:40:41Z","last_seen":"2026-04-06T07:34:33.690617Z","times_seen":1639,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"srz.salesmartly.com/client/station/log?plugin_sign=c3434568583db3dfdb727e988397f759\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120903246\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062","fqdn":"srz.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:03.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srz.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 10:01:00 GMT","end":"Mon, 16 Feb 2026 11:00:57 GMT"},"fingerprint":{"sha1":"B8:7F:BA:F0:14:CB:9A:7C:67:EE:76:AF:D3:02:5A:DB:ED:46:9C:93","sha256":"0D:ED:10:48:B0:E0:8F:D2:F3:8C:32:C0:0A:BB:D5:A0:3F:A4:73:D4:F0:61:65:6F:56:6E:F3:BF:0E:85:79:81"}}},"request":{"raw":"POST /client/station/log?plugin_sign=c3434568583db3dfdb727e988397f759\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120903246\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062 HTTP/1.1\r\nHost: srz.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 587\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":587,"data":"data=0qHafQ8hMhHKtTc8f5KWBStStqmhP2lmMdmAP94WPCzKP9aVU9uQrQVp1nu4rDIWr3DzfTHWsnc5leOQs9VvUNf4t3%2BElnOjlQsqfeOjrnD5Ie%2BwITHEIdypyQcWPnuEPhyiyGtStqmhP2lmMdmAP94hBdHasCyiyvaW0QVpP3OWICk8yd%2BN1nmvPSt5yOmDyeO8BA6gyutEPAs4MqYkIAogyTH9MAO5Idk8xCYTrnIZPqFqleO8leO8lCY31NHVrQzkB5O5Idk8yh8hfQXQyAKhyh8hP3u%2FrqyiyQX%2FBXX2yh8hs9%2B%2Btuzaf9XqN9VvyAKhI5uhsnDmIe%2BVs5Rql3ojInsaI2rvs5sSleI%2BleXVr3lhBdH8PTXG1nmb1nohMhHGl2cEI3Fqyh8hsnI41nz%2FyAKhf3uGrXrErNfhBdH4P9wVPhyiyADaMnO4re%2BVs2fmlAySl2D8s2l8Ieo9M2u%2BlQHQs5YAyh8htnVvyAKhlQy5l5DjreXhMnIVsnOmI3saIQyal2XAMnDSs9DmIAshbo%3D%3D\u0026base_encode=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:03 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9a45a59d5a938deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"0812476bc4edc21dbf76f8ac3b4603f6","sha1":"e8b8f9122e8b618d778011c1caf8d58fa436f121","sha256":"53a15873e949f1ca758cd3c749e4fc530fa7dd0020d42f0ab964757d0e41d8b7","sha512":"9810ce17bc9480d28c8ebb05183891550905de26337b47cbb8cfd86c80405488aa35a45f6f0833b5b80bca8dacc763ca5864c9f7661410288afb7ba2e7448169","ssdeep":"","tlshash":"37b01223983c02830e10904d40802a2091d410550b100351c87c8714461885430024e0","first_seen":"2025-11-26T01:35:43.49466Z","last_seen":"2025-11-26T01:35:43.49466Z","times_seen":1,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":210,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/wsd-images-prod/bm39mmkf7/fe_setting/h5_logo/wps_BM39-LOGO_New_%E0%B9%84%E0%B8%9F_20251121224049.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /wsd-images-prod/bm39mmkf7/fe_setting/h5_logo/wps_BM39-LOGO_New_%E0%B9%84%E0%B8%9F_20251121224049.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 178180\r\ncf-ray: 9a45a58ada482efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: status=format_not_supported\r\netag: \"692079f4-2b804\"\r\nexpires: Fri, 28 Nov 2025 14:41:30 GMT\r\nlast-modified: Fri, 21 Nov 2025 14:40:52 GMT\r\ncf-cache-status: HIT\r\nage: 381234\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":178180,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 185, 8-bit colormap, non-interlaced","md5":"6e606ea72f92608e6e6b2b58aca28f42","sha1":"3a4db4d0ac3bb71264385e3d025001665cc9c227","sha256":"3a79abd9c6eabff576dcece4541b9fc7f9f8101a36eafe32f3fd8a52015e1532","sha512":"064d0f5f3dae311efd8d75435ef87c50d7f3aadf36681213cafaac3ab24b3cb062878b809fb87c26c0ae57d7d701f3abdc7db4744cbc80368f0c566083818c37","ssdeep":"3072:dKeJnyCA8UkQ4JQBez5oKuRfFFNgqWauP7nc2af3y9axYWK7o5bOD:dhyCAJl46BeltCfFFNLdyLaf3waxYlCS","tlshash":"93041238b85ccfd2844d174717f4612672212e1617782316b998c6f2aaefdbe2edd138","first_seen":"2025-11-22T16:37:35.873911Z","last_seen":"2026-03-08T20:41:40.095145Z","times_seen":21,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":31,"dns":4,"connect":1,"send":0,"wait":10,"receive":13,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/MCSFE_getListAnnouncements?types=PR\u0026platform=M\u0026category=app_download\u0026ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/MCSFE_getListAnnouncements?types=PR\u0026platform=M\u0026category=app_download\u0026ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: v3pdp8h718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: FREEPLAY3, COMM3\r\nx-elapsed-time: 3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KLultUC10iE7Ljon19omN2VTe2YLIjBIIawmKORTz4DheftlN5BBD8%2F6HwkGlFRERN6W9NoNC4Cb4%2BuVa1Q3FTPtGtqhABuzs2YKKYM%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a58e2afe4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"745b5fbd08e3014be4fc0f0b4797ff59","sha1":"0cbb25b54defc92ccd2839174d6a1c315db807d3","sha256":"5f23ecaa0b566380ea4455b9653b7e7a57a595d05a35c45e7fe2dccb9b60a978","sha512":"5884d21ef141c59bc451dd0baab0be26072960003562b509580f2ad28e84f6be219a76a8d316ed32e2f38fca1b476166b496014c823fc77a55ef5fc7cc92bdd8","ssdeep":"","tlshash":"f6800002200000f3c002220028382e00baac00ab80000088a08c808cae30802208388b","first_seen":"2024-11-30T23:22:57.563348Z","last_seen":"2026-04-05T13:13:38.83841Z","times_seen":192,"resource_available":false,"data":null}},"time_used":485,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/android-btn.86c1f6a2.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/android-btn.86c1f6a2.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 2227\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\netag: \"6925f3e6-8b3\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 19:54:19 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4499\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XpwizNDQGafpl8vJCNNXw%2FhCdPI4ihpmOfCw1QqJRDrRF7rtll18Umm%2FnA8ON1mNNaw1%2BWnqImuC0tOQs2xiRc50OXRbx%2Fc%2F3hk6E1o%3D\"}]}\r\ncf-ray: 9a45a58f9cbc4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2227,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 221 x 66, 8-bit colormap, non-interlaced","md5":"86c1f6a25d2944ae7b6d40bd1e9b663f","sha1":"81fd8e43adf5f040c0361e6e0e5b738dd2981f4f","sha256":"cd71849a58605bba0bb081ff0bdb2871bb6ca25686da397a1155f13f024313ec","sha512":"abbedcf0cf088f3fff287610c6a0c5fc619ec5620298a008bb7f062f714bd83c0261ca15d5917862b73a94c9ee070befc04b93221cede5eb40c385092ac0de87","ssdeep":"","tlshash":"50412cc92ea1dd41d502b63c41879bd0ff9c8c3913b2603d6d72b9989d4a0c9f987a4f","first_seen":"2025-10-05T05:37:15.817377Z","last_seen":"2026-03-08T20:41:40.039425Z","times_seen":38,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/mcs-images/announcement/bm39mmkf7/1763875804283_%E0%B9%81%E0%B8%99%E0%B8%B0%E0%B8%99%E0%B8%B3%E0%B9%80%E0%B8%9E%E0%B8%B7%E0%B9%88%E0%B8%AD%E0%B8%99.webp","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /mcs-images/announcement/bm39mmkf7/1763875804283_%E0%B9%81%E0%B8%99%E0%B8%B0%E0%B8%99%E0%B8%B3%E0%B9%80%E0%B8%9E%E0%B8%B7%E0%B9%88%E0%B8%AD%E0%B8%99.webp HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 149876\r\ncf-ray: 9a45a5935ac82efa-OSL\r\nlast-modified: Sun, 23 Nov 2025 05:30:07 GMT\r\netag: \"69229bdf-24974\"\r\nexpires: Sun, 30 Nov 2025 05:33:37 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 234017\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":149876,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x660, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"830832ba38de9e2a96968bf360966892","sha1":"59323a0f2471fa1e3dbc19b35002efe477cd4c0c","sha256":"3bc73446b3be57a63f02f9dfe3159dc7127cd9b3bb70f2296bf3c6592e44620e","sha512":"e911983e4b2777f4f51bca07a56a323395224ccfcf08b8760c1755ca301174d4182afe448d8a36121ada0a84914ea755a88c585536bf8ee816ee62a710d2fb29","ssdeep":"3072:PELR9P99JLI/zw2oRZxkyvCdDBD2uWC6zX2oWeaLYmQW:oxRLI/29adDBz6zmliml","tlshash":"c4e323b02cc763b952a98bc35fb7c62afc35159c10e915b119ec2ca6e315fb41832add","first_seen":"2025-11-23T08:35:24.203552Z","last_seen":"2025-11-26T09:58:32.125685Z","times_seen":4,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"srz.salesmartly.com/client/station/log?plugin_sign=45eb36969f22650f48a88aec334bbe59\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902026\u0026_lt=\u0026_u=\u0026_xma_=","fqdn":"srz.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srz.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 10:01:00 GMT","end":"Mon, 16 Feb 2026 11:00:57 GMT"},"fingerprint":{"sha1":"B8:7F:BA:F0:14:CB:9A:7C:67:EE:76:AF:D3:02:5A:DB:ED:46:9C:93","sha256":"0D:ED:10:48:B0:E0:8F:D2:F3:8C:32:C0:0A:BB:D5:A0:3F:A4:73:D4:F0:61:65:6F:56:6E:F3:BF:0E:85:79:81"}}},"request":{"raw":"POST /client/station/log?plugin_sign=45eb36969f22650f48a88aec334bbe59\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902026\u0026_lt=\u0026_u=\u0026_xma_= HTTP/1.1\r\nHost: srz.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 425\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":425,"data":"data=0qHafQ8hMhHKtTc8f5KWBStStqmhP2lmMdmAP94WPCzKP9aVU9uQrQVp1nu4rDIWr3DzfTHWsnc5leOQs9VvUNf4t3%2BElnOjlQsqfeOjrnD5Ie%2BwITHEIdypyQcWPnuEPhyiyGtStqmhP2lmMdmAP94hBdHasCyiyvaW0QVpP3OWICk8yd%2BN1nmvPSt5yOmDyeO8BA6gyutEPAs4MqYkIAogyTH9MAO5Idk8xCYTrnIZPqFqleO8leO8lCY31NHVrQzkB5O5Idk8yh8hfQXQyAKhyh8hP3u%2FrqyiyQX%2FBXX2yh8hf3jar9V%2FN9VvyAKhr5O412cWlhypyQuAt3VWPhyiyGY%2Br9Xn1nXSyh8ht3zZrnkhMhyhBdHa1nohMhyhbo%3D%3D\u0026base_encode=1"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\nset-cookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966; expires=Thu, 26-Nov-2026 01:35:02 GMT; Max-Age=31535999; path=/; domain=salesmartly.com; HttpOnly; SameSite=None; Secure\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9a45a5962cce0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"0812476bc4edc21dbf76f8ac3b4603f6","sha1":"e8b8f9122e8b618d778011c1caf8d58fa436f121","sha256":"53a15873e949f1ca758cd3c749e4fc530fa7dd0020d42f0ab964757d0e41d8b7","sha512":"9810ce17bc9480d28c8ebb05183891550905de26337b47cbb8cfd86c80405488aa35a45f6f0833b5b80bca8dacc763ca5864c9f7661410288afb7ba2e7448169","ssdeep":"","tlshash":"37b01223983c02830e10904d40802a2091d410550b100351c87c8714461885430024e0","first_seen":"2025-11-26T01:35:43.49466Z","last_seen":"2025-11-26T01:35:43.49466Z","times_seen":1,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":72,"dns":11,"connect":9,"send":0,"wait":200,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/2903.png?t=1762147357776","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/2903.png?t=1762147357776 HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 4926\r\ncf-ray: 9a45a595cda42efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: status=format_not_supported\r\netag: \"69083c1d-133e\"\r\nexpires: Thu, 27 Nov 2025 04:03:06 GMT\r\nlast-modified: Mon, 03 Nov 2025 05:22:37 GMT\r\ncf-cache-status: HIT\r\nage: 495453\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4926,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8d1fb147592522e57e01d2e3ca17e418","sha1":"0105173883747c11bc274f7936935cf2b9a53f4e","sha256":"3463d7c3ad064b8d6f07af1edbb0b9dfd25bee192961fd454a5c9466251e7c6f","sha512":"c9774974da5d2c85c3c1eb98ce8e01e9a52cf67f1e6e3c4e86585c5ac50a2019f76bc53cc8ebba58865030dd9a1e4bca657a5ab481ba11926c8af25fdabab384","ssdeep":"96:WzdyXI4hMWRvwpHSY2RQSPB62KDf2T/QaIDL5hZgW0Woet+D:Wz8442uopHSY2PP0TDIEL5hp0Woy+D","tlshash":"cca18f55647057a7c3e1a6de682df78d635102e2991def744113f0e8e12e0cfa0a4dcd","first_seen":"2025-11-03T13:54:10.870705Z","last_seen":"2025-11-30T14:48:07.384336Z","times_seen":204,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/fonts/iconfont.2ed03d2d.woff2","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/fonts/iconfont.2ed03d2d.woff2 HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://plugin-code.salesmartly.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 8716\r\nserver: AliyunOSS\r\ndate: Mon, 24 Nov 2025 16:42:07 GMT\r\nx-oss-server-time: 2\r\nx-oss-request-id: 69248ADF0900E63437C87134\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, PUT, POST\r\naccess-control-expose-headers: x-oss-request-id, ETag\r\naccess-control-max-age: 600\r\naccept-ranges: bytes\r\netag: \"2ED03D2D50DB630E6DB43AF0AB7754D0\"\r\nlast-modified: Mon, 10 Nov 2025 08:26:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 18312883229832275330\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=15552000\r\ncontent-md5: LtA9LVDbYw5ttDrwq3dU0A==\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 7Zm_eKWf2OybInSL8xDWy3r-7rb5efejdNUzwl1lVgfat-cr7m59Ng==\r\nage: 118375\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":8716,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 8716, version 1.0","md5":"2ed03d2d50db630e6db43af0ab7754d0","sha1":"be76b52aae516e3c80f4e0648e9706ffbf3be214","sha256":"a193d84760e849b95a98318e0e925d8f8449f4b36606a94900a6b5fc173b1f98","sha512":"f3ef820f7347e9965c737da31127c58686d8027aa04ddcb26f6ac8d47c98a49a5dde8544e3abf4084a194cf8c47e9d639c5d8cacebfaff10a3898be7df322054","ssdeep":"192:MxEayh1xopHESFdJwCa2gJyU2VnQi0eoyyn+hgd:5ay/qRESFdJ4uUWnuP9nx","tlshash":"1f02aea0d59becf2dd573efc9e08627e409c2c5a4e91b2547baf8336124b39801e09e4","first_seen":"2025-08-29T00:00:23.805044Z","last_seen":"2026-04-06T07:34:33.73857Z","times_seen":898,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/A2HSModal.6c15f811.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/A2HSModal.6c15f811.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f115c-6309\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 11:12:35 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 74651\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oflLYr4DPAeoPdNac8ISvgtAlECDnIa1kGmGHYkzm4Thlch6Whxo9qK5x5%2FjLnPTbtnRb7QPJeW8YtLJug5uH8fqOFSIF1fvo4Sqaio%3D\"}]}\r\ncf-ray: 9a45a587db744e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25353,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (25115), with no line terminators","md5":"9e13716d9f3277890ef5ddb2a83563e6","sha1":"ec0b4dd810ee20edd1768bcb26780f9555baad94","sha256":"8921161fbd3b3c842cfdc418427a37ecae66ecb57a2788d005f21df8b4b0b9ca","sha512":"a210f66cd8e58bf403e6eb7bb0b6f363c6e70497ffd151d5abb11f5823d85611728af984909d909149267795c7d6ea79108d05610d268f189c3b4916b98ef7a6","ssdeep":"768:kT4K5yqQasRshjZq+7OIMd2OP6iyHjgG1N+Raf978Zc:jpyPSO","tlshash":"beb2b69ba757e0c820f2d2bae07f0a72e1757b4a2108e455787f88c4a2597cf711b937","first_seen":"2025-11-09T08:42:38.468419Z","last_seen":"2026-01-13T10:36:26.436296Z","times_seen":19,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"srz.salesmartly.com/client/log/log?plugin_sign=56a89c4a9814594bfa506dd0a9f8a067\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120901984\u0026_lt=\u0026_u=\u0026_xma_=","fqdn":"srz.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srz.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 10:01:00 GMT","end":"Mon, 16 Feb 2026 11:00:57 GMT"},"fingerprint":{"sha1":"B8:7F:BA:F0:14:CB:9A:7C:67:EE:76:AF:D3:02:5A:DB:ED:46:9C:93","sha256":"0D:ED:10:48:B0:E0:8F:D2:F3:8C:32:C0:0A:BB:D5:A0:3F:A4:73:D4:F0:61:65:6F:56:6E:F3:BF:0E:85:79:81"}}},"request":{"raw":"POST /client/log/log?plugin_sign=56a89c4a9814594bfa506dd0a9f8a067\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120901984\u0026_lt=\u0026_u=\u0026_xma_= HTTP/1.1\r\nHost: srz.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 835\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":835,"data":"log_type=CHAT_MSG\u0026data=0qH8PTXG1nmb1nohMhHGl2cEI3Fqyh8htTV8rCyiyQV%2F1Ncb1nmvrN%2BvsVzVfGHWfhypyGcW19X%2FyAKhyh8hrQjWtazErdyiyhypyQrpPStbfQXQyAKhyh8hfQzWPXz40NYVyAK9BdH9rNH51nz%2FyAKhtAO%2FlAR%2FIeO%2FlXFjI5sqI5s5l2Rkl2Omyh8hP3u%2FrSX%2Br9DhMhHVPhaXDqypyGXqPdyiyQ%2B4tTY5MhFWtStSBQHwl5vkBQIWPCzwB9%2BWPnD7snrQ1njEsNcVo9zvr2a8fQz%2BrTl8lCrA1nozt5c413vjs2OqrAH8l2uVr2l4M344fQv4yh8htnOhMhHIPSEEP3j%2BB5D%2Fld6KX9V%2Fr3zSfqYMXd6jldk8MqYN1nk9IepR0es4MqYqtAKjl5o%2FldvRc9XA19FWlA6jle6jleORcQVqrnrW0dFjl5o%2Fld6hBdHpP9tbr3u4sCyi0qHvsVrVfGIEP9khMAOpyQXk1NI41nmGXQXqf9VWPhyiyhypyQXqfQzqyAKh0a8hPnX5f9uGrX8hMV8hoCYwtNc%2Bt3VWPhYWf3XqsNcEP9kRt9u5y3u4t3XwfTcVrdYWPhY%2By3c%2Bt3uhsNIVyTcKsNoRr3Vvy3mWtdY%2BP3jWtqYwtNc%2Bt3VWPGl%2FNdHzyh8hfScWfQXMsnaVfqyinSphPQuwrCyiyGI%2BP3X5Pnuqt3jmNSYbr5O412cWlVzp1NI4yh8h19XmD3u41dyiyQVvyGatbN4%3D\u0026base_encode=1"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9a45a5962cc60883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"77e652f404f47086bb49598b43b92d9a","sha1":"9b4981aa40e98879d7f2efda3261e0f0c76a0d78","sha256":"052a4866127cab399192f6179141e92ce42742a7c09ccf7a0ffba2f0583869b5","sha512":"70e55dcdfca4754735386a3074c028d1047fce9b9d946cc84c2ea59d57799ffdc8071abc4c62142e2a1c319a948ad71eb696e0892bcaf1ce41f4616026a6bb63","ssdeep":"","tlshash":"bf900433341cc3470d05504f50053715d0f410500f104751ccfc0314430c4d57143410","first_seen":"2023-08-03T19:40:41Z","last_seen":"2026-04-06T07:34:33.690617Z","times_seen":1639,"resource_available":false,"data":null}},"time_used":400,"timings":{"blocked":102,"dns":43,"connect":1,"send":0,"wait":199,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"msg.salesmartly.com/chat/chat-auto/user/trigger?login_token=559a4d8ea79227150a3044691a2bfc0c\u0026chat_user_id=71bae948ec820d15f556dc6703a05edc\u0026plugin_sign=6a09294cfad91aadb48bdfcbed47b1f4\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902742\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062","fqdn":"msg.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.23.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msg.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 03:25:36 GMT","end":"Sat, 21 Feb 2026 04:25:32 GMT"},"fingerprint":{"sha1":"15:55:8D:6B:B3:77:A0:ED:00:1A:AA:11:EB:4F:E6:76:E2:31:CF:2B","sha256":"C3:DA:E3:85:AA:7F:F2:5C:76:D3:CF:7B:19:C3:AE:C5:39:05:8E:CF:DC:C9:B7:24:27:9F:A4:6B:80:CB:C5:B8"}}},"request":{"raw":"POST /chat/chat-auto/user/trigger?login_token=559a4d8ea79227150a3044691a2bfc0c\u0026chat_user_id=71bae948ec820d15f556dc6703a05edc\u0026plugin_sign=6a09294cfad91aadb48bdfcbed47b1f4\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902742\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062 HTTP/1.1\r\nHost: msg.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 13\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":13,"data":"is_new_user=1"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:03 GMT\r\ncontent-type: application/json\r\ncontent-encoding: br\r\ncf-ray: 9a45a59ab82fb1b8-OSL\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: https://www.bm398.com\r\nvary: accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: DNT, Keep-Alive, User-Agent, Cache-Control, Content-Type, Authorization, Origin, Cpl, Client-Type, X-Requested-With, Accept, External-Sign\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-max-age: 86400\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6b210154a96c28a41ffbe341a228c02a","sha1":"2e5751bde9f2323a79989d165f22ba111624ab76","sha256":"57109c9877bb6690c6284c7b2b98088071ee4762449b6b5659dd908bf9d703e3","sha512":"16fc9ff07ff4e167be6b24dad448fe7479cb1e5b50d5e7f251c84852e4c67d8caff68a1eae5be69b8f4561d97bc6d41be026597033718181025b3a97c7e292fe","ssdeep":"","tlshash":"89800023282c2c830e0238cc880e8b8820e820808e200330cc8ca228cb080a8ba82830","first_seen":"2023-06-30T01:11:08Z","last_seen":"2026-04-06T07:34:33.793452Z","times_seen":1471,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":77,"dns":49,"connect":1,"send":0,"wait":277,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/54.571635d9.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/54.571635d9.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f115c-1452\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 18:36:32 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 74637\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fINiwk4LZPYJTk%2FbN4yIF1TVVDduLgMa3TQSmnKwaQr%2BJ8tyr%2FOLgQHc54XS5hH9pE8zxBpGoudgxfFPgl8i18utMnimsAfaTRHM4vE%3D\"}]}\r\ncf-ray: 9a45a58c68a54e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5202,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5202), with no line terminators","md5":"a617ccdf353043814047182c141ce08b","sha1":"948007e5f8bdee62d8db1d801c737b0ba7350149","sha256":"51a01fc93885fd56d392c84424c0afe8168c6462de1dc9862a9d905df9dd9eeb","sha512":"9ca52d73648adf3e7d6d06a88943682f610836c43894de19ecd6d18a482fb832442f45c65f49a98124b6e2a066f9f0e24ea1225bb42502908d0b06dfdca71c73","ssdeep":"96:lIRZqIXFUt6FPMCeYKFIK5iEdPdlRssfxvtlGrnKSzc4Wfqn7xH:uRZlXit61MCDKWK5NXxODDIcntH","tlshash":"66b164cdb6d7b1295373a5b9803f6047e63b3c11740d4851e626dad278791498333efa","first_seen":"2025-11-02T10:05:17.029237Z","last_seen":"2026-01-06T05:38:19.634808Z","times_seen":19,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/WPSCORE_getDownloadSetting?domain=bm398.com","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/WPSCORE_getDownloadSetting?domain=bm398.com HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: jbfs94d718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vdDjv0kglumR60PVx%2Fd7PZo8JptXZLSw9nn%2FVojLYnIp7UkkfjHm4%2FwpbjnRdTgm%2FA3HF6e6mOQ2Kxu%2FmiCjg2Wpe4ru4Va%2FOVMLPpg%3D\"}]}\r\ncf-ray: 9a45a58ce9454e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1699,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"87ec2c355b08054b26c20cba7d845a9c","sha1":"c3bea0049e4e0fa3040357b7aa6c78d0a9eb92e4","sha256":"45ff75267dbdc5933b574162c5b5377c9a906bd20756e63aab97369fcc59b096","sha512":"c46149d737ae306129d2da0eea843594922382e647b29a74c2768e830aa7fe331faff315689c17951b88f3dbea6e3434883a4f6c5f68e019a478b3ba3d84cdb4","ssdeep":"","tlshash":"2731506a281568f74cc6d548e2bc7b53201ccd7b209669769835d6aa7dfbd38030387a","first_seen":"2025-11-02T10:05:17.037328Z","last_seen":"2026-03-08T20:41:40.122083Z","times_seen":37,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/PROMOFE_getPromoCodeEnable","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/PROMOFE_getPromoCodeEnable HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: zgbrv83718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A6TdBWP3RcwJS0s%2FyaeTxtCq6m0oAFcEyaJfa3%2Bd4XECOrWkRO4Y2EoFJVc7bJLNJRB0Sc4J4YCR0GWTRfJuE3YapAZUqDxGfY9Peuw%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a58deab14e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3961e890485c56051ce3bef421524dbb","sha1":"da0ecebe6a74fbcca1e5cce6da3dd423ab9e7e46","sha256":"397614303f0605e6c81dbcbf35187a0e5f2f376363188d8bc71985b69be0ff35","sha512":"52868cca07cf02c3b898ae6f3888440df7f1d664deef0bca5e7ee488d44283f6964a72e85cc6db6600d6772eb71f4f91d6194cb08fb93c13df5bab932f703119","ssdeep":"","tlshash":"8d900201141014a69002520015385b00346804565112a0599148806869e29051243846","first_seen":"2025-08-10T12:55:52.39708Z","last_seen":"2026-04-06T08:29:59.491404Z","times_seen":610,"resource_available":false,"data":null}},"time_used":473,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":473,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/WPSCORE_getCustomerServiceScript","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/WPSCORE_getCustomerServiceScript HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: px5rn9t718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JVjGTrv2OHQ9nbeSWjmZebSdHxspzJPafQgLnxIDJqglwz7NKRlKK7OFIm4nODGatBfIHJ5n4q9fpYkJLsqKMQv8N%2FoKriP5wcLLHP4%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a58deab84e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":139,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"61bef2536e9bfa836750b1dcb420f767","sha1":"d00391e5888001aab9be019559a892caf11c59a0","sha256":"d0543d655c6eb565c8e39c91bbdf89c95dd804692965b999ef48596a5609dded","sha512":"f0307b599393e5e43a666bfe6d8b62eb1ad5d62caed672cecfb68a32a6ad26b96fc38df9d67a6333839ce8890138861db82ae8900746889ac2ebb03e2cbc0b83","ssdeep":"","tlshash":"93c02b072f08c0b2e14171ca1c38bd07bcbc03cde041d0cba4c4c1000d107d01803d4e","first_seen":"2025-11-09T08:42:38.484373Z","last_seen":"2026-03-08T20:41:40.261048Z","times_seen":33,"resource_available":false,"data":null}},"time_used":458,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":458,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/vendor1_b8775aab.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/js/vendor1_b8775aab.js HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: AliyunOSS\r\ndate: Mon, 10 Nov 2025 08:27:28 GMT\r\nx-oss-server-time: 7\r\ncontent-encoding: gzip\r\nx-oss-request-id: 6911A1F0CA1C6338308CE290\r\nlast-modified: Mon, 10 Nov 2025 08:26:44 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15305004930386263030\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=15552000\r\ncontent-md5: TdEL+eOlXQT7AtB2+NiI/Q==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 0vEndCXPS7VNWwxJ_4ZOaHqVBjuaTpZ-NKqFP494E9oNpN1HEtKIfA==\r\nage: 1357653\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":225000,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (49155)","md5":"4dd10bf9e3a55d04fb02d076f8d888fd","sha1":"73fe2ade639561e0fbee753a10ab3a8f64457ba6","sha256":"9b5cc937de300ae7ed821b3c25405086cd9fc0c25be5f6afc2213b06d1981408","sha512":"768877b7f6860408251dfc60ac57ed4499ac9ff259f506f98020a848b1f8dd67378758074406603c95d98bfa621d4d451d9a941f9932c2bc9ecfe1eb9e69f9ba","ssdeep":"3072:hUj1XOH0ipFe9OY0ceCK7KtWO77yzk83UzlgE6CjnWO:2kHbDCK7gf7n85NO","tlshash":"b22408c8b295b06143a770b4407f550bf13ab915680ec5a4f226e8da7cbc98e907bf7d","first_seen":"2025-05-10T22:57:10.916725Z","last_seen":"2026-04-06T07:34:33.855776Z","times_seen":1793,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/loadMemberCenter.js?v=1764120898667","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:58.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/loadMemberCenter.js?v=1764120898667 HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 06:08:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692547ec-11c8\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Thu, 27 Nov 2025 01:34:59 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W4ysZjTOiebax%2FKD4zwcjyEc1WJFyo0KQ8Qt0OQ%2FxHchNP%2FdllpQ79aenOIcqrDJtrjIB6HB84B%2FRXQJZJmEnRqgHIPSNygsYvnfjcI%3D\"}]}\r\ncf-ray: 9a45a580b9df4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4552,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4551)","md5":"abb7f8d1fad8b2ee971cfcd19d04f251","sha1":"bc98a2b6c20c55e2be3b87b7f84079d0da3a7711","sha256":"87577322abf50a9a2d6aee6a618e70c3d2e2cd3cd0cd917fac3300ea41961387","sha512":"c7f485ae543d5953bfd2047c300aad242f087133fb6d99e8b4145f9c089a10432c455f69e63190808852e1071e7dfd15c2798b3f9068acadbf5dbe1bae7544d0","ssdeep":"96:EYpbXKdqqIIQZF+swZqg+InBV7C65Ff9n62:R6dqqAwZQEC6bg2","tlshash":"5791c5ca3565b8b253e964bce03fa665f2b126111418c4509106dcc67c78fce832bfae","first_seen":"2025-11-25T06:42:06.076519Z","last_seen":"2025-11-27T04:59:19.254631Z","times_seen":9,"resource_available":true,"data":null}},"time_used":574,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":574,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/chunk-common.fea271ec.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/js/chunk-common.fea271ec.js HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: AliyunOSS\r\ndate: Mon, 10 Nov 2025 08:27:29 GMT\r\nx-oss-server-time: 6\r\ncontent-encoding: gzip\r\nx-oss-request-id: 6911A1F1E5F8053535370B7D\r\nlast-modified: Mon, 10 Nov 2025 08:26:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15540067326740225810\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=15552000\r\ncontent-md5: U/rsDZggBtBbLYWNl9WD9A==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: r008_e7_dLBQwsZK-C3ItQnKq25w8IFWbu4ZL1Tu1rA-e5SvPmkH_Q==\r\nage: 1357652\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":22811,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22727), with no line terminators","md5":"53faec0d982006d05b2d858d97d583f4","sha1":"35830cc8f10269af69a8054f76d7dd1452141e91","sha256":"68fd8f46e926736fbfbe36d10906f0c55ab81d86dd5f770c5b2147ad5f761c48","sha512":"7352673fa0958eadd66f8096c9823fa160460c01adc7a2cbe8025835fe2edf6982c560c0cdf9059414af92d005f592de0271b8abee308b5fc49cbcf6c3da9bee","ssdeep":"192:o4abJTJY2f2tuXUVzf8cjyjRYiYj0zcM/XCBIiuY64cL0ORZEvfSzG1my0tqv5HQ:o4A4iXUDDjGcGsOL+lRv5HWocVhym","tlshash":"cba20cccb0d7f1550a523078c0bf208ae63e6c94784e9252da66d4ea7c3455eb277f8e","first_seen":"2025-11-10T12:55:36.348477Z","last_seen":"2025-12-03T21:30:25.071509Z","times_seen":282,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bm399.com/d/.js?oref=\u0026ourl=https%3A%2F%2Fwww.bm398.com%2Fm%2Fhome%3FaffiliateCode%3Dproads01%26cid%3Dw4thi1a12f2p11ee348m4ri4\u0026opt=BM39%20%7C%20%E1%80%99%E1%80%BC%E1%80%94%E1%80%BA%E1%80%99%E1%80%AC%20%E1%80%95%E1%80%91%E1%80%99%E1%80%86%E1%80%AF%E1%80%B6%E1%80%B8%20%E1%80%85%E1%80%9C%E1%80%B1%E1%80%AC%E1%80%B7%E1%80%82%E1%80%AD%E1%80%99%E1%80%BA%E1%80%B8%20%E1%80%95%E1%80%9C%E1%80%80%E1%80%BA%E1%80%96%E1%80%B1%E1%80%AC%E1%80%84%E1%80%BA%E1%80%B8%20%E2%80%93%20PG%20%C2%B7%20JILI%20%C2%B7%20PP%20%E1%80%A1%E1%80%BD%E1%80%94%E1%80%BA%E1%80%9C%E1%80%AD%E1%80%AF%E1%80%84%E1%80%BA%E1%80%B8%E1%80%82%E1%80%AD%E1%80%99%E1%80%BA%E1%80%B8\u0026vtm=1764120900226","fqdn":"bm399.com","domain":"bm399.com","tld":"com"},"ip":{"addr":"172.67.186.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm399.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 15:56:15 GMT","end":"Wed, 21 Jan 2026 16:52:18 GMT"},"fingerprint":{"sha1":"C3:10:D3:89:9E:EB:76:B9:96:08:4E:30:43:AC:68:6D:F4:E4:B7:E7","sha256":"D4:93:17:C0:5F:84:5B:66:53:7A:6F:54:90:3C:7A:70:61:2E:42:60:59:57:C1:EC:DC:FD:F9:75:59:C1:2B:15"}}},"request":{"raw":"GET /d/.js?oref=\u0026ourl=https%3A%2F%2Fwww.bm398.com%2Fm%2Fhome%3FaffiliateCode%3Dproads01%26cid%3Dw4thi1a12f2p11ee348m4ri4\u0026opt=BM39%20%7C%20%E1%80%99%E1%80%BC%E1%80%94%E1%80%BA%E1%80%99%E1%80%AC%20%E1%80%95%E1%80%91%E1%80%99%E1%80%86%E1%80%AF%E1%80%B6%E1%80%B8%20%E1%80%85%E1%80%9C%E1%80%B1%E1%80%AC%E1%80%B7%E1%80%82%E1%80%AD%E1%80%99%E1%80%BA%E1%80%B8%20%E1%80%95%E1%80%9C%E1%80%80%E1%80%BA%E1%80%96%E1%80%B1%E1%80%AC%E1%80%84%E1%80%BA%E1%80%B8%20%E2%80%93%20PG%20%C2%B7%20JILI%20%C2%B7%20PP%20%E1%80%A1%E1%80%BD%E1%80%94%E1%80%BA%E1%80%9C%E1%80%AD%E1%80%AF%E1%80%84%E1%80%BA%E1%80%B8%E1%80%82%E1%80%AD%E1%80%99%E1%80%BA%E1%80%B8\u0026vtm=1764120900226 HTTP/1.1\r\nHost: bm399.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript;charset=UTF-8\r\nserver: cloudflare\r\ncache-control: no-store, no-cache, pre-check=0, post-check=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 1d542b221a74ce095eec8b4baabd68ca.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: I0yPLrGlLm4_kRL8RfjqF9_Wa-_LqYwPKe2yk42o7oVvTVIBuWiWNQ==\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VbdqV6fOb%2FdRUE4UGtuibBQUXl17GhBFHpzDzPFUEuzbmwsxBa7glFihHQsyGenehSRm8JqNo%2BLbOQCfJNiR1aB36i4U0PE%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9a45a58abdb356b7-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1299,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (543)","md5":"340397059972033bb46b643aafd08154","sha1":"d22680b4d46624742b876598e786fc08590b9088","sha256":"9b75b8e0ba280324615fef0142a2613587299f90811b9191378aa576b2ca4f6c","sha512":"34f892d62dd72a97016393416bae0f2ba6d344016f9f74eb22c99db66806f7033dbec28385e2af7680d0375c577fdaeb9441cbf699a73a42dd15380c7693dc87","ssdeep":"","tlshash":"e721755d31a5741e8022a175187f012d737a1592334a8a9d959cc2843e298bf03e7fdc","first_seen":"2025-11-26T01:35:43.504957Z","last_seen":"2025-11-26T01:35:43.504957Z","times_seen":1,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":50,"dns":22,"connect":3,"send":0,"wait":88,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"bm399.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home-download.6afb0d8c.webp","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/home-download.6afb0d8c.webp HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/webp\r\ncontent-length: 24466\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-5f92\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 02:45:29 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74632\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oGeN%2Fl%2Fex65kGG615Zz3DT%2FqCH6fSLL%2FH7eZ%2BDLZL9aB%2Fc%2FVmL0c8RLA7mRc9ajQcqmzC9PMLfvTSwgoZGM%2F0%2B44Ps4TQLxYJJZynyk%3D\"}]}\r\ncf-ray: 9a45a58f3c3e4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24466,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6afb0d8cc25830768af68e21faba5efa","sha1":"46c5fd0f656e3f6cc0d50ced0ebe5b57014539dc","sha256":"dd4383ca950162d27dfe316b208d5613a242db41f0848b292c55e0ebdab2b2fe","sha512":"0e516ab2fa4cfd4867691a9da4f90db0bb0f94dcd91b0581cb574384e1d052fca9318c4276b2921aa34c4d281647d748f914458de20b5918fa8306b2adab8666","ssdeep":"384:vFhCd9PXy7s68KmGlkPbh6xCePUOOra32MGGHkWP6ffwR9leC6YmC9mj:NYNXy7f8KmGlghWAa32MGm7T/leCmj","tlshash":"08b2d0454ab9f721cb8628308e66841f0753c8704349bfde56649253abf8e747cfb171","first_seen":"2025-11-02T10:05:17.053064Z","last_seen":"2026-03-08T20:41:40.136538Z","times_seen":34,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/TCG_GAME_ICONS/PP/EN/PP0739.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /TCG_GAME_ICONS/PP/EN/PP0739.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 13820\r\ncf-ray: 9a45a59138692efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=14456\r\ncontent-disposition: inline; filename=\"PP0739.webp\"\r\netag: \"69160e3f-3878\"\r\nexpires: Fri, 28 Nov 2025 15:19:58 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:58:39 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 230386\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13820,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f14e635225fa1cefcf4221e5581b9f45","sha1":"20e24516217b667930366e7b0f4c7cd48c2166b1","sha256":"baf9822d6d320c1e33b79960955c11117aaf78880b8dc8e9d00f5772a3004978","sha512":"c29c6580dfae006b73cf5e9c14cfbd4f30ca9b60eb491879602820e09e23024c8230a447a62905c70689d7cf1c68cc7ac4bea710e04e80ae513f58e311038948","ssdeep":"384:uFUk4NVYsTfr+iraya86bhiB+t0w2yYrpgBGwa:lFdharJuyecGwa","tlshash":"8452c04ac703108e7aa7df54b17a0ff91b27b568944060476c29b1c0eebcbaf53c8472","first_seen":"2025-11-23T01:45:05.876779Z","last_seen":"2025-11-29T01:14:41.276481Z","times_seen":5,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/bank-6.efa1eec5.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/bank-6.efa1eec5.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 3269\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-cc5\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 12:28:36 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4500\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OVGq93TBpJZWCk5ybFgLSL98reN3YJeBqTolf5IepTchFw0C5Z68easnSqcXDvGrhsmteGKMrhMCZEtZ7hPEIiQA95VHtKXJih%2F9UUo%3D\"}]}\r\ncf-ray: 9a45a58f5c634e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3269,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"efa1eec5ec5feef0a0513c9358817f3f","sha1":"75bd612b212fa79b310a287a0bedb3ae0ee9b19d","sha256":"531360cb5b10344d5b7a48848d920ed4c5b2f3ef71de057a955151110a81103c","sha512":"337a0471f131503ece5e5b832448e27c6512aa537d0b53cc90ce45748c133b481fc562e56bedf033636a1b485d44495a324c9e138b189bc02596847bb330255e","ssdeep":"","tlshash":"db614cf1c35489664e609e069e130681988f3e5a3c5df76b3920f50eab774cab4d8726","first_seen":"2025-11-02T10:05:17.05447Z","last_seen":"2026-03-08T20:41:40.266225Z","times_seen":34,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/header-bg.cc282939.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/header-bg.cc282939.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 25777\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-64b1\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 16:29:45 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74660\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Up4jFi8OVrJ0StH5%2FmwJj5PEqL1Ef4SVwJamcEQuE4M5WWh%2BGyz2FC%2BUHnYk%2BZGF1dYdabB4V2c4waM%2F7FjZxTC5cD6BJuCPM7Ln8g%3D\"}]}\r\ncf-ray: 9a45a58bafb94e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25777,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 751 x 109, 8-bit colormap, non-interlaced","md5":"cc282939803be230a1c775e511f67ff8","sha1":"9ff5d4ec3b8e5ac7296f8b8e01131b13fae22b52","sha256":"6924f098d6266ec123100c8c181eb4b5b41d94ab955f9f7dea00173bee22a1f5","sha512":"09e5c14d2ebb21325710484f950c3aee5a7420e2b902ef5b3c9e826b3fa4c5304134b68dd69ce69e39c2f42ba0e98d9dcd2d6419e6cc3e7e6bf32bc2cffea717","ssdeep":"768:Wl+vQNuAiSRVVOP3tIny3Iclt+65nTzOqQM:jYuIRVVOF1Iclt+6hHOrM","tlshash":"92c2f2be5596e06fbfd09bc342ec3abe729c2461a75866dc841f02f511b9080e632d2c","first_seen":"2025-10-05T05:37:15.916801Z","last_seen":"2026-03-08T20:41:40.076008Z","times_seen":38,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/bank-7.7ff0de92.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/bank-7.7ff0de92.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 2499\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-9c3\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 08:05:28 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74628\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DTDl%2FIKlD%2BaGuVRwGs06EA0w36JRJC7BDwEdTuzjx6BByum%2F1EQltTZcy%2Bk%2FfpahSlPBijZXCyNlxZYIJu3n9S376cBwRYzDumjG%2F8Q%3D\"}]}\r\ncf-ray: 9a45a58f5c654e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2499,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"7ff0de92c1fab89f4d0026d26a6a1bd2","sha1":"0a3e01b085243d6400b3bfff52f1034a7b898e75","sha256":"223a86ba4d0c08abecee5960dab4ad117b4e9a2862c41215291c14ced69122b0","sha512":"2a08c1ef0a3e751af9d254f344e6a592128d11d25f18e8c0d9c8785dce9cace19d74e5545d477e7e52445818cef4768fb1860362290753d5c882fb9597a676b0","ssdeep":"","tlshash":"c451e926cf5c62a6c5b2cce2d315df85c1a7b12a58292d374810a49eb73a266e1d42c9","first_seen":"2025-11-02T10:05:16.966107Z","last_seen":"2026-03-08T20:41:40.27911Z","times_seen":34,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/A2HSModalMain.7c8aea44.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/A2HSModalMain.7c8aea44.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-372d\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 20:36:43 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 4496\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9DseGB%2BaEly7m%2Bpg4kRjdhRbbizUNzBu5vC5ndxPVPXcuCAzAQFqXbj3r1kRsDgi6A8LIbuTxznLgQoIQnXjyKAM3huMrrmNo2naCMQ%3D\"}]}\r\ncf-ray: 9a45a58fecea4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14125,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14125), with no line terminators","md5":"ea7b44dcebc8c0d65dafb60c17056b93","sha1":"0b9b678dd36af46a6a89d34ace71b48a2b799b8f","sha256":"9e8f7361d672e77ed566e39eda849a758d6a0aa4dbc827d2bd631658b3bc8f5b","sha512":"a48e91b8fac4d48464acbd86052c8a8142864e0b9cb84edf6ab9d3781074847356075c2ab8459299418c2b2ebf3fec149059591c1b3ca00afd0001819f359857","ssdeep":"192:jCoDc8t2YfbK3p9mF7bpyjcCD0Hg8CDErsSaNo26oDJW/xXP:xttDfbK3LIb890HgREQN36LJXP","tlshash":"6e520ad5b2a091dc08a6505e8a3fea42535e3a9d74389c4569beccd8b5c7bccf227c30","first_seen":"2025-11-09T08:42:38.494346Z","last_seen":"2026-04-05T23:58:53.799275Z","times_seen":20,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/PG-COLOR.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/PG-COLOR.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6928\r\ncf-ray: 9a45a5900f632efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=8061\r\ncontent-disposition: inline; filename=\"PG-COLOR.webp\"\r\netag: \"6913a060-1f7d\"\r\nexpires: Thu, 27 Nov 2025 04:03:05 GMT\r\nlast-modified: Tue, 11 Nov 2025 20:45:20 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 495455\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6928,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5f53a92c7342a24876246465892d75d3","sha1":"97887c0266e9d2b3fc127c3ae4da763cc36070b9","sha256":"f366c0d03c0b12b7938a8bbef60a386619cd182c93c88ef619637977a74adeef","sha512":"b02df5d316f5796f4e3f02a35545c27f2017af8a56f16ddd4fda0c7e14672c6609dc2f6153bb593b80fa737020e25f34e11e69d1fcc47fca853c6ee2c1453068","ssdeep":"192:JA2sJMo56MY9p5bW+Z4/9bJTZp+4f64NraLcnvlwpXr8:JA2sJkv9p1SfTmWNraQvlQ8","tlshash":"c0e1be11293467c05b77c09534ee0cdc244bb98218269aa396f05b75576e2f2b6128bc","first_seen":"2025-11-12T05:00:43.704138Z","last_seen":"2025-11-30T14:48:07.331532Z","times_seen":56,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/header-menu.100e3fc5.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/header-menu.100e3fc5.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 10333\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\netag: \"6925f3e6-285d\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 19:30:51 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4508\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IZ%2FM3lxGWMH2RlGxvH3FXmsKE%2BxWJ07yL%2F99FILQfZ5CTS1E9BGP6gM88Z%2BT5I%2Feb%2FIa%2Fl8a7njkStHM%2BrWV1wUwKlwmfRgUbwDd9Es%3D\"}]}\r\ncf-ray: 9a45a5901d184e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10333,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 361 x 163, 8-bit colormap, non-interlaced","md5":"100e3fc5c155078ad4f12fbceeb0e835","sha1":"83587728256194b767bf71666146ef4bc8e50e9b","sha256":"c60dc92ccf3a6372f3ba973481671b7870ef6ab1f90ab85d66f1208044d260e4","sha512":"3ad0e47c1010a5f46b571d5afa187da2f86d05a98e5ad2ed8a0cd63d31fcda359db6504128cf2d433588b4b4a1d32a4d390738ef03c94b2499d766af6b615a58","ssdeep":"192:i9hg5kt16qokM62hm5X96yjgkj9oWHvpUNWHUY32EkOOn30kk2nfhJkN2/SxY5:ahg5MP1zj5N3gc9oWyqinkkk2nfLkI/F","tlshash":"9422ae1e9536ad254c8c006e567b8d7a7fcaa946680c278b24e6146355b3c3ef20c75b","first_seen":"2025-10-05T05:37:15.907527Z","last_seen":"2026-03-08T20:41:40.16371Z","times_seen":38,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/GCSGAME_getVendorEvent?ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/GCSGAME_getVendorEvent?ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Timestamp: 1764120901722\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: see2iy5718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qcTBJFcbJKI6gSTSWZ0uG89ysXazM%2FXasJkp8e8%2BsGbOJlVz3DXkZQQly2mawYc8a8rirIyi0voqlBQW9BOo8nChNQPJCGTT5zRXaXc%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a59428eb4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":760,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6353a37986b95086c9e1b839a194868b","sha1":"baa3038c4fb4ef0d2bcda6f5f706feff7fe16eab","sha256":"9b14dd58b315fc959b4c50bb44fb4d484b544d87deb2b926be2041b5d3f00a36","sha512":"0d267506b095065c8262cd41dc5372cbed1eb93ceb456828eb257e2a91dd573cde30b67dbbe4cbc5f6efe11df6438e72427115c7dac9b1cb9701334311becd95","ssdeep":"","tlshash":"db01bd22216c4877de5910c4730ffd58e4b6650b9acdce51919cadc845a01a95267ac8","first_seen":"2025-11-20T07:58:50.368421Z","last_seen":"2025-11-29T04:35:30.112628Z","times_seen":10,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msg.salesmartly.com/chat/chat-msg/unread-msg-list-v2?login_token=559a4d8ea79227150a3044691a2bfc0c\u0026chat_user_id=71bae948ec820d15f556dc6703a05edc\u0026direction_type=1\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902742\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062","fqdn":"msg.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.23.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msg.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 03:25:36 GMT","end":"Sat, 21 Feb 2026 04:25:32 GMT"},"fingerprint":{"sha1":"15:55:8D:6B:B3:77:A0:ED:00:1A:AA:11:EB:4F:E6:76:E2:31:CF:2B","sha256":"C3:DA:E3:85:AA:7F:F2:5C:76:D3:CF:7B:19:C3:AE:C5:39:05:8E:CF:DC:C9:B7:24:27:9F:A4:6B:80:CB:C5:B8"}}},"request":{"raw":"GET /chat/chat-msg/unread-msg-list-v2?login_token=559a4d8ea79227150a3044691a2bfc0c\u0026chat_user_id=71bae948ec820d15f556dc6703a05edc\u0026direction_type=1\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902742\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062 HTTP/1.1\r\nHost: msg.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nexternal-sign: c3c7e8442b95ec4c9aaad1d05c6cb735\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:03 GMT\r\ncontent-type: application/json\r\ncontent-encoding: br\r\ncf-ray: 9a45a59ad84ab1b8-OSL\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: https://www.bm398.com\r\nvary: accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: DNT, Keep-Alive, User-Agent, Cache-Control, Content-Type, Authorization, Origin, Cpl, Client-Type, X-Requested-With, Accept, External-Sign\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-max-age: 86400\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"48016efe262190df0ad5b1d7340a60c4","sha1":"1cd9c973630bf59e2c479cada9105bbfad39dec3","sha256":"6e59b9f826a2a9b503fb05fd33448a0583d30552aed790dfea6cb19e74bb409c","sha512":"274e846e9ad5c7fdbff3fb665809347f229260b2b2eb491f386a5d1084a7fd7526a4e0eb331c71c4eeb14a98143925c29e2702869c11883176eb14ffbba9993b","ssdeep":"","tlshash":"4ca002562c2c1e4b0f0fe489780d1b17d6e911445a252712cdcc915c870da5eb5c7521","first_seen":"2023-04-19T11:38:49Z","last_seen":"2026-04-06T07:34:33.874663Z","times_seen":1324,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/lotto/lott-common/lottTranslator.c6284a7d.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /lotto/lott-common/lottTranslator.c6284a7d.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 08 Oct 2025 08:43:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e6243a-128656\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 01:12:08 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B%2Fh110YxcYUv3QgHKxNp78XJk0zR%2FU1YMZSXcLolW3%2Btlx27r3i1naLgUinMoJhCufiWiPT2BxktaJ8OdsnRimM4ESUVq1TWJuVtbh4%3D\"}]}\r\ncf-ray: 9a45a58d59e84e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1214038,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (55738), with no line terminators","md5":"0366e65e37d971fddb185526e5cbd1d0","sha1":"0ab8abced80bedda7e35568ef258fd283156e4b2","sha256":"9d85cd8f38af3d44aea1c6eeda28cfadacd0dd2c1bf50f5662b4095412d29b1f","sha512":"f053f83b4b47dd43b69c4ad2d590a6c62c6ca960782713335c22e015a890de91eed8963601ee8789c8c6f30d28ddde46a2b15e85c2144cf4b268ac1f0e8db7b9","ssdeep":"12288:6uDcCDPGZbPZkSGV7dJ8TbGGZmIYmp2sP6JSzrpmfi40prt/2ZrH:FRPGZU7Y/Y5sP6JKrsiFB/krH","tlshash":"34453bbe93a62aec0d5db75b5e9b30a1153d0508acf427c2cdac1e1877ccd1da072a67","first_seen":"2025-10-17T01:15:15.771145Z","last_seen":"2025-12-22T07:27:15.814475Z","times_seen":475,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/html2canvas/1.4.1/html2canvas.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 37629\r\ncf-ray: 9a45a5862ff775ab-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"61ec4640-92fd\"\r\nlast-modified: Sat, 22 Jan 2022 18:00:32 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 343612\r\nexpires: Mon, 16 Nov 2026 01:34:59 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=RuGUC5uWdNR4apumFxuwqXlC9sLSgiDOB99rIFfERBxAgtBgHGQpS%2FZK5Bl5GAAJ8SS6KO8pn4zvdTrV0CNFlNwzWaJlxAwvoc6HPp39zdTnLI4jGQ96457UtvYEUxBxDyDkmzbL\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":198689,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64372)","md5":"d7530aa0b7587e627484c49fdf8f13f2","sha1":"b987dc0cc6cfcdc2e34499375f505470c5adb891","sha256":"e87e550794322e574a1fda0c1549a3c70dae5a93d9113417a429016838eab8cb","sha512":"04d6914276096223d2a871c36f9f01d3268f7c2bbe5a076cf06a7f814df792a06d80d4b8b523c7b8689bca87aa315fd326548a75ae855f3a04c981a34defaf5c","ssdeep":"1536:dLkw5M8eKEsqi5xpg+n1sPMecC9JmgxBQSFkkZQRlNM7IgeXzh:dLUtZSpg+aZmabZQz9","tlshash":"121457b46ba71cde0a7ef49b00172d838d981b67117fd1e8f24aada62d70702ceb1574","first_seen":"2023-03-08T20:20:59Z","last_seen":"2026-04-06T08:31:45.791201Z","times_seen":4577,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":32,"dns":1,"connect":1,"send":0,"wait":10,"receive":2,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/MiniGame.86b930a0.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/MiniGame.86b930a0.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-78fb\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:24:09 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 4503\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MOlXQ7zuZxAW7jgM8p1gXOh8am7iqigQNYuD1%2F0xgEpv%2BE5CfA1lsWCBtaeoornzxhpL4TljtWVf7lN0U3zfCwPxeo4ADwUfvm7mXJE%3D\"}]}\r\ncf-ray: 9a45a58bafb64e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30971,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (30971), with no line terminators","md5":"21847d578f29c32a1f1793f6772be2e7","sha1":"bb0f4e2b7382fd40e890aca35e3d42eea48a56fc","sha256":"70567b84217546eba0c9bb1b13d45f12b5873bcb88acd6666cab52ebf0f37bb8","sha512":"c0c3d819f6ac2d2965412a37ebcf00b79e15a581ca8887582929e4e4b757548aaea53d966d57a25b23535ca054f4f002a852e530aca8a12f9b7a833f69de0b72","ssdeep":"384:uZZChsIOKawabFwoCi9rEEnEezE2g3kXteFhAVPVIK0lUc5rWRXZAQQPqM:ufCOpjwLoCW4TgZKK0NSRXZARF","tlshash":"28d2e7847092f0b942d650e4406f6206f1799d2ee15af094f376dce0aeb859f816bf3e","first_seen":"2025-06-20T20:04:45.604629Z","last_seen":"2026-01-13T10:36:26.567063Z","times_seen":117,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/wsd-images-prod/bm39mmkf7/fe_setting/splash/wps_splash_1080x1920_bm39mmkf7_20250911023835.webp","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /wsd-images-prod/bm39mmkf7/fe_setting/splash/wps_splash_1080x1920_bm39mmkf7_20250911023835.webp HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/webp\r\ncontent-length: 98110\r\ncf-ray: 9a45a58bab2b2efa-OSL\r\nlast-modified: Wed, 10 Sep 2025 18:38:43 GMT\r\netag: \"68c1c5b3-17f3e\"\r\nexpires: Thu, 27 Nov 2025 04:03:52 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 493326\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98110,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9aa663a816df5d82181f3d07931588bc","sha1":"7d8842563c135434a99e867c65aed40c30fa2d7f","sha256":"8c6e9254fcf405459ef192c8e81000c4b790d09745e7eb5181dfad0dd14c40ce","sha512":"6c4585c0d197460c36431a868be5865bf0556212bf581e871fa0f4ef7265faf341482f21a2d58d95fe5c9a11440bb8f642b2e452a296c758d45c7c165ca4922f","ssdeep":"1536:krrl4p+JcbdjbQJtzJLbZailkP1RqLMDjZETqghUSl1mXtsFIshWQYF3OE8vk3xT:krrKkcbJQzzTtkGgjZEjhUeYV1DF3kvu","tlshash":"dda312d6731ebae9f89a81fb4ac1094e768b1449fc722c5c79f459cb145c2cc3b52a38","first_seen":"2025-11-02T10:05:17.039878Z","last_seen":"2026-03-08T20:41:40.141744Z","times_seen":31,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/GCSGAME_hotGamesV2?merchantCode=bm39mmkf7\u0026isPlatform=2\u0026language=MY\u0026platform=html5\u0026ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/GCSGAME_hotGamesV2?merchantCode=bm39mmkf7\u0026isPlatform=2\u0026language=MY\u0026platform=html5\u0026ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: \r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: 5ba0ym3718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: GAMELOHOT3, FREEPLAY3\r\nx-elapsed-time: 3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P5xhAwSfssALGxQQ0rGuKy0SeW7v44SYqhHKjggzZNRoiPJ2H%2BNkYeCtui3RK8If3bnwPstX%2FqVAiKv%2BuriQGertSeWnH690nXhz2xc%3D\"}]}\r\ncf-ray: 9a45a58ce9394e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33051,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (31681), with no line terminators","md5":"ac3aaf9271230ab00ed82a382f1b168a","sha1":"cb45329ad167ffe67c97a007cf83806bfee69b55","sha256":"730494ce408203218978a6b009a615b9cd54cc4d658ee0c500d4ebd0cde6626d","sha512":"f10f5e85f872c2ada2f58594b80fddbeac245103085b8b4a243712398bfd116611502492ec38445884c0168f8cdac39bf060339b40a9fca6e8e53be357447fed","ssdeep":"384:CMQFKlpngJMHusQIqwbBNR89ODk2G8d+D267tx+1xIXpBnfvln52FX3ZeiGeXy/v:MIfTv98x7O3IqCH","tlshash":"91e2a04cb218ac8a27ad49b8318ffe99e8fd044b84d0ce7566945fda48fd73c621535c","first_seen":"2025-11-22T16:37:35.960173Z","last_seen":"2025-11-26T09:58:32.18767Z","times_seen":5,"resource_available":false,"data":null}},"time_used":457,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":457,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/28.0a671736.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/28.0a671736.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 06:08:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692547ed-2fa1f\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 06:09:06 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YMIWq03m90V1u2BSTHOIPS3w%2FScilhxvxjco4rQqrFItFFdRXQhLECRMjlsM01S4BFu2j16o6j0Fv95JzblegcPwzy6fUYQXqRASOAI%3D\"}]}\r\ncf-ray: 9a45a5887c2b4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":195103,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31640), with no line terminators","md5":"c59262b29c5a57e8495c2125faa5ba7c","sha1":"02f14f387fcc9a111dbe2fe9f01d6a05064be0a2","sha256":"3960f282b9f53d7c9081b1c34dee097a5b8de7fee141c33c122ed36fdee99c5d","sha512":"7b5fbe1e1602542440482182ffb97373277074ef77cf32a49fa161655c8999271aefe8b33263181e8b51a908369fb0f213b402b08b4df2d3fe33c2722c50b0bc","ssdeep":"3072:S2amaMyyYi+qpmLW6N+u0O6sdXIBq6CcTki0nsocnt9IIgmqus33yQb1OVShcQAp:gXtsp","tlshash":"33141a910a7de40ab4cdd52e1b8eae647cee51051a018cc16fb208ee4d5f7a5e370b7e","first_seen":"2025-11-25T06:42:06.087698Z","last_seen":"2025-11-27T02:13:57.703171Z","times_seen":5,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/footer-agent.421a2b50.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/footer-agent.421a2b50.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 77247\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\netag: \"6925f3e6-12dbf\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 23:23:20 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4507\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vr%2BCkWhJW2%2FnKK5WwGzkC4XM%2B81leJO52foMvHWP9mNSFxruNgG3Ouyx4XZ8i6yvIbvgJU5C%2FJfye4sqz48i3CZLJvkwon0nf%2B1yx6U%3D\"}]}\r\ncf-ray: 9a45a58bcfd84e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77247,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"421a2b506880a66e16e0e0d454e3b24e","sha1":"6c4de7c07abe10272b80895b3e2b28c25f294e78","sha256":"a35357ba4d183728cde93109826fa62c5feade74edd70b59ed09b7717fcfc13e","sha512":"15c07bcb067d5a217f039b76c4d2a57937418baea4a40e3a1be4cc7764605a0c22d098808081e2949937c2ba636dfd7faed4f6a2a085070579fa3eca0ac46ffc","ssdeep":"1536:09rKZvVSzF0lSwJ9dwHqH+T7xwRutdZni+qXjoDXQWf7:09eY0lSwJ7H+T7OR0bnQAn7","tlshash":"a67301b589ffb8193d2dbd4fe5dda8680ef18b457b30ac2310a8efb41888d9546f4811","first_seen":"2025-11-26T01:35:43.516128Z","last_seen":"2026-03-08T20:41:40.135717Z","times_seen":18,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/nav-register.ee90eb53.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/nav-register.ee90eb53.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4457\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-1169\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 08:38:16 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74655\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ukWFuPgvWLPsU%2FQIGmpkrlV1XxKh8g%2Ff3%2BITnoYkjVyaf1vq3FG3n6fOOaO2AzULdKhOQSYgcZBEjnEM1DOMnYMItyOI9uK312GMGNo%3D\"}]}\r\ncf-ray: 9a45a58aceb24e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4457,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"ee90eb536046c44388aec1b0a15df0d9","sha1":"08bf97a384e4e5137c296dada172ef90bfdcd955","sha256":"97b072c7f82deed341f92c0fbf8ddd775e627798c8edaa81badf6f87180539b2","sha512":"fc5dc9db16a5f712bdb1b0139bef39ad64f9252ece337bac4b6a5ca3f44bf290673b470e4f9f96b4abc0a06b7e55c44822fb3f6e6c577749f4a19efd8aec4ce8","ssdeep":"48:Eg0ntkLTL0JUsn6tXBSx1DG5uN6NE2KhgzMLODlwNDvUYG/WWnu2VVYhORO0g/II:AtEL9snXN8uNiKh+WOlAr6/WUbiORbi","tlshash":"c4918d46fae44d56c905d28318788fe8ab74f715869f1500516801eccd80f84f4f6fae","first_seen":"2025-11-02T10:05:17.043878Z","last_seen":"2026-03-08T20:41:40.224284Z","times_seen":34,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/splash.87882d49.css","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:58.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/splash.87882d49.css HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:58 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\nvary: accept-encoding\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 05:47:42 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z6FMSQskhcvKc3CXDRHE2Esl3YwmfPDeC%2Bx%2FbuOte8NswoFKM0POEJniKnUEtuwRQlAYFRlGUeVUL8IXyfiDZAT4Nnu7e4CJQcneLOk%3D\"}]}\r\nage: 7892\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\netag: W/\"691f115c-dd\"\r\ncontent-encoding: br\r\ncf-ray: 9a45a57e4fa64e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"87882d4964f89ff0a6705e073a29515e","sha1":"87b467cd3a627c9d4880d205cd98d2ee3f2a4518","sha256":"2109232839816a6531a10ef471b44b7485aa90d7331bfcd5cbf9227c2c0c2917","sha512":"1449d6b8d84739b786751b0811336be2b98d1ac32f7eedbe3ad8b2225ea1d8ea828f281c2ef9fab1913e27bb53415962334a5e5c747948f5be075ba56d77a9e6","ssdeep":"","tlshash":"42d05ea12676f03cd875b01a929c899c0274d04a9a325e98eb48b827958d5e528452a0","first_seen":"2025-08-15T03:39:41.530647Z","last_seen":"2026-04-05T13:13:39.005873Z","times_seen":252,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"srz.salesmartly.com/client/log/log?plugin_sign=4feb3856f89e406862696c9230cc2272\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902755\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062","fqdn":"srz.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srz.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 10:01:00 GMT","end":"Mon, 16 Feb 2026 11:00:57 GMT"},"fingerprint":{"sha1":"B8:7F:BA:F0:14:CB:9A:7C:67:EE:76:AF:D3:02:5A:DB:ED:46:9C:93","sha256":"0D:ED:10:48:B0:E0:8F:D2:F3:8C:32:C0:0A:BB:D5:A0:3F:A4:73:D4:F0:61:65:6F:56:6E:F3:BF:0E:85:79:81"}}},"request":{"raw":"POST /client/log/log?plugin_sign=4feb3856f89e406862696c9230cc2272\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902755\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062 HTTP/1.1\r\nHost: srz.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 943\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":943,"data":"log_type=CHAT_MSG\u0026data=0qH8PTXG1nmb1nohMhHGl2cEI3Fqyh8htTV8rCyiyQV%2F1Ncb1nmvrN%2BvsVzVfGHWfhypyGcW19X%2FyAKhI2Dms2cvM3X%2BI5vqlAfjI2Y%2Bl564IesmlnOqsQrAl3lhBdHQP3zSN9VvyAKhyh8hrQjWtazqrnshMhyhBdHqP9zwNScmf3DhMAspyGrVfGIEP9khMhH9lCkqMdk4lCkjN5OSIAySIAljMeRjl2vhBdHpsnmGtnuGrCyiyQX%2FBXX2yh8htNHpyAKh1Tc4fTliBqzStSf%2FsQ45M2R%2Fs9zwB94W13zwr2z%2BrQrEP3V%2Bt3XeP9cVUNYqP9uvf56jHQIEreaSITcK12u%2Bl2HQlG6jlnXVl5okP2cq12ohBdHasCyiyvaW0QVpP3OWICk8yd%2BN1nmvPSt5yOmDyeO8BA6gyutEPAs4MqYkIAogyTH9MAO5Idk8xCYTrnIZPqFqleO8leO8lCY31NHVrQzkB5O5Idk8ydypyGX5rNHb1nohMhySlnH%2Br2v4M3XAMey8reOarADaIQcAIAf8l9O8InXvsqypyQjWrazvsNc%2ByAEgyQchXQXqf9VWPhyilC8hrN%2BEfScEPQtnrNH51nz%2FyAKhyh8hrNHqPSyhMhHgNdHwrNI5sntVNdyiNdHYy3aat3u41nz%2Fy3z8rNH%2Bt3VWPhYSsNlRsNc4rna8t3Xvy3z%2Fy3ORr3u4snH%2Bf9DRt3%2B%2BtdYv1noRPQz4y3upP3zSy3aat3u41nz%2FfqmfyG4hBdH5t3zqrDm%2BPnX5yAEP0qH%2FsnaVyAKhf9uprNIwsNH4PTVbfuzGl2cEI3FqN9jEfSohBdHZrNVosNcKyAKh1nohbXazbo%3D%3D\u0026base_encode=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9a45a59a4f168deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"77e652f404f47086bb49598b43b92d9a","sha1":"9b4981aa40e98879d7f2efda3261e0f0c76a0d78","sha256":"052a4866127cab399192f6179141e92ce42742a7c09ccf7a0ffba2f0583869b5","sha512":"70e55dcdfca4754735386a3074c028d1047fce9b9d946cc84c2ea59d57799ffdc8071abc4c62142e2a1c319a948ad71eb696e0892bcaf1ce41f4616026a6bb63","ssdeep":"","tlshash":"bf900433341cc3470d05504f50053715d0f410500f104751ccfc0314430c4d57143410","first_seen":"2023-08-03T19:40:41Z","last_seen":"2026-04-06T07:34:33.690617Z","times_seen":1639,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/DownloadPopup.3ae3a1e9.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/DownloadPopup.3ae3a1e9.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f115c-3f76\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 10:37:06 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nage: 4504\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q%2FytKZbdDKKvgkSz707l2s1rNCSCaWP0yTK5kdqXicgLRfAqbKi1npwYVETPuxn7tZ9ceK%2BEYXzAhfYVoLlF4ElnKYscJyzmK1cgIWg%3D\"}]}\r\ncf-ray: 9a45a58aeed64e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16246,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16246), with no line terminators","md5":"7cf01deb2ff3ce4ebd35f7a406065cae","sha1":"858ebc1c8d680b2e8e051d39442331e4f3962f1c","sha256":"a8ba7ccc1327b1e57e5f18c76d5dc6fc84a225ea965f0726fe3126a0175767e7","sha512":"5d6049c9ec16972458360197f67f21c9b13e3c33a6fa28c926c9e609d1cee705f48811c49c1a1695469d93ef01266e612241edd8b2163e578bcb8024c953917c","ssdeep":"192:TNCKKa5VioaVlpnDq3CJFAFf684eQuWbjNCGedIgbmQ1vr1s8txrtDfia2VAXVad:TgCH6+3CJFKy8eMBRtxrwPVAXVY7/ZD","tlshash":"d472f609f662a0bc44d901ba943f4a05fa241e4ca434ac15767dfcedf8d1fad5339a3a","first_seen":"2025-11-02T10:05:17.026482Z","last_seen":"2026-01-06T05:38:19.689561Z","times_seen":20,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/GCSGAME_gameVendor?merchantCode=bm39mmkf7\u0026ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/GCSGAME_gameVendor?merchantCode=bm39mmkf7\u0026ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Timestamp: 1764120900424\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: v87mgwa718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: FREEPLAY3, COMM3\r\nx-elapsed-time: 4\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wbT%2FjIzDb%2F0cgCQUD8SbBtZmdDEHyOIKc7A6jRSDOeae0gvZI%2FNqR67DNSBs94wEeQ1rco3VbaEr2faE5mht31wgEmv0ZgTGc9%2BKLi4%3D\"}]}\r\ncf-ray: 9a45a58ce9344e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95228,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2713213bca60fbd35ffb10e694301d09","sha1":"f2f293107e2778e073536a33253e32b07deb7b23","sha256":"94459f49df5b2b88d585b500b68f06344a5a2589e86200ed329ff3959b4427ea","sha512":"bdaf1218fcd525c860826a32714118ae6dd2f31c9c96cd8c73ce7b485be78164c9602fe5ee4dc93ced9b517e33da9f7fbcd59dbc625c8a41155fb731d2cd4316","ssdeep":"1536:+D5Dgcx3J37yfZItQ7bU6N309jJQZjQ7bEJg6Y56O:6Dxp97KZItQ7bU6N309jJQZjQ7bEJg6S","tlshash":"d893e29be668a473037647c0318f7908952f441f9dc6fb5aa548cf08e4f5fa983a52ec","first_seen":"2025-11-26T01:35:43.518651Z","last_seen":"2025-11-26T01:35:43.518651Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/bank-2.f5322a90.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/bank-2.f5322a90.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 3159\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-c57\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 15:29:43 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4502\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hmA9Vzv%2F77uwGnzBcOkIqAb3bnAwokjp9JfYWDchDaLvNpvrSFfI82WxwUfpdM6yk6lr%2F3uXD%2FuV%2BnmAcmSasJlmhz%2B8dHKW6hqrapQ%3D\"}]}\r\ncf-ray: 9a45a58f3c4e4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3159,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"f5322a90c663b1917e41e1f71936cd46","sha1":"d219937692da68cd3eb33744809d6738acaa8091","sha256":"cf8515f4334b4c0c67611fa595a94b53b12ef32521fdb12e84729cec51156170","sha512":"9ab9fde1d1a2a89d9ecd95611f160b5311550b15d4375b00ff77a2dfe08385664f7dc2d7498f264401a382929d18d2ba5f939e8dcbc77d410b59b2aeaaf376b0","ssdeep":"","tlshash":"93514da48454a14fc3d8e597460ec87d4dc88f83f04e5ae2e077c66e03f916bca6575b","first_seen":"2025-11-02T10:05:16.897902Z","last_seen":"2026-03-08T20:41:40.274533Z","times_seen":34,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/menu-slot.201f1def.webp","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/menu-slot.201f1def.webp HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 62410\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-f3ca\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 12:24:21 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4508\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xBG6tA0n968%2Fim9L9857DaWxIYsSp9JxZAiYQ9ISJau%2BFaJhHnoDfU7t%2BeoFR6xJk9Qz0DqpydsbqYg28PXNB86brl8pdqzL4S%2BSrTA%3D\"}]}\r\ncf-ray: 9a45a58f8c8f4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62410,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"201f1defcbf1d63b7780d270b3cda4e9","sha1":"4d90e6ecdd32101ed7e0f13ad53ccd8688163bb2","sha256":"6fa2bc0433b01950f8800c9f7a6a7d9dfb474969fc3516e3896fcec737514332","sha512":"92ee98509600d241c83bb0c9842e6efc6d9772ed87af6ccae1f698140559c522e3e52be4958d9b292beb6d233c69d80ee27abdf3bff3b030eb6fe4a33b29ff7f","ssdeep":"1536:SqI0Wk/0Aj1pqUfOzXvQBe1jVXVCJRBV2PIrS9Gmfs:abk/0y10UGbYBeLXYJRBVPwGmf","tlshash":"4e530222a8cd74e8b30fc5e91408a756d50fcc7e141e277c6b6a362e26ad18c949f99c","first_seen":"2025-11-09T08:42:38.476409Z","last_seen":"2026-03-08T20:41:40.249195Z","times_seen":33,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/menu-newlottery.f5094fe1.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/menu-newlottery.f5094fe1.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 64894\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-fd7e\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 13:20:37 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4499\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VVrNKLuA81kJS9VPdDptofQqCBoc%2BVrq7vJP62p%2Bw1EBOUy1xGranxIg4y%2B5JwKGmoJomC90HH6vwTxjNPjvbIl9CY2IJAQUXZj%2Bg38%3D\"}]}\r\ncf-ray: 9a45a58f9cbb4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64894,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 660 x 660, 8-bit colormap, non-interlaced","md5":"f5094fe1d177eca5ca34da556fddc50e","sha1":"121ae9eb57e4a992cd3c215fedd5a3cd02271f1e","sha256":"e6147f10003232d0c149d34130d025e1bf54726e317df0af67411fd31f94cbb9","sha512":"ad646c32635fdf9f9549bb8eae3adebc37ff30e6e2a48e2b86b87f6016397eb6bc88f0106dd665cd5af16d33b55372e093981dac2a7aebfbed1347a0b38296fc","ssdeep":"1536:uJGB7A7LVDPeeoFiuVaBogMFPMb6bs/aMLZmnWfmQwvKgprt2gI:kBL5PlzyNgWPUl/a6mnWfPwvKgP4","tlshash":"b953025fddf4ebc4c636ae7480e54c8c6776490e48e822a1e4e8d55260779c8be37bb0","first_seen":"2025-11-22T16:37:35.988258Z","last_seen":"2026-03-08T20:41:40.212197Z","times_seen":21,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/system/country","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/system/country HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: r809swa718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BllhMvOAMkKYsbyND9AdJZ3TwWpHEpHOh%2BF82PMJOMU0PAv3HbY7FMOZQydrE3BT76kVeuWqtjzr772hUcFlRkmmQFN%2Fy4TrZqnJ75w%3D\"}]}\r\ncf-ray: 9a45a58cd9244e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12197,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (11318), with no line terminators","md5":"1976ec2d28ae148c57b46b726a170c2c","sha1":"6c32cfdebdc9b2f1f60a80de9e5b4c809a0f259a","sha256":"a6e4257612ef07f0c983ae7c4a8dde3418b882249469942702d658061dc930ae","sha512":"4afb3222f0df0187488ca17f8da6941bd79594c0f1fe26c0fd09944d9d4b9e4ccdefb827c4bd1bd2c236e18db14b6930be2506898dc4f2fcd93b9761a92682d1","ssdeep":"96:4jOZwkPVnUSDUx5hxFD7xk5ViPDFthda8fTL6lkD+kavc/o9Md2aWPaCKxm5OGe0:kYRgSHwxwwV51RmT","tlshash":"aa427b3e640ddfaefd36ffd9b04f362554362944d2b8240acac05b727b95afd21214a8","first_seen":"2025-10-26T20:00:39.489053Z","last_seen":"2025-12-03T13:25:30.600317Z","times_seen":38,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/TCG_GAME_ICONS/PP/EN/PP0349.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /TCG_GAME_ICONS/PP/EN/PP0349.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 13256\r\ncf-ray: 9a45a59128592efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=13819\r\ncontent-disposition: inline; filename=\"PP0349.webp\"\r\netag: \"6915a36b-35fb\"\r\nexpires: Fri, 28 Nov 2025 16:57:53 GMT\r\nlast-modified: Thu, 13 Nov 2025 09:22:51 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 230387\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13256,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ba4aa350b5184f0bf51e9a9cb8e7ce32","sha1":"e00be6f25485f4ec24486c62a78b4b34a9db28b6","sha256":"4bbdd720e6a7b38e20ef55216540157f06d39d1574e3db2b3c26a3ff208a9aca","sha512":"19e52dd73652b9148c8584c9b78a83af3f8ed28f4c41e5083206c46422e962b2e94ce0900613434bdc365d09bff3b2dd6361c662bcbc20b49380894e3ed8ba96","ssdeep":"384:1xf6574WOlueeOe2e4s5G5gQ0o5luX3On:7ehOZN+/GlJn","tlshash":"9652d0f7f9d7443d401285eb4d2e7ed92141e2952962596b1f868ef8223a50cc0bfc37","first_seen":"2025-11-26T01:35:43.522307Z","last_seen":"2025-11-29T05:51:21.586397Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/install.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/install.js HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: AliyunOSS\r\ndate: Tue, 25 Nov 2025 08:27:29 GMT\r\nx-oss-server-time: 3\r\ncontent-encoding: gzip\r\nx-oss-request-id: 692568718211433537689195\r\nlast-modified: Mon, 10 Nov 2025 08:26:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13841256892365985859\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=600\r\ncontent-md5: g69yRL9w+ZAEIJSToz+qeg==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: PZmr6A-3noVQ2yyau51PjPzZlZyAj-uqY2NvYG5Y_95jGgLY4-1ZAQ==\r\nage: 61652\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":20541,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20541), with no line terminators","md5":"83af7244bf70f99004209493a33faa7a","sha1":"c44c481438beeed3454788e62e8482ec7a91aef5","sha256":"74f037cedc02034f64c41a541baa3b52ca0bf202a23834cd08b477dc5b9d17b3","sha512":"87dbfd42110a2beec70a63579576d83e686178d2de078e2e70c59aa9e7dfcf26b4e8b909a2e77cb9fee14da0d11f49b8aba453f787f418084b283229c4438d1f","ssdeep":"384:BbyOPN5pAeLaCobr0yB0YjyyPDyL1hmGadeBPq0wQU:VyOPfFyGxTLGdeBPkl","tlshash":"9492194834693c78429e5b3315fea214307f1b856931c0a0f26ddbb96b78d8a5177ebc","first_seen":"2025-11-10T12:55:36.427742Z","last_seen":"2025-12-03T21:30:25.018368Z","times_seen":284,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"client.salesmartly.com/js/marked/v14.1.2/marked.min.js","fqdn":"client.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /js/marked/v14.1.2/marked.min.js HTTP/1.1\r\nHost: client.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Tue, 25 Nov 2025 11:41:47 GMT\r\nx-amz-replication-status: REPLICA\r\nlast-modified: Fri, 20 Sep 2024 06:38:39 GMT\r\ncontent-encoding: gzip\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: JFBntxsrfZ64VoXBE8CHtNjr4.xFrBV4\r\nserver: AmazonS3\r\netag: W/\"4726c8d370952011c5137ee8e13eb6bb\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: KFTxC5t4ESAQm6KGUjOwE4kMLD1KaLTdGmrHEz-irYiFoCBGMkK6gQ==\r\nage: 49995\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":36489,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (36340)","md5":"4726c8d370952011c5137ee8e13eb6bb","sha1":"96c7a41fdc5d4530bb46f1a629f86ecaf068de82","sha256":"eeaba2c06a990d4602b4142cce579f4cce16fba404e6cc82c5c2f7ccb1e7bd1f","sha512":"6d7c814f6fec623660d43ef29034ba789484e0314354f247bdb4407dd7d82abe88bacac2cfbc009929b7eafcfd1bcccca1bdb946faaef74bdfb77248ef5ca071","ssdeep":"768:aH13NvoICzvRDEeJX2QLGbdpB+xJhuLPbBc5jI0sJMF2/bOCbnEytnbBOmVzFoso:aHOXo5ECPbBc5MB2A/blnEMRoaM","tlshash":"67f2094832ae3a6987d439e66cf81060e27f8e68344c545cf664f5f37c2690a61ebf70","first_seen":"2024-09-13T03:55:13Z","last_seen":"2026-04-06T07:34:33.702233Z","times_seen":1727,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/mcs-images/announcement/bm39mmkf7/1763888499345_%E0%B8%AA%E0%B8%A1%E0%B8%B2%E0%B8%8A%E0%B8%B4%E0%B8%81%E0%B9%83%E0%B8%AB%E0%B8%A1%E0%B9%88.webp","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /mcs-images/announcement/bm39mmkf7/1763888499345_%E0%B8%AA%E0%B8%A1%E0%B8%B2%E0%B8%8A%E0%B8%B4%E0%B8%81%E0%B9%83%E0%B8%AB%E0%B8%A1%E0%B9%88.webp HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 125366\r\ncf-ray: 9a45a5935aca2efa-OSL\r\nlast-modified: Sun, 23 Nov 2025 09:01:42 GMT\r\netag: \"6922cd76-1e9b6\"\r\nexpires: Sun, 30 Nov 2025 09:02:32 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 224874\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":125366,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x660, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5e624c16820552c403470c4a1e7324ae","sha1":"0436b88db516e23cf39d8d3468b8032103898673","sha256":"7149363f97e35d26d067658189b9ac5269dd2735bf1c9f61b313f5e3591d3ec9","sha512":"0072c277f77e469864c059e845da25091867294ca82a022dbdfcdb241f3a2412f237cc140b55842b2223349b88e7ab506fdd91066463cf651d26439012423343","ssdeep":"3072:Vsbz8jbH3iRM5jve3NXEPb9WyfCL+WmWYUP6Baecf:VsubXXlRxWyfRnk6Be","tlshash":"4bc312b964b056e07f2727fae98a1d41e6b706d789829f9c2ff5e850f102654f88c870","first_seen":"2025-11-25T06:42:06.067415Z","last_seen":"2026-01-13T22:36:12.442576Z","times_seen":17,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/lotto/lott-common/bettingCompress.22844977.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /lotto/lott-common/bettingCompress.22844977.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 08 Oct 2025 08:43:38 GMT\r\nvary: accept-encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 02:03:37 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KL3NWZcgUUdWLeXhl%2FThP5JXNMYJggpK9kwT6UJ9HRljudzLWGRiCwSpYJ7JqRBdgg6Ilna9%2BpCxivVE9JvghKfDI7jjkDAgVQahQD8%3D\"}]}\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\netag: W/\"68e6243a-35f\"\r\ncontent-encoding: br\r\ncf-ray: 9a45a58d69ea4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":863,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (863), with no line terminators","md5":"0e9473155c92891f4386dd0d8069e9f4","sha1":"9267afe6b0d97cf53172044ae9a42265d9a3d363","sha256":"a0e031682a12d70795625a3dc3b2ef78cb8e1df947e2624b6af6e4c29f51ee1c","sha512":"fca9d9ce963c1d918968709e1d4cde135d229c86f061ebf6424e7795b0f82a387090afec4e53a14f6b08b4b818bccaade875977c4b9240694221c067b5ed9624","ssdeep":"","tlshash":"e611ab5930c1699a12a2f568c90fb31e54664e2012cae018ca1ed88cbe755fa85a2da8","first_seen":"2025-02-23T00:29:24.577675Z","last_seen":"2026-04-06T08:29:59.429486Z","times_seen":2017,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/menu-live.459c4f12.webp","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/menu-live.459c4f12.webp HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 20256\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-4f20\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 21:45:34 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2%2FB%2FZYt0KuGL%2F0HUlfDf4L7BYEaesREwl0%2BgaKCxIOkx5n6jLOH9JJnIMqJgR4D262qyvhevlT96%2FVeBK6ig%2BZr%2Be70NmDB622oEU78%3D\"}]}\r\ncf-ray: 9a45a58f9ca44e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20256,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"459c4f12e39b17fab60e4bec90a29ceb","sha1":"e10e62b239f173f7a18851ce346e2821c2ad5508","sha256":"c9a80967934b204f98dcb986a85bb61eeb0aa5a33fb19fa595e9587fbced17bf","sha512":"2953f38e4b7f5751025603151e28121353190b791576e1392c4aaac2a5f9355ae96aa3600edd9e9e1138a73f23a8c3b5665a4fa25fdbd0f3c8072315f5daf321","ssdeep":"384:kCgZZhZT98iGJJcwkk22ihGKot0bj6aiOjwAwD1mzxWrT/I1Jwo:kCgPhZT98dJcjkvFWbriAvzxQT/I1","tlshash":"4792d029945ddaa8dc80695ed4d73103c198881ccf3acce9967a915ef305f2023b360e","first_seen":"2025-11-09T08:42:38.496935Z","last_seen":"2026-03-08T20:41:40.250113Z","times_seen":33,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/TCG_GAME_ICONS/SG/EN/SG0128.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /TCG_GAME_ICONS/SG/EN/SG0128.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14938\r\ncf-ray: 9a45a59108412efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=15776\r\ncontent-disposition: inline; filename=\"SG0128.webp\"\r\netag: \"6916ef3e-3da0\"\r\nexpires: Fri, 28 Nov 2025 18:17:29 GMT\r\nlast-modified: Fri, 14 Nov 2025 08:58:38 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 306742\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14938,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9f7281e018e6296564493ab703e10639","sha1":"3ae75e284f36bb2e6cfdb05f4b8e8c6bee82730a","sha256":"c5cbc8cda801938d6da75ce0cdcb9e1eb2292eae1b7b427de651ba13b077bd00","sha512":"2c73c92c46a06557e2bba7054fe8ada4651bebb78e3c4e23d7be9d6cf8f62a501fc0e9536cf4512d2976797e5b343e85ea20513575434cf81438c09bc7309251","ssdeep":"384:ZdGQb/WDtr6UXiS0XulIUXVb3RgtbIQgwrac7X:Z8qWRi5ultLmtbIQg7E","tlshash":"bc62b0e9ee122a938f5ad9502b86eb6801fbd6b3711cbeb43537c40c89311a9d430757","first_seen":"2025-11-20T07:58:50.089999Z","last_seen":"2025-11-26T09:58:32.17206Z","times_seen":6,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/TCG_GAME_ICONS/JL/EN/JL0136.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /TCG_GAME_ICONS/JL/EN/JL0136.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 17696\r\ncf-ray: 9a45a59138732efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=18423\r\ncontent-disposition: inline; filename=\"JL0136.webp\"\r\netag: \"69192b49-47f7\"\r\nexpires: Thu, 27 Nov 2025 04:03:27 GMT\r\nlast-modified: Sun, 16 Nov 2025 01:39:21 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 495453\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17696,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"050739c97bc33dc4c3c9c223b8946e41","sha1":"50014c890d49c1cdef8389aa0a752629657a757d","sha256":"1452d4c6ba977ab4ed04c21dc27716edfd37accef60c1658b45b8291b63ff339","sha512":"b390498d95a982e2c9aea802245c9fd366cb7ea3e05cf363434e7832aa6262f647c28863ad5f1f326a1a045525a86aa579e2ca5117f973142840d2300cff8a96","ssdeep":"384:4RsdV0h6Q2IUS3BM9EwC42eT+FheQ2E/ZFTWcjBoMNawya2:4R36s3BM9EwC421hV2E/ZFTWcqMNua2","tlshash":"8882e1b274e00fbd59b447756faa5ca0b29ffd5d4d209b2d813c0bcd49d062b4e85c42","first_seen":"2025-11-20T07:58:50.283868Z","last_seen":"2025-11-29T01:14:41.401803Z","times_seen":8,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"srz.salesmartly.com/client/log/log?plugin_sign=fdfb7c9e4b474b986c7616c70af8a723\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902024\u0026_lt=\u0026_u=\u0026_xma_=","fqdn":"srz.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srz.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 10:01:00 GMT","end":"Mon, 16 Feb 2026 11:00:57 GMT"},"fingerprint":{"sha1":"B8:7F:BA:F0:14:CB:9A:7C:67:EE:76:AF:D3:02:5A:DB:ED:46:9C:93","sha256":"0D:ED:10:48:B0:E0:8F:D2:F3:8C:32:C0:0A:BB:D5:A0:3F:A4:73:D4:F0:61:65:6F:56:6E:F3:BF:0E:85:79:81"}}},"request":{"raw":"POST /client/log/log?plugin_sign=fdfb7c9e4b474b986c7616c70af8a723\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902024\u0026_lt=\u0026_u=\u0026_xma_= HTTP/1.1\r\nHost: srz.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 622\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":622,"data":"log_type=CHAT_LOAD\u0026data=0qH8PTXG1nmb1nohMhHGl2cEI3Fqyh8htTV8rCyiyGtEPVzpP9uvyh8ht3zZrnkhMhyhBdHQP3zSN9VvyAKhyh8hrQjWtazqrnshMhyhBdHqP9zwNScmf3DhMAspyGrVfGIEP9khMhH9lCkqMdk4lCkjN5OSIAySIAljMeRjl2vhBdHpsnmGtnuGrCyiyQX%2FBXX2yh8htNHpyAKh1Tc4fTliBqzStSf%2FsQ45M2R%2Fs9zwB94W13zwr2z%2BrQrEP3V%2Bt3XeP9cVUNYqP9uvf56jHQIEreaSITcK12u%2Bl2HQlG6jlnXVl5okP2cq12ohBdHasCyiyvaW0QVpP3OWICk8yd%2BN1nmvPSt5yOmDyeO8BA6gyutEPAs4MqYkIAogyTH9MAO5Idk8xCYTrnIZPqFqleO8leO8lCY31NHVrQzkB5O5Idk8ydypyGX5rXz41naVyAKaIeopyQjWrazvsNc%2ByAEgyQHqPSt5rNHbfSX8f3zqtdyi0qHAP9zZ1nX5yAKjBdHpP9I%2BPuI4PSH%2Br9DhMAuzBdHAtNHqrnm4D9Iq1NY4yAKhyGaz\u0026base_encode=1"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9a45a5962cd10883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"77e652f404f47086bb49598b43b92d9a","sha1":"9b4981aa40e98879d7f2efda3261e0f0c76a0d78","sha256":"052a4866127cab399192f6179141e92ce42742a7c09ccf7a0ffba2f0583869b5","sha512":"70e55dcdfca4754735386a3074c028d1047fce9b9d946cc84c2ea59d57799ffdc8071abc4c62142e2a1c319a948ad71eb696e0892bcaf1ce41f4616026a6bb63","ssdeep":"","tlshash":"bf900433341cc3470d05504f50053715d0f410500f104751ccfc0314430c4d57143410","first_seen":"2023-08-03T19:40:41Z","last_seen":"2026-04-06T07:34:33.690617Z","times_seen":1639,"resource_available":false,"data":null}},"time_used":728,"timings":{"blocked":76,"dns":15,"connect":9,"send":0,"wait":575,"receive":0,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/system/collect","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:05.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"POST /wps/system/collect HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 57\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c; _ss_s_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":57,"data":"{\"merchant\":\"bm39mmkf7\",\"value\":\"api:status,elapsed:271\"}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 26 Nov 2025 01:35:05 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U9N81NMgGDnukGUKvKaWAK5Nu0dGPQ3TqZovZvSt60MwtP%2BxhpH8i9MgtjwngzRQr5mAk8oFiQMma%2BGYW98DTedn1iAD%2FdGYuhsbImQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a45a5a97f5a4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/chunk-common.538ce4f2.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:58.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/chunk-common.538ce4f2.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:58 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-899c4\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:23:47 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 7892\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cSAxbHL1j8eFCOqHy0l16lWQ1u16nY9UITWgNUUS1P3A4vi9RTy7OvLk9j2S6fTgkfhXvPR7ZmK59awwLKfa196AjSLzPClMGe0b63g%3D\"}]}\r\ncf-ray: 9a45a57f58a54e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":563652,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65530), with no line terminators","md5":"9487ea477e6d4ce292b9dd170aafb9ec","sha1":"6268bc34457fb7615ad991aa5ae174d1a55948f1","sha256":"65e3227c212a0090405fa60328b71e3a3d89691f8d712c8c47d269a3a06bb029","sha512":"fc03a5dc7f7d8951dcff4cc9452a001322ef4b0cc4cea1ee11537b9785ed1331f9ae82192c32f629dea54a435e30aac4cd3069db2155e69a75bdda8911bbecc4","ssdeep":"6144:C/fK3iHcD7EEv5e3hbUh2RonzU0n6lkbUBz+XRf32SOb8P8V853FnTIWDtN674Yg:C/OEq5e3JUh2RoT8+W2HnTxtQkYcAk","tlshash":"38c4f789b5c3f0a902f781e9d03f5216f23a2949340dd814f62acdd67d69d8a8137f7a","first_seen":"2025-11-26T01:35:43.528614Z","last_seen":"2025-11-26T09:58:32.173133Z","times_seen":2,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/PROMOFE_getPromoCodeEnable","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/PROMOFE_getPromoCodeEnable HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: dtedj0h718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E5z5x6DIwX0v8ZV1JLIGTYYiwcssRW1KBgElmmPaFzxIAXfKUveP45QsSJEXbnFDRXzphahsAIKWZPp6R1ZHKYJNGAyBZahMyOYl9CM%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a58ce9404e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3961e890485c56051ce3bef421524dbb","sha1":"da0ecebe6a74fbcca1e5cce6da3dd423ab9e7e46","sha256":"397614303f0605e6c81dbcbf35187a0e5f2f376363188d8bc71985b69be0ff35","sha512":"52868cca07cf02c3b898ae6f3888440df7f1d664deef0bca5e7ee488d44283f6964a72e85cc6db6600d6772eb71f4f91d6194cb08fb93c13df5bab932f703119","ssdeep":"","tlshash":"8d900201141014a69002520015385b00346804565112a0599148806869e29051243846","first_seen":"2025-08-10T12:55:52.39708Z","last_seen":"2026-04-06T08:29:59.491404Z","times_seen":610,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":459,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/menu-newpoker.206768a1.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/menu-newpoker.206768a1.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 91380\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-164f4\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 13:22:50 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74655\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V5dwdywJKs3J6U4o2BQsT2W8wrr1HyuvqJTXWoRS1Od5JKmq4MaiLfFyZwFlohm95Wuh%2F%2BJxuSi54Rl4sZcLiDMNlnDJC7F5aMrvQs8%3D\"}]}\r\ncf-ray: 9a45a58f9cb94e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":91380,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 660 x 660, 8-bit colormap, non-interlaced","md5":"206768a1e4b92b0fca00e0d414f766aa","sha1":"1662e15d17430995c9cf15d209b68c8597b0360f","sha256":"06004a62a7496542b29ed1ef5de998e5a9f1a2a0f3dd8f9108b485e0551398ce","sha512":"12d4ef554a745cff65db2ae2c26ab59c0a0b8be04ce8b90be1a970ea65a723c6ef1140fd6cb60e5f3275ab2502448abb3b3027a2b302ae24a301ae3331c0ee7d","ssdeep":"1536:2hk/wyVTcnQVOs+w+1SR4BYb5juqzrGys8K6cD/2dJMUtBk44vYgnypGaPaCf5l/:ak/w9nQ9CBYb5jueCxV6cb6MqiYQyAa1","tlshash":"ec9312b57f89e9b2c323563e6e1a8d8cdb0c5857d97484f92c0841611e0abcb57e1bca","first_seen":"2025-11-22T16:37:35.893748Z","last_seen":"2026-03-08T20:41:40.075017Z","times_seen":21,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/GCSGAME_gameList?merchant=bm39mmkf7\u0026clientType=2\u0026platform=html5\u0026gameName=\u0026gameType=RNG\u0026pageNo=1\u0026pageSize=10\u0026vassalage=\u0026gameClassify=\u0026isNew=1\u0026minBet=\u0026minLine=\u0026language=MY\u0026ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/GCSGAME_gameList?merchant=bm39mmkf7\u0026clientType=2\u0026platform=html5\u0026gameName=\u0026gameType=RNG\u0026pageNo=1\u0026pageSize=10\u0026vassalage=\u0026gameClassify=\u0026isNew=1\u0026minBet=\u0026minLine=\u0026language=MY\u0026ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: \r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: waweceu718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: GAMELO3, FREEPLAY3\r\nx-elapsed-time: 3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=49JQGi8F4L7p8JVVoYv%2B3dLVeO0z4m73ueTzCEp0Kuhxng%2FwO6ophbZy7K2v2jZVP74YHG81%2B6WjDVNF7J03mHHUR5UArK%2FMWNiNG7Y%3D\"}]}\r\ncf-ray: 9a45a5905d464e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12203,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"addf7dbaa205a5b48b243250964f8c6f","sha1":"1a34932235938608faff9d2558a1d7592a53f27b","sha256":"09e20ef01340530797210142907429917df42beb8e9666f52c2a56741ea2e1c6","sha512":"9e324f636519d9d1dddf041033db702a8e184be7e3d94a2841ea9008edb2b42b990f1298773ea7dddfa8d8a0a9a6031e8524df144144386ae370c372ebfb5c9d","ssdeep":"192:2bj3wiYXi8vA2D3QbDAmDG6wDjD+7HVoB2c2S5BsI2DGxEu85ggYznFthonthG:Q3ZB8xc2OVANR2ojJ5H","tlshash":"d242742cd6596ef5521682b4218f7fdbd58e122b6dc8ca20a3b18ec8c5f777d830534a","first_seen":"2025-11-26T01:35:43.538349Z","last_seen":"2025-11-26T01:35:43.538349Z","times_seen":1,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/TCG_GAME_ICONS/OCT/EN/OCT074.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /TCG_GAME_ICONS/OCT/EN/OCT074.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 12256\r\ncf-ray: 9a45a591487d2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=12579\r\ncontent-disposition: inline; filename=\"OCT074.webp\"\r\netag: \"6915503d-3123\"\r\nexpires: Thu, 27 Nov 2025 04:36:02 GMT\r\nlast-modified: Thu, 13 Nov 2025 03:27:57 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12256,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"64e0de6f520bc7c882975c25bbd7a5af","sha1":"8011289e19ad15767f402734d11e851309608d31","sha256":"6e2cbfe1a1c793d1f1be8b3d4ec86c9c51e943b36039ca6c9d63b6fcbe49557d","sha512":"ad7f0f1840b6224ba876aac633589fb7c9427f4f80fee65468349432c4c073f2df190495c3c77940fe588cd22b17e6c52a9bf54c8186d18ea46476cff81a906e","ssdeep":"192:Pws8/kkClTCXBi1po2SIvBSQO7ujQB9kMB0wDFU+4aylZXdBipfnRuR93xPggsGp:os8c3CX+tSI4J7ujQ7hFUVaylZXIyxog","tlshash":"0c42cfb061ef24cd6e17831cb92b5e6be8708c593a51bc39a8f2ffd42cc5116c1e6894","first_seen":"2025-11-26T01:35:43.541505Z","last_seen":"2025-11-26T01:35:43.541505Z","times_seen":1,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/v2/system/status?device=MOBILE\u0026originalDomain=proads01.bm398.com\u0026url=www.bm398.com","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/v2/system/status?device=MOBILE\u0026originalDomain=proads01.bm398.com\u0026url=www.bm398.com HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\ncache-control: no-cache\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: y8vuuwg718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 6\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RJW3UtFSvDb37AjhtUQTotzww0m%2BGlT61AXefih0SoKRcIaZc2sy7UCE1tsmq8qVHYH2iwHVT9YjgpRIVC4B3ViAKrSwzT1aJo06zz0%3D\"}]}\r\ncf-ray: 9a45a5888c334e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18912,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2aecbc86c0c9ac10f7b29f562f865301","sha1":"dba2a96a09150528132116bbc9a64ac85a0fe084","sha256":"6b0a8ff68cfd7536c230fd3d6fa69c90232eb36d8188de4a3f9126f428da2ed7","sha512":"382c99ec367e1ea6a5aabc79c9b7c11dfce966f31cc8fe6a3459cd4e9d35f20394549508411f03569ce06a6952b23272c2892d6a329e0ec94a866f9a990ae713","ssdeep":"192:uOclouIwAlAuTb47E8gTXRxYXirSRkDPt9o/5:uXouIwAnTbQsxgIt9w","tlshash":"f382218d86846e7ed04280d8dc07bf034b7d98372a523db9f4545f58a1fb6fa06344ab","first_seen":"2025-11-26T01:35:43.542456Z","last_seen":"2025-11-26T01:35:43.542456Z","times_seen":1,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/footer-promotion.1812f69d.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/footer-promotion.1812f69d.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 106757\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\netag: \"6925f3e6-1a105\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:24:10 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\naccept-ranges: bytes\r\nage: 4507\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CRqBv307AzPQoAmTYJQNy%2FSJwauItneNS7MlkIDkfRrDG0EB1Bb%2FpPb%2BD1AQB%2FxreNr7dwSK%2Fj6aTfNoolcW3sKFVAEbmsvkJS46tyY%3D\"}]}\r\ncf-ray: 9a45a58bbfcf4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":106757,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"1812f69dff368f4c47bf043db8c081ff","sha1":"6fe541ad733d514b8f16e8a855bc8e8ee6ed0815","sha256":"eaec7648fac9e59cf1b93e1ec8346c6ce375a32d9a53744a58a56ab2c6a8bd4d","sha512":"867393207a08f7ee0bf017c979fc3833bd16e33ea7ea5f895ba64203a1999d0a76a663db6c49da2543cf6c1034f854f4ff64e3857181f1ac764e21d702c4bc62","ssdeep":"3072:zhOMUlBJfr/UY8WXY7ymWU+5h8OTCgMglF8TUiV6XJa:l98JTspWaCRxBBrmT6X8","tlshash":"2da3135f596254ee06d5c0463a1fc0d2ce8166b5bb0fe419a07ceba7e03759feb20221","first_seen":"2025-11-26T01:35:43.543257Z","last_seen":"2026-03-08T20:41:40.146382Z","times_seen":18,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/GCSGAME_getRankList?gameCategory=ALL\u0026language=MY\u0026limitNum=20\u0026ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/GCSGAME_getRankList?gameCategory=ALL\u0026language=MY\u0026limitNum=20\u0026ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: \r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: yk2dvms718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: FREEPLAY3, COMM3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OJmMyvMCuJ4lcaRiIFU%2FNgClVCX80LgUFfMWIdkvcP0tWiYw1KfSZso6BcyPnm9ryDlDu%2FO7kVHdVJUsgk6BJ0ViQGXOlkam9dmakX4%3D\"}]}\r\ncf-ray: 9a45a58f7c824e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6895,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"73e7d0d48a6b184a7dffe81ed7f96a13","sha1":"999e234db1b2090082297c44797ee988b865d900","sha256":"9b13736fede41784b183f0152fa1199e3fa40b843b4751467b0b39cfea5656cf","sha512":"fd2275e5d00b9cfcf3a1685d7d3235e4e60670fd6c8b31deddc7bb0d64d67ac6bc771327dbeb1da49b85ee3eed778fd8505858ba90de643ad7e258b3732e15c3","ssdeep":"192:S9B2nJk2YEA2ntE2nKW2n2U2ntD2IdAGC2+BQ2P6N2n472I9R2nc02nad2n/O24:KB6CZd6G6B6T6RVCvT2K46mpf6b6M6md","tlshash":"62e10084b26e9caf61b541a0158ef8ddbcfba21b01d1cf657a46edd84cdc77da002398","first_seen":"2025-11-26T01:35:43.544158Z","last_seen":"2025-11-26T01:35:43.544158Z","times_seen":1,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/PROMOFE_getTicketGlobalConfig?device=H5","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/PROMOFE_getTicketGlobalConfig?device=H5 HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Timestamp: 1764120901722\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: 4t3nt7h718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JCyyUqnt1oWl7ub0SQ4HH5Ecm1NWQSKX52FET6k9o6aceSxPRFAXxIQQAWrZOeR9xQcKfyCpVv7f9J5eDBEXnV9SNPg71OXRCYVb9V4%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a59418e94e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":325,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"da84949534d76a885fb603c3868877e4","sha1":"8e0f4913c9ad480cc3277a4c53af5a5669496c74","sha256":"a6e011546286021a6ad4d111226842f30475fa95515682804832ef421a41f486","sha512":"441bb271f01bbc0e7b5a2763b11eb3bef91b6109a3a25eccd25b9b7a5356cd2778ec3218fa7743ca20bba671d13f58630f0954547e0a5511d0ede88fa83729aa","ssdeep":"","tlshash":"c8e07d3d30820c3384a356e5819318c3f41e837654444d4c4c9942063405b043cef54f","first_seen":"2025-09-07T09:32:23.285037Z","last_seen":"2026-04-06T08:03:55.104227Z","times_seen":544,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/app.3332fc23.css","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:58.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/app.3332fc23.css HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:58 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-22e4c\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:23:46 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nage: 7892\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d8MQ6RNJjrFFTZSU7EgAP1FZl7VH11b0VBoPK3%2BZbBZzjmd4vCrDS6qGpoLG%2BjkrJlV%2BJ1W9Jm6lZyTnOMShSq0HKatZXMX4p21BQ3Q%3D\"}]}\r\ncf-ray: 9a45a57e4fa54e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":142924,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"3332fc238bb25825bf0364214be4f0e8","sha1":"32058dc7c932d5930d234f2474e3bf632cb4ec90","sha256":"526efbdcaa443b0f5b7125a07dd6c0e278a52a50f7286380a11c54519b751f9a","sha512":"2582a17b43e6f983db080bac9e2da86bc27e5f4abe8409a89ccc032842884273104b70db93ad280b9d55e4f598547997f33518572049bba0631b10de734d6a4d","ssdeep":"3072:p10ZIpC+YAIBMsCVgLf6BFwjkF/NNEQnv4Q3A/:p10ZIpC5AIBMsCVgLf6BFwAF/NNEQnvA","tlshash":"4bd3e9365e55252da07bc637bad47b8c4a28c012c7131aed7513fe2a8bcf29217b3749","first_seen":"2025-11-26T01:35:43.545601Z","last_seen":"2025-11-26T09:58:32.177734Z","times_seen":2,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/vendor.encrypt.v2.dll.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:58.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/vendor.encrypt.v2.dll.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:58 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f115c-d742b\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 15:26:13 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nage: 7892\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HprYmIo%2BXX42i51wGp2J4TAIN7X0v1Nm9xhzhSsMriJpxRJXFAfy0FxhZ8vqyproiPpoOpatld2kbK2FzG0KkHTceHOkkXQ3Mjms0Gc%3D\"}]}\r\ncf-ray: 9a45a57e4fa94e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":881707,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65349), with no line terminators","md5":"de3f964235925f8116bf7fe58bbc413e","sha1":"8fa4cd59f7ffac428b44db7ed0bff76126172316","sha256":"a13e94749de511d0da9f0f923a772708e7dbcf49f7da553d80a02798621262bf","sha512":"735383998427a4ecb96318ffa756d61c950708e3885134454e8e13cb723bfe3dd2a9efd1d587c266d98367151ba66251484262e9e7540db3bc8cd118de0ebcd5","ssdeep":"12288:9NM98phMNWk3VK/NuhA9D1n9qIxJ3kUHI1Cp1sqkg0E:nYNWk3VKwiD1nkoJ3kUHuCpaTE","tlshash":"101519cd7185b4a247d311b5403f250bb33e5a6e680d8458b6a4e8e9bcb89ad4337f7c","first_seen":"2024-11-30T23:22:58.431849Z","last_seen":"2026-04-06T00:47:51.386083Z","times_seen":447,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/register-btn-bg.50ea55a9.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/register-btn-bg.50ea55a9.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 12255\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-2fdf\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 18:19:37 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\naccept-ranges: bytes\r\nage: 32680\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KDCMZh%2FjsamM8lxCwBTjh3dLgUvoFpEHGifWZebVYH9pESF9EkD0Lyv7hy%2BjzBggpnejodMjQH71MvQrS1Li0X2oMdJfR0shxTp8NOE%3D\"}]}\r\ncf-ray: 9a45a58bafbd4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12255,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 234 x 90, 8-bit/color RGBA, non-interlaced","md5":"50ea55a95f37ac267aa246a2cc44db69","sha1":"3311324a0bb2ca4b64529608b14b3a7d592b1071","sha256":"6dd5a5f5afe454fa4da5650747c6a9c8f2eba0fa2f4bade726eb1b80af2cd7fa","sha512":"fb869b2591176bdc10df28c3f9f59e64226e4068c24919bd020209132a0e77abd21a9bc4a70eae0ca5097d69c9d6b9f87ed2bd380b4f7a1f1d3f44717b39867c","ssdeep":"192:Mmr/qvW+WIzkTryUcnJLFG/6RaeyRYg8MvCUWi76tcXzlhowdPYw6MPOrUR:vIzkT2Ucd0/6Rhu8MZ8tcD7owdAwDGr+","tlshash":"6342d081071913f31183146e313555bcfbf25b52d20a49c5f8bdcb524eca4dac6559e8","first_seen":"2025-10-05T05:37:15.886137Z","last_seen":"2026-03-08T20:41:40.21132Z","times_seen":38,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/footer-home.9fd1b7b6.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/footer-home.9fd1b7b6.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 131424\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\netag: \"6925f3e6-20160\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:24:10 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\naccept-ranges: bytes\r\nage: 4508\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fnjYUQkIhtNqNnO43svEzjr5mr7jH2AoU%2Bk68tLeVuCV0ELTKcJsNgwzPpgCfEXBmJI52M1RNs5HwLi20B21c2O1nc0sevIFWwnp6F0%3D\"}]}\r\ncf-ray: 9a45a58bcfdb4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":131424,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"9fd1b7b6ea8883e40190ecd3245e3591","sha1":"89b348fb17795f7740cbb0e2f69b38dc37a97aa4","sha256":"90d2fbf61eb00e596da9941acb3d3ac76db968bed838f8baec453890fc0ea536","sha512":"76a1c1ba3c382dfee93933ff91aefa2bebfac20eae1b1c94464fb480fc30a9b5028ff9bba1aaf21a64ed25ed18fdf53ccbe603539d8f8bbe8b192327d55911da","ssdeep":"3072:eDo+zWuVpcvbJiVEnNIAoucKns6DSy0MDvgP8X5KBRCxm9cQp6PFi:etfcvbNeucRsSfMDRXGRl9N6g","tlshash":"67d3127437b0dd2dd8df3adc08ee60b8be1e7857bbd0014db4c826a79bb55200a25996","first_seen":"2025-11-26T01:35:43.548248Z","last_seen":"2026-03-08T20:41:40.195696Z","times_seen":18,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/menu-sport.7c18283b.webp","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/menu-sport.7c18283b.webp HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 20668\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-50bc\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 11:21:50 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\naccept-ranges: bytes\r\nage: 74627\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9H%2BjcRTKSO3LPT38PIBu1%2BV7SQCMA2c5PP%2BQ9g%2BwK9rQSYQC9Kl%2F4fTp460Xo4D9mM5CGVk5J9nfteT0FWH2zBWvHTVuS4d3rzBDy6w%3D\"}]}\r\ncf-ray: 9a45a58f9cba4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20668,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7c18283b03b11fe0d0874feb525ec660","sha1":"fef44426a199bf940ab784df4165c102f473957b","sha256":"a9a4cf426396469d1c2997a78dc05fb601bec09fdaea647e4a420810df2761d9","sha512":"ebe2ff7116fc7d461f67385451ace997431fcced0d13d76ae66fc15d69b6d05e950cf852512d11ca6ff1d066023c64ad9e3a5dee67360d21178042a289d68314","ssdeep":"384:ICKZxV3/XTbGEEOmoZTFiuPqLI3I0wovelGtexcwG2d+gn+a1as5Z9fB:1KZxFiJoZZljvUs2d+gnXrZtB","tlshash":"7292e0f4f6dd5a0f5f2a02f4c0241ec9a0d3442a3bf19dc9792a5c2f900a1ed67d48e9","first_seen":"2025-11-09T08:42:38.444624Z","last_seen":"2026-03-08T20:41:40.096161Z","times_seen":33,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/chunk-vendors.fc137ccb.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/js/chunk-vendors.fc137ccb.js HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: AliyunOSS\r\ndate: Mon, 10 Nov 2025 08:27:29 GMT\r\nx-oss-server-time: 5\r\ncontent-encoding: gzip\r\nx-oss-request-id: 6911A1F1FEEE6A36359BB89B\r\nlast-modified: Mon, 10 Nov 2025 08:26:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13518198408209573135\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=15552000\r\ncontent-md5: fUryLVUwTqe8nmwJK27V1Q==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: VJtkSmyngUu7nPpydl4aCE83hOzJt8_izxXPkzfYpNNs9HnmWyC_bA==\r\nage: 1357652\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":201661,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65531), with no line terminators","md5":"7d4af22d55304ea7bc9e6c092b6ed5d5","sha1":"11e11c53e0ea51d22f887f5b6bc3efafb3d55f86","sha256":"bbd89be03d610c05e8a3d11b28f0643a68b3acd91d1c90b1c828871a90dd63ca","sha512":"26e011f9827847632df8846b3dde5232e23a744d266ef106ec70e9ef09af1336731354394e56a511bfa978c7f9a37519a669b5e52a117fb1aabf8e830e767732","ssdeep":"3072:gZcBj+T4Cm4l5bJOQYBbCoc4OjFW78+skrqJz+x:gGe1JODzmBWEkrqE","tlshash":"1014e7c9bb92f0a843a335a4806f150bf17b6a28f40e81d4e666d1d1ac7898f5177f3d","first_seen":"2025-11-10T12:55:36.380242Z","last_seen":"2025-12-24T06:13:20.917967Z","times_seen":360,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"srz.salesmartly.com/client/log/log?plugin_sign=3933cba9920a5d6e2f80421fa6c5b191\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120901959\u0026_lt=\u0026_u=\u0026_xma_=","fqdn":"srz.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srz.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 10:01:00 GMT","end":"Mon, 16 Feb 2026 11:00:57 GMT"},"fingerprint":{"sha1":"B8:7F:BA:F0:14:CB:9A:7C:67:EE:76:AF:D3:02:5A:DB:ED:46:9C:93","sha256":"0D:ED:10:48:B0:E0:8F:D2:F3:8C:32:C0:0A:BB:D5:A0:3F:A4:73:D4:F0:61:65:6F:56:6E:F3:BF:0E:85:79:81"}}},"request":{"raw":"POST /client/log/log?plugin_sign=3933cba9920a5d6e2f80421fa6c5b191\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120901959\u0026_lt=\u0026_u=\u0026_xma_= HTTP/1.1\r\nHost: srz.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 558\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":558,"data":"log_type=CHAT_LOAD\u0026data=0qH8PTXG1nmb1nohMhHGl2cEI3Fqyh8htTV8rCyiyGI%2BPnXbr3umN9jWsnohBdH4P9wVPhyiyhypyQrpPStb1nohMhyhBdHQP3zSNSHVrhyiyhypyGHWP9abtTV8rCyiIh8htQXqf9VWPhyiyGsjBAykBAojBAubl2f9lAf9l5OkMeOjMCypyQj%2BPQtasntVyAKhrnkwXXlhBdHafQ8hMhHKtTc8f5KWBStStqmhP2lmMdmAP94WPCzKP9aVU9uQrQVp1nu4rDIWr3DzfTHWsnc5leOQs9VvUNf4t3%2BElnOjlQsqfeOjrnD5Ie%2BwITHEIdypyGX%2ByAKh2nzi1njpsCFaBA6RxutEPQcWtSlR2VoRl26%2FlepRX9V%2FIAogyTR9IepRfGsil2l4BA6EyOtVs9wWB5y8l268l26jyOrEfQXQPSRWl2l4BA6Ryh8hP3zGN9c%2Bt3OhMGpht3VwrNI4sna8yAKhl2f9IeOqlev8l2vaIqHzbo%3D%3D\u0026base_encode=1"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9a45a5962cd30883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"77e652f404f47086bb49598b43b92d9a","sha1":"9b4981aa40e98879d7f2efda3261e0f0c76a0d78","sha256":"052a4866127cab399192f6179141e92ce42742a7c09ccf7a0ffba2f0583869b5","sha512":"70e55dcdfca4754735386a3074c028d1047fce9b9d946cc84c2ea59d57799ffdc8071abc4c62142e2a1c319a948ad71eb696e0892bcaf1ce41f4616026a6bb63","ssdeep":"","tlshash":"bf900433341cc3470d05504f50053715d0f410500f104751ccfc0314430c4d57143410","first_seen":"2023-08-03T19:40:41Z","last_seen":"2026-04-06T07:34:33.690617Z","times_seen":1639,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":118,"dns":59,"connect":10,"send":0,"wait":186,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/wsd-images-prod/bm39mmkf7/fe_setting/favicon/wps_favicon_32x32_bm39mmkf7_20251126020516.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /wsd-images-prod/bm39mmkf7/fe_setting/favicon/wps_favicon_32x32_bm39mmkf7_20251126020516.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1554\r\ncf-ray: 9a45a596df2d2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=1816\r\ncontent-disposition: inline; filename=\"wps_favicon_32x32_bm39mmkf7_20251126020516.webp\"\r\netag: \"6925efdd-718\"\r\nexpires: Tue, 02 Dec 2025 18:07:27 GMT\r\nlast-modified: Tue, 25 Nov 2025 18:05:17 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 4491\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1554,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c7d308e8b2aabc05aea397b320186b74","sha1":"0984c5c51a5d6a83557a4a19d7a66824f0c35387","sha256":"983fd117377ec0fd19b2b738122a4b709ae548b44fd7eb733480e75155ce01b3","sha512":"a59c215c1c2317aac32561e6856e4bf6a8124d92d052dfc52abfb4d0902f08a7dad08607ae8cba2bb631cffa28fc73bd99182519888a03a8af6a36288704db6d","ssdeep":"","tlshash":"59310ca55bcfb9184eb1a3001143c04474f317c85542e0453a9264a7c8e196ef1c38da","first_seen":"2025-11-26T01:35:43.550181Z","last_seen":"2025-11-26T09:58:32.144876Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/32.baab8dfe.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/32.baab8dfe.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-a4c\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:23:49 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nage: 4504\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rTAfUJPn4CrBrJJOQo0ibrDkNhr4YkowzQQTUHjDgO268KFrtBmVTe57l3zZAgj3IHSE%2B%2FG1icpL4qH372%2BAguWASOFLzViHQSJ6QFI%3D\"}]}\r\ncf-ray: 9a45a5894cef4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2636,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1676), with no line terminators","md5":"3a1d7c92816b6c38fc261ca81d68922b","sha1":"faf80f7e7bb605c2dc475ed17da75eb4a3c8564f","sha256":"ad5a88e9da5354ff20d3fda1afb2becfa467a6e22fbcd51084dfb51f4a92f64e","sha512":"9b88bceb824a20a7db99aff685bb6a1585d381fcada85de9955243f58079de7f467ca054e8899b8d4b925a3a49e2b4574db720ba3f66d3a41d20f804aebb0fca","ssdeep":"","tlshash":"f3517b853ad6e406a18ed4291aaf7e66b9de44c30c144c80a75004ee2f7f799c5a2fdf","first_seen":"2025-11-02T10:05:16.968342Z","last_seen":"2025-11-26T09:58:32.17415Z","times_seen":15,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/GCS_merchantWallet?merchantCode=bm39mmkf7","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/GCS_merchantWallet?merchantCode=bm39mmkf7 HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Timestamp: 1764120900426\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: ztpi587718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QZheOyCnSlcCOhZnzj2DaeJRuO3FZf3QgAYYAojffwmIZN%2B1bKvaIWg1ZpmhKpWreoZ4eQ5AzDKFHHcUsJF5MikbSwfhwEHeEHuzUao%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a58ce9384e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ef768197e8ae1c45dd35052408dd8abb","sha1":"037b6b95dd67c056e41fb871a45401793e46810d","sha256":"b2ccf7b4106e81339a0204916f3ff80ec80e622efe2bd779cf5407dea7201ff8","sha512":"7aaba3cd36e8f27031d910a479ecca775849468118aae2ea5f9014617f1183113e78835eb31a0e4ea17bd2b16919adcf78677b1bdc5e26e7b58aab790ce8ce5b","ssdeep":"","tlshash":"6690044130000073cc03337114351f50f55c317745001044545cc0dd5dd14451043447","first_seen":"2023-07-05T17:59:29Z","last_seen":"2026-04-06T07:34:33.836401Z","times_seen":964,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets-cdn.salesmartly.com/prod/project/g13cr8l/p1/integration/plugin/image/20250924/1758702830560/image_1758702830559_9a48c7f30c7d8fd10459e3e7cd9.png","fqdn":"assets-cdn.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.25","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /prod/project/g13cr8l/p1/integration/plugin/image/20250924/1758702830560/image_1758702830559_9a48c7f30c7d8fd10459e3e7cd9.png HTTP/1.1\r\nHost: assets-cdn.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 16670\r\nserver: AliyunOSS\r\ndate: Tue, 04 Nov 2025 05:38:12 GMT\r\nx-oss-server-time: 26\r\nx-oss-request-id: 69099144227B6F323674D623\r\naccept-ranges: bytes\r\netag: \"A82EEDB1D7E6578752DF419CCB0EF8D2\"\r\nlast-modified: Wed, 24 Sep 2025 08:33:53 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13128038412537342626\r\nx-oss-storage-class: Standard\r\ncontent-md5: qC7tsdfmV4dS30Gcyw740g==\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: IVQrDSIDUTDuijN74Q0ZtbCg8PwlKyyrlkIA89o_WR91tqWxiVgG8A==\r\nage: 1886210\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16670,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"a82eedb1d7e6578752df419ccb0ef8d2","sha1":"7403dfd074460c776066139856853bebcae07be6","sha256":"52104af9331415f0de65052b23abb652efdfb953e988f7f28a4983495c26c56f","sha512":"52b6a5efa4ea1395c0f85a01718e29b66362c0295ae41f4ce545b85a0133b559ea61f2c3a490ce9946d21022acb679c4191fc103d59e73957481f356932892c4","ssdeep":"384:T45WYUdAs44HpQPfhYloNpTqIuA+S6V0on78+Dgwi+P8:kYDvcf0igIl76VjI+EtF","tlshash":"4772d0402032fb46ab6d8102d86f6a8ef558e54bd24c68b9c2097fcdcbd51a59d067f3","first_seen":"2025-11-09T08:42:38.512316Z","last_seen":"2026-01-02T05:36:01.866156Z","times_seen":16,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":60,"dns":46,"connect":3,"send":0,"wait":3,"receive":1,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"msg.salesmartly.com/chat/chat-msg/unread-msg-list-v2?login_token=559a4d8ea79227150a3044691a2bfc0c\u0026chat_user_id=71bae948ec820d15f556dc6703a05edc\u0026direction_type=1\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902742\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062","fqdn":"msg.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.23.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msg.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 03:25:36 GMT","end":"Sat, 21 Feb 2026 04:25:32 GMT"},"fingerprint":{"sha1":"15:55:8D:6B:B3:77:A0:ED:00:1A:AA:11:EB:4F:E6:76:E2:31:CF:2B","sha256":"C3:DA:E3:85:AA:7F:F2:5C:76:D3:CF:7B:19:C3:AE:C5:39:05:8E:CF:DC:C9:B7:24:27:9F:A4:6B:80:CB:C5:B8"}}},"request":{"raw":"OPTIONS /chat/chat-msg/unread-msg-list-v2?login_token=559a4d8ea79227150a3044691a2bfc0c\u0026chat_user_id=71bae948ec820d15f556dc6703a05edc\u0026direction_type=1\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902742\u0026_lt=559a4d8ea79227150a3044691a2bfc0c\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062 HTTP/1.1\r\nHost: msg.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: external-sign\r\nReferer: https://www.bm398.com/\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-length: 0\r\ncf-ray: 9a45a59ab94b569a-OSL\r\naccess-control-allow-origin: https://www.bm398.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: DNT, Keep-Alive, User-Agent, Cache-Control, Content-Type, Authorization, Origin, Cpl, Client-Type, X-Requested-With, Accept, External-Sign\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":75,"dns":42,"connect":3,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/login-btn-bg.1d903298.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/login-btn-bg.1d903298.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 6703\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-1a2f\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 21:28:09 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74660\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M4vbKvQV926YN4QUcQMdL5vat6iskNHx2Uv%2BzkdKzxC03lQA4Q7T4V%2FBVs1XxVJAaJjXC4eNKuQbWObAS6XZzFl6XJ3s0GjXNPXmy98%3D\"}]}\r\ncf-ray: 9a45a58bafba4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6703,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 234 x 90, 8-bit/color RGBA, non-interlaced","md5":"1d9032986bc49c323c42396452791e0f","sha1":"b2b8ffbf296f8c19b8a285cbfa4c98d6c65313b2","sha256":"8ce1e1b571b4ea31b62a916a9aa19994b365a226befc8e8044a106be2c209260","sha512":"1404333c3551aa6503642d05979c76eb6e2f429cbc3b290340850dc450e0de84d09851f587ec56f15fc974b3b97f3d939196e8bb68d1992ad5ae289024e62fd6","ssdeep":"192:edbv2vePuxPgWQ/RGw1to7Ys+rwCrF+NCEL7cggnyUo:Er2e25RqRHHq3WaLAXnyz","tlshash":"7bd1af8f70690a8126ff32fd09e7b347e11cd9365b3bc4dc78dc925998772a1206d590","first_seen":"2025-10-05T05:37:15.946129Z","last_seen":"2026-03-08T20:41:40.156897Z","times_seen":38,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com//TCG_PROD_IMAGES/B2C/libs/device.html?deviceId=","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/B2C/libs/device.html?deviceId= HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncf-ray: 9a45a58ada472efa-OSL\r\nlast-modified: Wed, 08 Jan 2025 07:43:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677e2c9f-8b6\"\r\nexpires: Wed, 03 Dec 2025 01:35:00 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2230,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2229)","md5":"154c496e625a34ec0f7e7570a9b4c9c8","sha1":"20cd6ed51c78134bf4d098b139034b9ef0a293b4","sha256":"bdb0a100333869e0c00638a4cdc8572f80ac5983dab83a708c600245e148f3f5","sha512":"e70faf445be6625b8fc6c72a8ebbebd4d16b2390cbe984a1dff24e993dab4d5480f40943f3369de34ca7317d7561e3fe682018bcfae34311d44a7a9c89d5291c","ssdeep":"","tlshash":"d841f3902cd0ed8587e2df7a3479f8e0e227ea8824f55e09d5419cc03e51b16ece3275","first_seen":"2025-04-08T01:11:42.652526Z","last_seen":"2025-12-09T19:06:06.201079Z","times_seen":1262,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":62,"dns":3,"connect":1,"send":0,"wait":223,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/PopupV2.2d814872.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/PopupV2.2d814872.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-572c\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:24:09 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 4504\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=byV5mBpuRe%2BjqwMmrW2Wn%2FCxlvn36Ko11ehjLPgn5XIXZ9366JcdBO11tme65ZzKy5RhdwKx3Rgh2I%2B9nMOpzXoH%2BTfaJNP4RLQ6XJU%3D\"}]}\r\ncf-ray: 9a45a58aded44e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22316,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22296), with no line terminators","md5":"a7ee455ff681eece7f02bab680345daa","sha1":"1d99a316d2e82ceadb326fc78ba044a03f27a5cf","sha256":"90c73f940321d01ccebeda2dec514400e3ea5d897e61c8e9a213669f34885b2b","sha512":"278996697067d5dce6e09b505bab8bdeb83fc1644f99541006a04524f68118fe2f3c94869299b91de9b57a4dace967667eb7e1235c929f8578c070d93b3287d5","ssdeep":"384:QJYImWwcCMe5JvWBwUITy0zHbFATa6zHbFRdL2Yne6L7E5Jha7n/dHb/YLQROh3t:QJLfCMewcT/zHbFATa6zHbFXL+6Yha7A","tlshash":"ffa2c9647180a06d45ea0067803f4a06f1a43d5ce5557d5873f9ccd8aeeabad222ff3a","first_seen":"2025-11-09T08:42:38.489242Z","last_seen":"2026-01-13T10:36:26.53403Z","times_seen":19,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/memberCenter.ccf8c245.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/memberCenter.ccf8c245.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/javascript\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 06:08:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692547ec-c84dc\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 06:08:55 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wW9AUYRNxQeWiNmoQovNAb4jWjw1LeBLVi1qrDfK7%2FsThMGffjxeJ0DVT47XbhQ5NDMSSI7uxTN5hnca3sdv5ctqFGFEnYukGTwg%2Fl8%3D\"}]}\r\ncf-ray: 9a45a5847f7f4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":820444,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65492), with no line terminators","md5":"9f7dfb3495c343251e923c333da43687","sha1":"67e068cac74ef9a207ab52d522d64e9983bcddb8","sha256":"44a964a6ff4615bc9f840c7d2bc6e587424b5c49b6d2a64c73e5712f1654dbc6","sha512":"09ad2674f28421e58e58a65d63786a3aa7a92c967527d9c57233d428f20c945e897c54023a58dc4925263237a445973b5172f3ee03051f22999c3468b6384874","ssdeep":"12288:8UrKWq0xCwO/SCTQS3Qw/WrSjQJejpCNlF2POISy70:SOc/SCTQS3QwuxJejpCNSSy70","tlshash":"ff057d8972c1f0a503e362a1e46f2502f27a1c4d941cb45cb7a5ccd6bbb984e6277f78","first_seen":"2025-11-25T06:42:06.130323Z","last_seen":"2025-11-27T04:59:19.219712Z","times_seen":9,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/js/plugin.bcfad891.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/js/plugin.bcfad891.js HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: AliyunOSS\r\ndate: Mon, 10 Nov 2025 08:27:30 GMT\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nx-oss-request-id: 6911A1F24E81D53330ED967F\r\nlast-modified: Mon, 10 Nov 2025 08:26:44 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 6842573551662954607\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=15552000\r\ncontent-md5: kIVYgoVhfoH+BQkRqY1lsQ==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: bz4WlS-ecEKzeCT1GB1Ato1Lj2-KdKBnTxH5eDaHUyLRENoGq-Zvrw==\r\nage: 1357651\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":379019,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (62398), with no line terminators","md5":"9085588285617e81fe050911a98d65b1","sha1":"e3a932474be7ad6ffa201b029ef4e8f4a6426320","sha256":"5274960ad12303c24c703cff0512772b536c80f66d834f60c936ba130b927b89","sha512":"143cbc1a36973851a6493114ae8d76f513060b836d6e1280096790bc9423a2cb47b299527dc63927d60b5a02c83615efe212028dfab177db6c07deb6dd7dee33","ssdeep":"6144:Vnbg3TbPKQQDLVQbWC2zhDetWxzU+gcDLTirqGKAbCPfvaHcqiQUd+wa8Ar4gWDE:YbPKQQDLVQb72zhD3zirqGKAbCPaHcqn","tlshash":"b8843a49f5c9f86b07b361b1602f6009b3ba1b48e409d8e0fe75d6e94ab4d486323f5d","first_seen":"2025-11-10T12:55:36.439587Z","last_seen":"2025-12-03T21:30:25.088572Z","times_seen":246,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/js/project_468062_482129_1758700975.js","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /js/project_468062_482129_1758700975.js HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: AliyunOSS\r\ndate: Mon, 10 Nov 2025 08:29:55 GMT\r\nx-oss-server-time: 5\r\ncontent-encoding: gzip\r\nx-oss-request-id: 6911A283A05E3635300C128F\r\nlast-modified: Wed, 24 Sep 2025 08:02:55 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11467622153807643225\r\nx-oss-storage-class: Standard\r\ncontent-md5: 1qDXxAX26EATZwujszHliQ==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: gIvT1rKhCOqpFwqS3tcpwrgaa95HyqPCzg3ZNvSsnt8l6mB13M72vA==\r\nage: 1357506\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1184,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"d6a0d7c405f6e84013670ba3b331e589","sha1":"4e0c0c0db907d5c6aa0d13a3c0194dcfb28a1b2a","sha256":"7d09009d162866bbcac244517f1ba42db0306ad20fb50dbbedbd7f5ebf7e2047","sha512":"9abfbb2124607f01ab9cb51a84683a6adf72bc93a0cccd566752293837c99262c376d9031a314ce3c548491f729f84f9022b983c1a0796e6fc21921efaa821b0","ssdeep":"","tlshash":"0821eb471c63a4797bd5727b8b3f88ad3998a2437004cc10bc4dd46c1f909e20e9eee4","first_seen":"2025-11-09T08:42:38.51337Z","last_seen":"2026-03-08T20:41:40.169393Z","times_seen":33,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":121,"dns":110,"connect":1,"send":0,"wait":2,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T01:34:57.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4 HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:58 GMT\r\ncontent-type: text/html\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-27ea\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5dQ36Sr3rowyh3IpgIEZpBJTV4W%2BOEPZlYuY1KYGSd8sAQZwWlL1QvivcNLTaV40Zc22u4UYTIocAyVtK9ONX%2BOBkLGykHm8VD9LNFQ%3D\"}]}\r\ncf-ray: 9a45a579bb254e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10218,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4703)","md5":"36eb31c709bbff31b4be8dbcf1d17a50","sha1":"d685d9fdbebe5428f1585be24774af44251e77e6","sha256":"8d237ab5cd3388bd83fa17b128a86d52015c0a6770258651d307b11ee4347af1","sha512":"2dd9ccdf7e3ededa91f79002a3d97cf6ba87dbdb20f35b515561a07873b2387925a9e8954e10789424acaf8ccd47e5c8c792f98c7afdfce3b610feea264dabb2","ssdeep":"192:yWrSPawkqptFvHeIUeuLzhNwV6aELR3zu:rrY9DHp4LzhNSjqu","tlshash":"f7226391192ee40ab1e8c12a55def938b8af51081914cc843bf544ee0d5efe59372f7b","first_seen":"2025-11-26T01:35:43.556888Z","last_seen":"2025-11-26T09:58:32.157126Z","times_seen":2,"resource_available":false,"data":null}},"time_used":609,"timings":{"blocked":31,"dns":7,"connect":1,"send":0,"wait":547,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/TCG_GAME_ICONS/JL/EN/JL0125.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /TCG_GAME_ICONS/JL/EN/JL0125.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 19677\r\ncf-ray: 9a45a591184c2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origSize=20471, status=webp_bigger\r\netag: \"691a6492-4ff7\"\r\nexpires: Thu, 27 Nov 2025 04:03:35 GMT\r\nlast-modified: Sun, 16 Nov 2025 23:56:02 GMT\r\ncf-cache-status: HIT\r\nage: 495453\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19677,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 170 x 170, 8-bit colormap, non-interlaced","md5":"7bf34ecff8a8393214b42cd6ef7f1abf","sha1":"76480b45fb766ceeefe2e7bc6b214d71e5f239d7","sha256":"3a081e0056b771b1abfe893b9591de496d3022cc3ce2f571bbbd094d6d4b32aa","sha512":"01aae7a5a94e9d0a067f1d2bd3be3a2765ccfc4a32ea94c1cdc0a097a90d9cdec04548bf6dd33e4138a069186c9d1d3488c416c73ae7fa86aff03626de1e594e","ssdeep":"384:oLIdJ5d7nACYR/VdN+a5i10+AiJnbw+W+XaWTo3Qolu1:FPaBdN+a5i10+f1FW+Xamuu1","tlshash":"5992c0237839dc322208efef8f612f8b387ae1069a5356645a43e247d7175acc775b40","first_seen":"2025-11-20T03:45:46.901455Z","last_seen":"2025-12-01T03:31:38.704354Z","times_seen":27,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/FC-COLOR.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:03.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/FC-COLOR.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:03 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7146\r\ncf-ray: 9a45a59f182f2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=7952\r\ncontent-disposition: inline; filename=\"FC-COLOR.webp\"\r\netag: \"6913a842-1f10\"\r\nexpires: Thu, 27 Nov 2025 04:02:52 GMT\r\nlast-modified: Tue, 11 Nov 2025 21:18:58 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 495457\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7146,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1ef5c93487c10fee6d7e9244e43a86c8","sha1":"2dc55d94f1d13dec2d52ac14cd4dba15b952a13f","sha256":"6e2387aee95c91c4a99a60a9c38d29db4c62f995358ca906fcc5cded48fba12d","sha512":"71c7e037b56e544d10d2c754b7ac7c4b3814a44309cf73a295e3fa9431debee50d60516f664d1eab19e6e4061a5b9d53cb88a818dd75c34040ad623afc123cfa","ssdeep":"192:2WKLd30RyQC58Xz1V1oGmyEfTvLfjrAAc1RYkULJ2z4CxN:2471rJmDjg+1ZCz","tlshash":"35e1af27bfa4e84af0ee8f1ee36d0fa3a03e19c2e85dd44256fc5049360d14b9c0ca05","first_seen":"2025-11-12T05:00:43.680408Z","last_seen":"2025-11-30T14:48:07.28048Z","times_seen":56,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/app.357e4b51.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:58.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/app.357e4b51.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:58 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6925f3e6-d30bd\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:23:46 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nage: 7892\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jq9j0QY8SL6SYOoHzmnOGLndge%2Bg%2F%2Ful4rpaIAp7oGvWjmdsNrO4XfYZggda5iITVM6gzQMRrxWxMXCZV4CVthtmFgKS2SevBrSOYfo%3D\"}]}\r\ncf-ray: 9a45a57f68ba4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":864445,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65510), with no line terminators","md5":"6cdf96fdedbf5588e1a352f038e77917","sha1":"eaf4ba173caf0981dcff80062e1566cfab9f8fd4","sha256":"346bdbef8c5958a684fd8f48cc81c1f540a7bcb690439adff566c1745955142a","sha512":"cc7750563496a0e38e1d0434252e43e470ea3e17bbd9ed6ef0477d139451ca672370613967d731c128559e4f7dce56264973151677a5037a9536e3800ca2bfd4","ssdeep":"12288:sfrN1eLxN71/ZoL2xhohfRWA6pxkt+qJE5JouKOjwu//tcIU:sTjeLxN71xoaxhohfRWO0HlK2//tcIU","tlshash":"37056d4471d0f0dd06e791a9902f6505f2fb2d5ca8198840b7b5cce8edaaead5336f38","first_seen":"2025-11-26T01:35:43.558965Z","last_seen":"2025-11-26T09:58:32.162607Z","times_seen":2,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/notification.34e88a01.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/notification.34e88a01.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 06:08:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692547ec-4a621\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 06:09:06 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ESqPPIMQJqGt9W%2FIYrxra1lMpP20vXShECbk5RXRq%2Fngrkcn9KGEfq%2F1czn%2B2hRksHUCnR%2FYr%2BI7Gvf1Dr7uCOmzy05aJfZZuLQBYJk%3D\"}]}\r\ncf-ray: 9a45a58b9f944e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":304673,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65521), with no line terminators","md5":"ed6658efa63b7eef905c369ae52b0923","sha1":"3142d14a4ccc36e475725d4b602f404573fcb170","sha256":"08f037b274496c341691f29f039ed043fc7fba8b57c93cb8d8729a7556acda4d","sha512":"128009b611a9785ddd19a0438c26ae90ec6ac579db4fa7c707b377a5bfc03324ec54a3b86bc787a4b3736e449ef0c17d3dbb4b4f1710db268f3bb4752648e9bf","ssdeep":"6144:9DiQHHdTj87yT2CsLl5ryCnWkQt6ReLLFwvTzYQB7xPucRasg/mPc:jHd8OT2HLl5ryCnWkFOwfBlJgD","tlshash":"4b54e741b0e0e06c55ea9165e42f0505b3b62e5ce408641cb7edcceabfadd4d622ef39","first_seen":"2025-11-25T06:42:06.113522Z","last_seen":"2025-11-28T17:01:20.441188Z","times_seen":12,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/footer-member.6abcb8ab.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/footer-member.6abcb8ab.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 94587\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\netag: \"6925f3e6-1717b\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:24:10 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 4506\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fqwZJ3d%2BlhI3Luo92CGzA%2BS9CPtFctxYHPVoavPQ9wIFL2LEZJGrZatCPsRjp6DtlTHr6Geqd1TrNtPD0CFl5XrsNrXwH%2BHOi%2B7r%2BZk%3D\"}]}\r\ncf-ray: 9a45a58bcfe24e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":94587,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"6abcb8ab2f5a3949c22a3741cb2630e1","sha1":"0a1146862645aaee177211eb6ceb0ca2e01ce26c","sha256":"ec17c7ce83c0c40468fcab8f5f3b99f556e8db10a777a4aa4b425f02f4029752","sha512":"95ec7f88bf59a923a702346e5996f7463d7e406d59daf92cb94567bd36eba79b39e9f64ea09e6f9e4335039f22f89cedd028d052f018514f9f9359d2a2c9f1a8","ssdeep":"1536:HtfOpo/lR/hYrKziqjG3aH+vXJgpDV560tzqut7LJNVkprEjuZGgvDBzwGEYEK:HtfaoX/IMNGKH+vXJUU0VTLKVEjRkdzf","tlshash":"fa93121a56143fdaf487264d479cbd594a8d61c7048abbe286cd62aff045c3fce37488","first_seen":"2025-11-26T01:35:43.560778Z","last_seen":"2026-03-08T20:41:40.229082Z","times_seen":18,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/GCSGAME_gameList?merchant=bm39mmkf7\u0026clientType=2\u0026platform=html5\u0026gameName=\u0026gameType=FISH\u0026pageNo=1\u0026pageSize=10\u0026vassalage=\u0026gameClassify=\u0026minBet=\u0026minLine=\u0026language=MY\u0026ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/GCSGAME_gameList?merchant=bm39mmkf7\u0026clientType=2\u0026platform=html5\u0026gameName=\u0026gameType=FISH\u0026pageNo=1\u0026pageSize=10\u0026vassalage=\u0026gameClassify=\u0026minBet=\u0026minLine=\u0026language=MY\u0026ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: \r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: 6h7makp718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: GAMELO3, FREEPLAY3\r\nx-elapsed-time: 2192\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=13nRuFLfLjNHoBN384gyu2P0%2FGaSCTy8vX2VPY0H3GWlndUFlEzphJ7QszA%2F1K2wLTAd8iLGPuOXNSTc6fLv43rByC6Lyl4mddNwhYE%3D\"}]}\r\ncf-ray: 9a45a58f8c874e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12334,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (11486), with no line terminators","md5":"945e14605c7137776e6533203e12d524","sha1":"9d1f09794d23c4a294ba3eb89a203d5d3eef9065","sha256":"3e0bbae744ba68bb1f972bc86ee1eabc7e737e86247ff5daada0f90bd3bed07b","sha512":"ca1113ef88ce6917dd096e1d5700f6400452d8094b4bf631c64f6376edf864312f2eafacf9a7b85f6307046de8b0409c3fb1e8fed73e803509d535cf6cb1f1f1","ssdeep":"192:3mDCDq785DofWhDKE9m5fDt68oEjDeNsDFM3mD+SogNWD+oaU/Iw:yCQ2Uy5Af88d51zoUWRn/b","tlshash":"4542a51c92492ef5575b83b8225f7fda958e222b6dc9c62093f18dc4c5fb778830934a","first_seen":"2025-11-22T16:37:35.902902Z","last_seen":"2025-11-26T09:58:32.189447Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/TCG_GAME_ICONS/PG/EN/PG0066.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /TCG_GAME_ICONS/PG/EN/PG0066.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 17430\r\ncf-ray: 9a45a59138682efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=18019\r\ncontent-disposition: inline; filename=\"PG0066.webp\"\r\netag: \"6918fe37-4663\"\r\nexpires: Thu, 27 Nov 2025 04:03:26 GMT\r\nlast-modified: Sat, 15 Nov 2025 22:27:03 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 455680\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17430,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a43bdff53aeaa5ca2d3b8a7439e97d35","sha1":"8fb7c5864c47bd4e93987aaa959610aa6f361454","sha256":"e5711635f176e2ba641e0504ea2c886322662862d673d7d29b4a22ac5ec083da","sha512":"73a7a785d9def02df573c8192e9f15003065f6f58fc39996ea3d7d544e5bcd4f5857dc001e63ab9a5f9a0b71814b30500a705a8512e76c15d1e4aac51e47cab3","ssdeep":"384:ypoUnrNCA6PUGC4LGqs8pENAPco6OyyfWsppXVpXjSvuzuDy:pUrNCA6P64Xs8pEpo6Oz+UFSzDy","tlshash":"4372e1d7ea98e9a181312196edbe00b1048764636f1f1139b02fde9c38284f7127f9de","first_seen":"2025-11-20T03:45:47.127243Z","last_seen":"2025-11-29T01:14:41.369465Z","times_seen":12,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/40.6275b48e.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/40.6275b48e.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 24 Nov 2025 04:50:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6923e3fb-142aa\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 07:39:55 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\nage: 70081\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4mFZhJlrlxc5B%2BXyPT2OMmdeTMVtoXFZKF9IhlM5Pv98tG1oPj%2FvQqNFA42BMhGxHrVDF4S4OqXxk8QQhBubWZgsqUZDDk1igEb6jQs%3D\"}]}\r\ncf-ray: 9a45a5879b2b4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":82602,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (45264), with no line terminators","md5":"3f1a7c1058a0d396cf6f7eebb04b0238","sha1":"e91bd00b495bb4982f3533bf432945509b956fc8","sha256":"834bc50df5bafffa8249eb5d293f8816ee92864676b8f40af1bc4073d50ec615","sha512":"ae7a234400f61112b0858207654ef804b8663fe894ccb0b9f259d6081851e4fc81eddc3fcd1792faf38a394590691c81e61a85ce6842396fbc9bb4a8a3fddd78","ssdeep":"1536:R5vPbF3qzXuqiIhFTX0uRU7lXR05iNksyr56Xx:R5J6aZyb0uRU7lXqoNxyrIXx","tlshash":"e38338656cafddca8453e205b5c7514830f9744b99ae8c61cff68e1c82c8e4b63a770a","first_seen":"2025-11-21T06:16:49.865383Z","last_seen":"2025-11-27T04:59:19.255844Z","times_seen":23,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/bank-5.7e200f23.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/bank-5.7e200f23.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 2196\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-894\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 09:53:23 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74628\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GG2GwvOsx9%2Flzv%2Bow9RlycXxxY7p78CZpMexgQsxFqdjhA2VcOwdeNUeoBHvqkLE%2FhK2lVKb5JH80AjcsFgTw1vHdAq4pC%2FzcGZB3Jc%3D\"}]}\r\ncf-ray: 9a45a58f4c594e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2196,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"7e200f238c966ad76beafa527a9872be","sha1":"a2d28a8b09cf594af6ccf0a43373747d60d169e3","sha256":"ba79f4db88d12e397114ca2e90251bfee500954d90bd36922fc6844b064ff027","sha512":"cdcb6db77e3de987aec28d8899883d664b18eff013cb8f271d1f628fc4a64e0082a8e84b4df011b9c68a17eebfa53ee6f473675d34644fa8507f3cf65428f6cc","ssdeep":"","tlshash":"86413be6f3e7ecefd3d0a035fa694258f1960b71073d792148480a828f9a05a1be6c57","first_seen":"2025-11-02T10:05:16.984618Z","last_seen":"2026-03-08T20:41:40.168752Z","times_seen":34,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/icon-arrow.69e03ac0.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/icon-arrow.69e03ac0.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/mobile/mc/memberCenter.ccf8c245.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 3903\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 24 Nov 2025 09:10:18 GMT\r\netag: \"692420fa-f3f\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 15:15:19 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M0q9u%2BnHs3EJDCB%2B0ku9kxI2VivWSOOnmAIqBcqDhGX%2BFpxexp69aLtz62NitSKKzd5zgwJEGe0hbu9G%2Fd6H2velCJQvxknzjAIvKaM%3D\"}]}\r\ncf-ray: 9a45a5961af14e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3903,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 87 x 87, 8-bit colormap, non-interlaced","md5":"69e03ac0a057305f3d181d6b035db138","sha1":"77093cb045f5caaede9f5cc27f279abfa50634b5","sha256":"1cb95c2a4f71090614d8de6807168ea5a33cd0b171c441c0aa7c622ada7d0b18","sha512":"1fcd9832b21ba6ab13c8161229d86ec201d4d0d48e13422d1c244a86157c886cdfdaf1d1bfe32c00d388cfb71243b5d35bb23c2fe0989cc04e3725ee8bc5bdeb","ssdeep":"","tlshash":"46818edf3afd00248a0e4b7b6e313e182712999102890b4f9b9789d506102de1c1fab7","first_seen":"2025-08-15T03:39:41.583152Z","last_seen":"2026-04-06T00:47:51.364728Z","times_seen":322,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/chunk-vendor-app.32708a95.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/chunk-vendor-app.32708a95.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 24 Nov 2025 04:50:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6923e3fb-ac68c\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 07:23:51 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 74648\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=745y8ithtvUOrko85mgv1olPjTbrJ8J8mwq8dLHh%2BnkcCORZcaOajKRXPiln06alh37Ind4h6LNjeuEaoSK06VgefVTkoQPjSeKQ0xQ%3D\"}]}\r\ncf-ray: 9a45a58b8f934e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":706188,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65517), with no line terminators","md5":"c4af207a799677f1afbf50eba79184fc","sha1":"df9c86fd405973ddcb2a0954959f7d58ae6c42ba","sha256":"f2e53cf8272ce8570f1d89d6ae27ef5d347f10a7bcc0c9544b8f82db7981f6ae","sha512":"991500bd3a24255780e02ebfb926e9b0f3b2d12ceda53374dc201b547f954cdf233cc171024c1ab96ec7adb249253371f35cd489d6261354c71a0e78f7a62997","ssdeep":"6144:SBim+piM+GmhLHTp2stmYtpbfTRS/fFgKozFUTKhljGt1K+S8cC:u+rsp2shby9iOTUjGGF8cC","tlshash":"88e43a8572d1f0a546d651a6903f1006f3ba1d6ca80db04cb3b9cce5fe6a94d623bf78","first_seen":"2025-11-19T04:37:15.550713Z","last_seen":"2025-11-27T04:59:19.216894Z","times_seen":26,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/wsd-images-prod/bm39mmkf7/merchant_resource/appdownloadicon/app_download_icon_bm39mmkf7_20251123165758.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:05.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /wsd-images-prod/bm39mmkf7/merchant_resource/appdownloadicon/app_download_icon_bm39mmkf7_20251123165758.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:05 GMT\r\ncontent-type: image/webp\r\ncontent-length: 59666\r\ncf-ray: 9a45a5ab3c4c2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=64640\r\ncontent-disposition: inline; filename=\"app_download_icon_bm39mmkf7_20251123165758.webp\"\r\netag: \"6922cc97-fc80\"\r\nexpires: Sun, 30 Nov 2025 08:59:00 GMT\r\nlast-modified: Sun, 23 Nov 2025 08:57:59 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 224782\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59666,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"07d8fc4d1bade2efc5780fa943e5288a","sha1":"f8a9394abe3bd0107a9f332b2398d061f43abb60","sha256":"1b83a0f521af944795564b2a9231e54438b8ee6e3ab9c6e0c21292628b140d2f","sha512":"d74b919e4702a59fea5b73832661e9cfbe3902dfeb30902ebb86a103ba88adf1dabe814b379f78e7b12d17eaadaf77080007673d8e5c9a2486ef2b83b1fd92dc","ssdeep":"1536:T4lz6qhUVY33ChPcgVzrh26m3kqg8OllgOUn2Wb1:K6qzyigV3qepv/UnVB","tlshash":"4243f1649604941bc7eca61c96f6cfe8f026cde61305c0c67e6dd6974df7e6a7100b22","first_seen":"2025-11-25T06:42:06.186102Z","last_seen":"2025-11-26T09:58:32.134135Z","times_seen":3,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/menu-newfish.2f1a333f.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/menu-newfish.2f1a333f.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 100575\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-188df\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 13:22:50 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\naccept-ranges: bytes\r\nage: 74657\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SGHcp9WOxm3kRNmuT87rSaZE6MdESR3NDrbIjFKDT%2FqBCpL9LEv3reCQ%2BFBF7ZN43jeuRiEvl6WA9tGtodOmgKTMGUtMf410INkZAHk%3D\"}]}\r\ncf-ray: 9a45a58f8c924e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":100575,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 660 x 660, 8-bit colormap, non-interlaced","md5":"2f1a333f89bb32d364e3a8d892388090","sha1":"20a8af4d467145933a5f1d83e03ebf04da882e91","sha256":"a1fad284b211609a466fdaedb47098badba78c5acc91b23f8fe4af1bb3f4551e","sha512":"f6ad0c83203ae9bc3f7443b03b9ee3918c352024365914fc68870943169929b95ea816867f1235562922404bfb6ff05377b7152788f56c2152f35bff57f2ed5e","ssdeep":"3072:ujhSdcDLyfreSYTLTgljEWvJgoX0ZB86X:uSGWh0wO","tlshash":"36a3126db641efdced85faf9789af26c1c84838251164d3c26c46623852d108bf96a62","first_seen":"2025-11-22T16:37:35.982535Z","last_seen":"2026-03-08T20:41:40.03653Z","times_seen":21,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plugin-code.salesmartly.com/chat/widget/code/css/plugin.ca8811dc.css","fqdn":"plugin-code.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.99","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /chat/widget/code/css/plugin.ca8811dc.css HTTP/1.1\r\nHost: plugin-code.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: AliyunOSS\r\ndate: Mon, 10 Nov 2025 08:27:29 GMT\r\nx-oss-server-time: 2\r\ncontent-encoding: gzip\r\nx-oss-request-id: 6911A1F165909337336B8955\r\nlast-modified: Mon, 10 Nov 2025 08:26:43 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 4711444634510545221\r\nx-oss-storage-class: Standard\r\ncache-control: public, max-age=15552000\r\ncontent-md5: GJkBkDDNMX5T+a6ZYreZHQ==\r\nvary: Accept-Encoding,Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: TEsrckOUc5K4OcTzLeY_migDzMRcnT8b49HxvQhWery2bYbkOlDx-Q==\r\nage: 1357652\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":77948,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"1899019030cd317e53f9ae9962b7991d","sha1":"b9d94d577b4c079d5fa4823f82896df59f4d9b5e","sha256":"2d16333363ea5a097558bc8675e8fd989e71e6144b89c0ff537bfb5ca3a087b9","sha512":"152a11565d2e8f381451c197d63daadc1cc14baa9c2113361549949b0a2db1b1c5ad535a152b80eea4728caa8dae9ee32b26e15d42886dae45df70b97f9506d5","ssdeep":"1536:B+1IfcryTXKrMV4wU3k1rz0JUjMBwrjlvOb/E0/qPxE7aWSlsgTu1dQq5qsLxHig:g1Ifc6KYVh0JUjMBwrj6qxE7aWSlsgTg","tlshash":"5a73a832ca15312da177e125f5c0f9d930b5c207fa230aadfda47939c2f298527b668d","first_seen":"2025-11-10T12:55:36.307776Z","last_seen":"2026-04-06T07:34:33.889057Z","times_seen":950,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/lotto/lott-common/lott-js.js?t=1764120900028","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /lotto/lott-common/lott-js.js?t=1764120900028 HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 22 Oct 2025 04:10:23 GMT\r\nvary: accept-encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\nexpires: Thu, 27 Nov 2025 01:35:00 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=txMdw72nUDocKrczcaTR%2BI5jbpoBNjlJkG0NFvb2JoSK1CXEUeikenkRYJbbTW2l1zQJh8LvQSyAcD1mOrNsT8hxOmmXSk8sfSC7nks%3D\"}]}\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\netag: W/\"68f8592f-23e\"\r\ncontent-encoding: br\r\ncf-ray: 9a45a5894ced4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":574,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (574), with no line terminators","md5":"67894759f2a29858696ded34d7a5ad27","sha1":"9c0f3cce7ca31ce67b82681436d8895773874043","sha256":"40dee8e22e3e97e34e2e5cd2168db23870158cc6bc0063d08addda505878ceb5","sha512":"6cbd484269126295fea2946bb5f110ca0f62de0bbdda8992557ac5fc5678ae179bc812d617e0302a06ba37aabeccd01886104ad300010d9841de1711781e84ef","ssdeep":"","tlshash":"2ff0f6282ea0f936805f2c57777ee24872a2151a9011e00468cfec1c6577fdf8eb5a94","first_seen":"2025-10-17T01:15:15.112362Z","last_seen":"2025-12-22T07:27:15.784351Z","times_seen":497,"resource_available":true,"data":null}},"time_used":538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/PROMOFE_getPromotionAnnouncementCategory","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/PROMOFE_getPromotionAnnouncementCategory HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: ypvvsrv718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XcH8Z2gVOVuK4SdZgx0TWVsCJHI9YiqxUXDQ6ellYDZBSKpL99DZR%2Brm8w3%2F8CmBIBpcDqMv%2BqFS5db%2Bh7IYOzKHdhY%2FEkqDo4XfF74%3D\"}]}\r\ncf-ray: 9a45a5897d254e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1288,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7329c4d2dceed89a9de1c23ac4116801","sha1":"e8d9414101cd72324a678366e68fd9d1d9806f55","sha256":"32b914d6a1908f13560cfa5062de4c878958a611b8fb1b7dd851a1b145dc31af","sha512":"12485fd2e4a42a5d1215b8ce1dc1d91caddb8c06d295661ef4b1505ed72c354e0ad40cfbd3e966e79734d004fee1469f371d8a14432455e98fcaa42261e1527c","ssdeep":"","tlshash":"cb21ec45486d8c78937c39d064c37eb4925c7617e8f51e60519c97b880eabe0a122b7f","first_seen":"2025-11-02T10:05:16.946972Z","last_seen":"2026-03-08T20:41:40.072547Z","times_seen":34,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/MCSFE_getMerchantAvailablePromotions","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/MCSFE_getMerchantAvailablePromotions HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: bm39mmkf7\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nLanguage: MY\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: eissdgx718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 5\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=flqm3szKmihF%2BI8Q76brLqQ3cJpcVqxj95UYM1uO%2BPKdJwyOUo9PH4Qt2RZ6OiotPes5fCRlQeqOL22LboIOZ6sl06PtWrnqCRFJTvE%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a58d19814e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"484e66f112e7d0b73fc477c4fad435f1","sha1":"4be93b860ca462ceedba54baa09d411e63ce6959","sha256":"8e36e490a37c8149cb1e4fdad4fd53d481f1258f2e4026396405d91f56d406c6","sha512":"161b60d9ed3ce358744f09441ec4b6cd7fc2c5f0a6b60fb36c514ef0063e5a80dd2d175237cd814cb7dd9861baab912a2c90f1385d8f91b32f6c4a7da32cef53","ssdeep":"","tlshash":"04b01207050020a18291c004d23c3f032075483346033018c208912ca97f92903cf866","first_seen":"2023-11-24T20:05:56Z","last_seen":"2026-04-06T07:34:33.873066Z","times_seen":1286,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/bank-8.4c06c935.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/bank-8.4c06c935.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 3554\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-de2\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 19:26:39 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\naccept-ranges: bytes\r\nage: 74628\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sOWCt4%2FnFzN23qdE1lx%2FiJE9YcrLHX9Yu0hmyOQNk2vJ6UJLjyy3k8c4F5DDTIx82iWOhwBfqhHK4JNAWCC7fvFChlb42S29eyEMUmc%3D\"}]}\r\ncf-ray: 9a45a58f5c684e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3554,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"4c06c935c743195f4f0468f8f2a549fc","sha1":"6d695709c23a42e0322d5cdcaa9f61f9b7c9c112","sha256":"b00b81ab50e3dc404b45b7c4ba5ca3d2ded6e72c83bd0851ab20dea8730b6cea","sha512":"82ae720b0eba54547767b2ed4267df5ab48d5741dd72c2afa83b0da24e47b39267a6d6342e903bf9d19f4b522585973c22b42386be79fc868c624af3a82031fa","ssdeep":"","tlshash":"a7715cb05e26dd22efb57ede6333ad31c831667824abeee719c0588261c47a5e10d413","first_seen":"2025-11-02T10:05:17.010555Z","last_seen":"2026-03-08T20:41:40.104467Z","times_seen":34,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/mcs-images/announcement/bm39mmkf7/1763985922767_APP_1.1.1.1.webp","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /mcs-images/announcement/bm39mmkf7/1763985922767_APP_1.1.1.1.webp HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 141074\r\ncf-ray: 9a45a5939b382efa-OSL\r\nlast-modified: Mon, 24 Nov 2025 12:05:25 GMT\r\netag: \"69244a05-22712\"\r\nexpires: Mon, 01 Dec 2025 12:06:37 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 129960\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":141074,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x660, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d2c9b162a3dc49657bd7591fa3c50f73","sha1":"1f75c961165930fb8927f52b8f99719cf6d69f95","sha256":"50f9c09b7c6cf6466d097d9e1116791ff45ff6f990621e51854888b304d4a0d6","sha512":"25be9cb215905d1e59c651f4b9f1f6092551019ede2c366c3c49556d0edad9026b58c88a3c6e833a5e334d2f9ead14eb152bec716d25023a70cbb9aa2918edd4","ssdeep":"3072:8oVHX/dU7PJxoOvea/OxnWiNq3SyquITTUhQdGmeTTRAJ:8o1/iJxo8ntiNqc3hd966","tlshash":"90d31357573ef98235623bcca036b51d2bf527002acd681a0c3326b7d3b51bad72e624","first_seen":"2025-11-25T06:42:06.149396Z","last_seen":"2026-01-13T22:36:12.475286Z","times_seen":17,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":30,"dns":0,"connect":0,"send":0,"wait":25,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/menu-hot.8c71d5d8.webp","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/menu-hot.8c71d5d8.webp HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/webp\r\ncontent-length: 35548\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-8adc\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 10:20:12 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 32680\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vBA%2Bta9gy3Jhp6FzC3z%2F99G3VHqLdxGcW%2F2WoFjAV%2BTZz5aaoqqW2owqv4Wewo%2BWSvlsKbCImYzLEnSrxG9OPK6xJaNCJUc2TgWfA1c%3D\"}]}\r\ncf-ray: 9a45a58bbfc64e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35548,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8c71d5d8b93fdbb1cb2e14b6ec6ec9c1","sha1":"039743ea44b7b8a4147b07f029e7ef1654030d15","sha256":"3c911748dbfebfa7d1ee33a0f19d5a4f04a295801fbc7f59e4a5750a9c1a999e","sha512":"d6d346bfb65b41826f7b5a91ad896125d778aef4e11e2bb82fc7e5b4ce37e25ae501fcf0ca486567cf563a6d919b99bfee52a0255ef84e3180b88df12324aa94","ssdeep":"768:0H3abUaqyR4i4anaTshuwPYD9qP8hJiOfuA7rhdwzgpGkkv5u43yqTfct3fxkY:0XKEaaquwPYRq0yAVrpnkvR3yqIt3fxx","tlshash":"49f2f1ec4a7432212f577c0f777c1f84e756a19cf66299612c2b8a4321a45ab1a9f0cf","first_seen":"2025-11-09T08:42:38.535532Z","last_seen":"2026-03-08T20:41:40.121069Z","times_seen":33,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/LazyLoadImage.3093c242.chunk.js","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/LazyLoadImage.3093c242.chunk.js HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f115c-7c6c\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 21:45:41 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 74627\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o3l0rCjDxfPDtp9C6niTqhMq%2BDRFVZMhVItHLK9AsXJl2niqX5F8qq%2B3wulTMP4jYAT%2BzsXzMrnkDcDzsOiEmoZ8%2Bh2Q1%2FHY5rbYXXk%3D\"}]}\r\ncf-ray: 9a45a58ffcfc4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31852,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (31852), with no line terminators","md5":"2dd10ee5acba3bde7596fa466b3b9a8e","sha1":"7662018d8b238120d859a11f61da6ef6fce9e322","sha256":"87325e0052eaedb5bdc873c9a4bfe31d64842ba064251a532fffa42607812224","sha512":"6e4d5163e2bb568ddb7d9a63319154f44056901bad2433eafaa0f78735c68ac37439bc2d27f7db99519578d304bf27f9396eaeff5d6b7c9e1e1fdebb1b368183","ssdeep":"768:8sHcP/CYMojLOWXf8vKzXkfHN0FFzzzdL9h/ev:8qYfkPIvT4","tlshash":"b9e2958476a2f07442d7516a803f5507f279693e946da080f372d8f06efa59e8633f3a","first_seen":"2025-11-02T10:05:16.979166Z","last_seen":"2026-01-13T10:36:26.548743Z","times_seen":23,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/mcs-images/announcement/bm39mmkf7/1763808225732_WELCOME.webp","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /mcs-images/announcement/bm39mmkf7/1763808225732_WELCOME.webp HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 156996\r\ncf-ray: 9a45a5935ac02efa-OSL\r\nlast-modified: Sat, 22 Nov 2025 10:43:48 GMT\r\netag: \"692193e4-26544\"\r\nexpires: Sat, 29 Nov 2025 10:47:18 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 301955\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":156996,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x660, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f2586fe3d6307b5570d8c5f26d34b14e","sha1":"8022d797483275e54ac8dce0badd696d588b5540","sha256":"46d5944c930ba2fc32f8eb29c160ebf4af80974dd0c57b310ea7be7ef76d0a81","sha512":"26cecfd312a823212f622d15b52b90643b865eec4f24278487042e4ab7dffaeec29f7f98b3067330465f577059bc5e93be9ce970ce945d1a95e9f9f6fba4d593","ssdeep":"3072:UmOOZe/WCFhfmPn9/agyPnJrkg3FsXSS9lVFw:UmBReOP9igyxrkgeCgJw","tlshash":"82e3137afa1847d5bb74ea947b80e01a21b0b32d50acfc85e695ff6dd4322dc1b16903","first_seen":"2025-11-22T16:37:35.94071Z","last_seen":"2025-11-26T09:58:32.204527Z","times_seen":5,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/footer-service.1ca1b76c.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/footer-service.1ca1b76c.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 60190\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 18:22:30 GMT\r\netag: \"6925f3e6-eb1e\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 18:24:10 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: HIT\r\naccept-ranges: bytes\r\nage: 4507\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9K86rJcvegdA27NAjZXO931nBxcht0pms4h%2FegT646YiHxGIqtwOFlidy5FX1hskrjc%2Fpm6Ys4WqHfFerSQxShPFcN1Z9Gr%2FKSEsegY%3D\"}]}\r\ncf-ray: 9a45a58bcfdd4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60190,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"1ca1b76c6c8ef13036f25e55306e5df2","sha1":"14588c600e120ed8af2b006671145215b99f9bfe","sha256":"79ffbbcd171677e5ad0dd0ddc972f0cef07d97b2c60decbda90ee81614c181f3","sha512":"d5c3f9873ade9c32c0bf50c5d8812fae79a6cbe6576d39463229de87b43c2b58ff6169ea46db8d02ad69b22d08bb178bf027aa6f48567721013d2c3c0b1446c1","ssdeep":"1536:K2/8w0eSQK1Grb4PtvF+23aj/2ZUsVJWj3RO9NAoO:fl0tTPtfajO9zmO9NAV","tlshash":"954301e2930cc9621e9a3fd3d5cb5066818fe2642cf7ca1c8eab091ae72435b5dd55e0","first_seen":"2025-11-26T01:35:43.574889Z","last_seen":"2026-03-08T20:41:40.228074Z","times_seen":18,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com//TCG_PROD_IMAGES/B2C/libs/gt/boc.js?v=1","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/B2C/libs/gt/boc.js?v=1 HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 9a45a58c6bd62efa-OSL\r\nlast-modified: Sat, 04 Oct 2025 00:35:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e06be3-3429\"\r\nexpires: Thu, 27 Nov 2025 04:03:17 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: HIT\r\nage: 508269\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13353,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"845e2236627b939e57fb462ea29ec554","sha1":"9e3bf49321d552ec26777a8c6d9bf71530f47bef","sha256":"cf2e948263c1ca01e8f6e163439d99a176345e0a41bc93104608f675b2f4145c","sha512":"b3f6919c720eae8d2aa4f12a9657d936c5c52206ca2bcec44920c2d76be5fce6be8e2c5bf1dab20aef890fc11a149321c7199a0e44296f51e7d77878d6dbda39","ssdeep":"384:OcB6Y6+HiaWSXauU058DIml6yDwFJQqVqB:OcB6Y6+H9HII22ze","tlshash":"1852114d68f7609385a3b428ca9fa114b9788a57002ccd85bd4ce3589f9447c9bbbfdc","first_seen":"2023-06-14T14:59:52Z","last_seen":"2026-04-06T08:03:54.981789Z","times_seen":353,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/WPSCORE_checkIfAppDomain?rootDomain=bm398.com","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/WPSCORE_checkIfAppDomain?rootDomain=bm398.com HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nMerchant: bm39mmkf7\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: 9ev7g63718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g3qnTXSppCwHKtFmfpn4BsUcsnTfYOLS86y88eDbIIHf11MUuE0Aftw3NK6rZ0BdCwv5t9A%2FmDR3edKPrkADJIDGT0pLD3Fx1b42D70%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a45a5894ceb4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3e87820a66f1829249ddd1a29f83c331","sha1":"d286adff496089234f911f647d33594b6c04da46","sha256":"6b73520ba2d5379eb9e88ea386fb92e3ac95f622eb8b719b39632bb5fafc2120","sha512":"5275dfc6d5eec79fdcd7054104224e2747bdfbe451b1779e063fdc104319f316c1d3e0e9e0aa3e979839b5339579b40ea7a60998bb557d9d89169c3e9db614b6","ssdeep":"","tlshash":"5b800002200008fbc00223002a382f0038ac00aba000a088e00c8088bea2802208388b","first_seen":"2025-08-21T08:43:15.406553Z","last_seen":"2026-04-06T08:29:59.57092Z","times_seen":1016,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/nav-login.70abbf36.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/nav-login.70abbf36.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4445\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-115d\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 19:25:41 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74655\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=isCjegTnS9zraHziUc187TW707VAfcP%2Bk4aiSE0leWGUquAVGgZNvWEtHDq7EC9520ggvpSeMiE%2FejczwPDSjUMUWsbkIVFOZY0KNEs%3D\"}]}\r\ncf-ray: 9a45a58acea44e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4445,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"70abbf36fce30e4179f69b049e77bea1","sha1":"84fd0b2fdca2b8543aff107ef2d8bbfb9559a144","sha256":"8b0dc17bd313803dfbd67fcfd504bbae6dabc04d6d28b42293e14c2b05007966","sha512":"97743dca9b2fee2b68dfbfeaaa54975e9595df040c8f5a6a582f398780e487878cf9f09059f7b8a258903244d7c869442937b5112c6152be845f0796c4018218","ssdeep":"96:/HZ+jlpykvqSQJryCBjoVVg8YNriu9MEFbLyLDFwovyd:BElYkv56ccV9MEFKLGUi","tlshash":"65918ee93208bf09cd250461f28740766fbaad12c66453bb6161e53c11beb0b6725585","first_seen":"2025-11-02T10:05:17.009094Z","last_seen":"2026-03-08T20:41:40.118798Z","times_seen":34,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/download-bar-bg.ec834e9c.gif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/download-bar-bg.ec834e9c.gif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/gif\r\ncontent-length: 730744\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-b2678\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 08:48:37 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74656\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3FSZOSaGS%2BUeev0FRDDg93rGPojR5Yo%2B9%2BRra7WFuwUNmIi%2B1XS8XSxHaMd2zZ5TQlLPCd4k%2FQi1DJJnQ3Ndxgl0Eys8pZc0SyLeHPY%3D\"}]}\r\ncf-ray: 9a45a5905d404e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":730744,"size_decoded":0,"mime_type":"image/gif","magic":"PNG image data, 750 x 128, 8-bit/color RGB, non-interlaced","md5":"ec834e9c047f440a0e7737ba1425ff38","sha1":"63fce4594f3a36a0f42ad927d1b771f35a59226d","sha256":"17efdb74e218c9bcd05c62e462930dabc3ab51f292b5f330f46ba8b1ec8d727a","sha512":"deba05138049e117ca0a12958a3e585951d7816a232a5f12eada5eef46207906d0fde61ef88076791ed62ce457204f122b176be914fe2850169b250b091a8d5c","ssdeep":"12288:rDXL7XxdKtKzWlyfof0XdjWjnqGrZCBRxptPmABTtj4JvXfZp5Z+TRiU:nnb3qDMjWbqSCBRntPmAL0NU","tlshash":"faf42384f5ed386cf9b651b14118e502b9f9c7e08285d0edbb1c4b99c12a241fe1bf6b","first_seen":"2025-11-02T10:05:16.90634Z","last_seen":"2026-03-08T20:41:40.212981Z","times_seen":34,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/download-bar-close.320cc146.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/download-bar-close.320cc146.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/app.3332fc23.css\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 5815\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-16b7\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 18:31:44 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: REVALIDATED\r\naccept-ranges: bytes\r\nage: 74656\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S69Cznh3VvcXVS%2BnZSMOWI0vdo9EG1dYGzjjt4dI2ihKYEL0pZS%2F2SW%2B8Fgy8hig%2FN96mlQ3ZPvxfky2Kgn1yUL62DzV19I2vd2%2FHb4%3D\"}]}\r\ncf-ray: 9a45a5908d724e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5815,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 119 x 118, 8-bit colormap, non-interlaced","md5":"320cc1462f9f126f12ed51e60b0c2874","sha1":"e8d0dc3022ef89114a13191b8ff9e97778626922","sha256":"283fee2d1b5c8882cfb8a4d3d21a9313c169e2b75cb0a33e076836a2071b79d9","sha512":"af20f01e6554555799494076776dae77f2b6f1b960564903766fd9bffd536d7e0d7a87bbbdd1bf42bf4e2b3d1036af07a98d180503cb64e6acc2d175248dc3c9","ssdeep":"96:RyJa5Pou51NF4IWXoyIE3A0RAh3eRYF6p0nphClqxNJ5bckWoA7:gJa1ouBF4z4RE3APh3eRzSp46Nb7RA7","tlshash":"1ec18e86411655c1a1e61707ac2b107cc8d47a8917ffe02a6c628cf4da21a44dbe32a3","first_seen":"2025-11-02T10:05:16.959785Z","last_seen":"2026-03-08T20:41:40.078609Z","times_seen":34,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.salesmartly.com/chat/msg-user/create-user?plugin_sign=bad3686ca8c10e122c8ad3cf11ff64fd\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902484\u0026_lt=\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062","fqdn":"api.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Sep 2025 02:42:50 GMT","end":"Sun, 28 Dec 2025 03:42:48 GMT"},"fingerprint":{"sha1":"B1:CA:16:55:2A:50:FB:2D:0B:B6:66:4A:9C:DC:91:51:56:CD:70:A8","sha256":"32:1F:86:0E:5B:75:DA:DC:F1:5C:59:AE:86:4E:0B:4F:54:CD:4A:35:01:B2:7C:FD:AC:BB:03:42:36:9B:A9:62"}}},"request":{"raw":"POST /chat/msg-user/create-user?plugin_sign=bad3686ca8c10e122c8ad3cf11ff64fd\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120902484\u0026_lt=\u0026_u=2b3351d5b9ceaa94f56b515c9e7ce966\u0026_xma_=468062 HTTP/1.1\r\nHost: api.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 409\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":409,"data":"source_url=https%3A%2F%2Fwww.bm398.com%2Fm%2Fhome%3FaffiliateCode%3Dproads01%26cid%3Dw4thi1a12f2p11ee348m4ri4\u0026language=en-US\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026user_id=10271aaf20d375d51c598d2cc9d01960\u0026data=eyJwaG9uZSI6IiIsImVtYWlsIjoiIiwiZGVzY3JpcHRpb24iOiIifQ%3D%3D\u0026is_sandbox=0\u0026before_source_url=\u0026label_names=\u0026custom_fields_ext="}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\ncf-ray: 9a45a5988f771ae6-OSL\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: https://www.bm398.com\r\nvary: accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type, Share-Access-Token, External-Token\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-max-age: 86400\r\nx-request-id: 161f2bd6-36d6-4c44-a1fd-7bfaf9b95460\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":157,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"8b3ec8087eb14002fd6ed4c13b69b9c9","sha1":"0ea6c7ab63396c142789093f884d4b02cd260b25","sha256":"97155ce3ee6ddd8a7ed1ecaa98a6f79eda8ac34505f34572af585f822d901bda","sha512":"a498c27e6b2c89f1d4f62b6744ce61c881428e21188921230b9dbb24f871a99f4f687a96182058ffece80cc7a23445c709b2e15d5478f96f12fc415455d79a78","ssdeep":"","tlshash":"0fc08c13568242b14ea2204a81162647b2e420358fd2b2944cfd08648bcc2a9b2e6d51","first_seen":"2025-11-26T01:35:43.578589Z","last_seen":"2025-11-26T01:35:43.578589Z","times_seen":1,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/memberCenter.ccf8c245.css","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/memberCenter.ccf8c245.css HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 06:08:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692547ed-172baa\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 06:08:55 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rpDlkqaSwxmPJ8%2FJMjqk8JPqr7ecCAe1bGclcEQfVsqYcEsE4zI2hcZFrozdw38l%2BkuBPE2pqRsn7Gv6N43KO8jUhYpaVw3eRz0yDYc%3D\"}]}\r\ncf-ray: 9a45a5847f7b4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1518506,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (45058)","md5":"1ff15162718c2fbb93f0c460371fd02a","sha1":"d3acc23646119fdb91a538768564b5d3cee14c1e","sha256":"812f571d3bf5c7ca5b3b8a338c4214257f874733a94c77e0e285e1a01f1e7697","sha512":"98d6180b19b065a4366453a48832c60f3f04fe3247fdbeaa9c151738309fec903aa32fef8e93ca5ac7449429207e0aab6156ef4414a7520c67f6b963fd736a79","ssdeep":"24576:xxfJNF1lUGrZ7DU+5UvBugISvyqPT4Nbg2fZY/qEFF8d4ZdbvBugISvQrpm:xp59qPT4Nbg2fZpd4ZdOpm","tlshash":"1225e8369a16212df57bc63a7dd07b8c191dd042c2570afdf117be3ecbca2962672248","first_seen":"2025-11-25T06:42:06.165469Z","last_seen":"2025-11-27T04:59:19.23906Z","times_seen":9,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.sentry-cdn.com/d246589a44bc1730e42d1e967d9c29ce.min.js","fqdn":"js.sentry-cdn.com","domain":"sentry-cdn.com","tld":"com"},"ip":{"addr":"151.101.130.217","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.sentry-cdn.com","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q1","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 07 Apr 2025 18:50:27 GMT","end":"Sat, 09 May 2026 18:50:26 GMT"},"fingerprint":{"sha1":"00:4D:2B:16:F6:29:29:D8:2F:20:48:BD:32:13:96:5D:37:EB:F8:25","sha256":"07:FA:B8:3E:6D:AC:BB:16:5C:22:49:01:30:87:B9:66:E1:FB:75:FD:50:1B:81:91:9A:06:CF:FF:A4:67:5D:F2"}}},"request":{"raw":"GET /d246589a44bc1730e42d1e967d9c29ce.min.js HTTP/1.1\r\nHost: js.sentry-cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000\r\nreporting-endpoints: default=https://sentry.my.sentry.io/api/0/reporting-api-experiment/\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-security-policy: media-src *; base-uri 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; style-src * 'unsafe-inline'; img-src * blob: data:; frame-ancestors 'self' *.sentry.io; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io 'self'; object-src 'none'; default-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; font-src * data:; worker-src blob:; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e\u0026sentry_release=a8ca1f790e0f3d908066c96359daa30769423b1a\r\nx-envoy-upstream-service-time: 30\r\nx-envoy-attempt-count: 1\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\nage: 9\r\nx-served-by: frontend-misc-6cfcff49df-7s6sc, cache-chi-kigq8000098-CHI, cache-hel1410031-HEL\r\nvary: Accept-Encoding\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-length: 1338\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Algolia","description":"Algolia offers a hosted web search product delivering real-time results.","website":"https://www.algolia.com","common_platform_enumeration":"","icon":"Algolia.svg","categories":["Search engines"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2768,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (2767)","md5":"ecadabd00c2040ea21a60d51207b99a8","sha1":"bb265db1ed1ee2752e0bc956eac9936eada93fbb","sha256":"249796fbb4c77d1237f30520713ea1239a753eabc70ca253ac7478b8712f2189","sha512":"2e04ecb26576be08334235ea8600199c5495ea42f36488e14f3ae74c3ead7a530a09d9d50baf2918583491280689c7634f80ae8ab26fddf8d0d1f6cb73795777","ssdeep":"","tlshash":"4751c7a47fcefc730ba32731407f690572726a59a449c280991af9d41c71859375fa0c","first_seen":"2025-11-25T01:10:57.028926Z","last_seen":"2025-12-01T08:14:06.183335Z","times_seen":22,"resource_available":true,"data":null}},"time_used":177,"timings":{"blocked":79,"dns":28,"connect":23,"send":0,"wait":14,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/nosleep/0.12.0/NoSleep.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/nosleep/0.12.0/NoSleep.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6604\r\ncf-ray: 9a45a5862ff975ab-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5fd9562b-415c\"\r\nlast-modified: Wed, 16 Dec 2020 00:34:51 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 383060\r\nexpires: Mon, 16 Nov 2026 01:34:59 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=5yTP4827Qif7UpCdfqcIRUhjM2Jns3lohzkbvl6ve6Nv9BjPxqczr4Z%2BbhyotQvKVkkwu32q3GdGs%2BUa3QKcB8fyX045QuyPLhb4PbNfwg%2BKOL%2BljPlr86GB1emh%2FHeUW8xOc6fx\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16732,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (16658)","md5":"19c1506fe0859fd64781bc6ac192eb18","sha1":"4157a57cb65607c161f3be1d0a0da86810e14880","sha256":"887b763e53ecaeba7bdddcacb29f7ffaf9da8a3576c2cca7ea4a1ecd14ff731c","sha512":"0d2cef61fc495918b713abdf70641f2f90aa3a5029c58aeb76a44fde14429e8899d2833af9c7188dbb5dcd0154ac0388fde84a93454a16e2ace46b1e18f9158d","ssdeep":"192:e06JaOxe+f1/HFOjoKXWbBVIXk5Vq4+tHFpaxx/26:e06Jf5KXXXk5v+tlparl","tlshash":"3c72e8b72222bce65f674c84c42730066d247c6b532c8064bf085afaaef9528d967c74","first_seen":"2023-03-07T12:03:05Z","last_seen":"2026-04-06T00:47:51.351196Z","times_seen":3653,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":28,"dns":1,"connect":4,"send":0,"wait":11,"receive":6,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/wps/relay/MCSFE_getListAnnouncements?types=B%2CPL%2CPU%2CPR%2CH\u0026groupName=\u0026platform=M\u0026merchantCode=bm39mmkf7\u0026ext=avif","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:00.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /wps/relay/MCSFE_getListAnnouncements?types=B%2CPL%2CPU%2CPR%2CH\u0026groupName=\u0026platform=M\u0026merchantCode=bm39mmkf7\u0026ext=avif HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAuthorization: \r\nMerchant: bm39mmkf7\r\nLanguage: MY\r\nX-Real-UA: TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjA=\r\nContent-Type: application/json;charset=utf-8\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: mct4a93718\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: FREEPLAY3, COMM3\r\nx-elapsed-time: 26\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fm6SHX6xXXcBMyidaLGp8%2Bx8CscQ0wfLY%2FhfxzfWQjtbtAuK6KS9MWDc2jtokmWMHQfU98LkRojKGimvuXQMKhf%2FWppjd54l710ZKUU%3D\"}]}\r\ncf-ray: 9a45a58ce9474e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":534561,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6a9fb69a4eebf7ec25c099cacd397270","sha1":"a047c02f7386596b9811cebeef7aa0d05b979d78","sha256":"6c8589a62eec3328c9e01f70280d8e35a941487bef04e31bf087384febed951a","sha512":"22a8086c5b7f0963a10a413453e45a3016cda924e1017c0ed777956d68eefae20bfcabfd6ae89bcb5f64fcbce60a42b63e8614111b066cf0df641f525c7cf1ed","ssdeep":"6144:FHWnCfvAn3Qf4xME0ELEDVyr25pn9skcRExkn89n/O2Oj5t0NHEa+8P51RJ:7NE887Elj","tlshash":"9ac4d202937683102c6dcac45eefd7b53cdd2608b7004969bb2d91f9ab8dc75b260f5a","first_seen":"2025-11-26T01:35:43.581911Z","last_seen":"2025-11-26T01:35:43.581911Z","times_seen":1,"resource_available":false,"data":null}},"time_used":507,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":507,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.salesmartly.com/sys/company/plugin/get-plugin-info?plugin_sign=57632b3e33277035a42857849b4f30a9\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120901949\u0026_lt=\u0026_u=\u0026_xma_=","fqdn":"api.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"104.18.22.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.salesmartly.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Sep 2025 02:42:50 GMT","end":"Sun, 28 Dec 2025 03:42:48 GMT"},"fingerprint":{"sha1":"B1:CA:16:55:2A:50:FB:2D:0B:B6:66:4A:9C:DC:91:51:56:CD:70:A8","sha256":"32:1F:86:0E:5B:75:DA:DC:F1:5C:59:AE:86:4E:0B:4F:54:CD:4A:35:01:B2:7C:FD:AC:BB:03:42:36:9B:A9:62"}}},"request":{"raw":"GET /sys/company/plugin/get-plugin-info?plugin_sign=57632b3e33277035a42857849b4f30a9\u0026plugin_id=g14i4o2\u0026over_time=\u0026env=chat\u0026_=1764120901949\u0026_lt=\u0026_u=\u0026_xma_= HTTP/1.1\r\nHost: api.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bm398.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:02 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-encoding: br\r\ncf-ray: 9a45a5962f378be6-OSL\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: https://www.bm398.com\r\nvary: accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cpl, Agent-Cpl, Send-Cpl, Client-Type, Share-Access-Token, External-Token\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-max-age: 86400\r\nx-request-id: 8fe84940-8fba-4c90-9517-9167b8667b7a\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4857,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"f0ae5e72f985c1cdf120b29e4e1174cb","sha1":"288a58afda8a6c01369bf6de6a06bc0f81e1af0a","sha256":"164cd0f0e36a6bd32904f4859eca24e36474a1e5fdf55cd317c02a4c76650c80","sha512":"4ff3970b50bcb719f7098f7a6705e4ba6aeb6608cc685eb2ad42a547c98d6b3976b17f1270f827efbaff7ef4da70ddfac683df5605999f79a6aa05a16c4f9892","ssdeep":"96:luzPPDAw430PGE4uZdSDIbRJRUx2lUdpjUtU4OIXUpBij:qEwWItJR6pUtULFij","tlshash":"ffa1a731505fd863929348a815ecad20dd5f83b881ccce94ad6ccdc94cec9a5a30770f","first_seen":"2025-11-25T06:42:06.179751Z","last_seen":"2025-11-26T09:58:32.133617Z","times_seen":3,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":112,"dns":58,"connect":1,"send":0,"wait":262,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets-cdn.salesmartly.com/prod/project/g13cr8l/p1/integration/plugin/image/20250924/1758702827005/image_1758702827005_9a48c7f30c7d8fd10459e3e7cd9.png","fqdn":"assets-cdn.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.25","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:02.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /prod/project/g13cr8l/p1/integration/plugin/image/20250924/1758702827005/image_1758702827005_9a48c7f30c7d8fd10459e3e7cd9.png HTTP/1.1\r\nHost: assets-cdn.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ss_uid=2b3351d5b9ceaa94f56b515c9e7ce966\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 16670\r\nserver: AliyunOSS\r\ndate: Tue, 04 Nov 2025 05:38:11 GMT\r\nx-oss-server-time: 25\r\nx-oss-request-id: 69099143A87B9A3539C3493B\r\naccept-ranges: bytes\r\netag: \"A82EEDB1D7E6578752DF419CCB0EF8D2\"\r\nlast-modified: Wed, 24 Sep 2025 08:33:50 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13128038412537342626\r\nx-oss-storage-class: Standard\r\ncontent-md5: qC7tsdfmV4dS30Gcyw740g==\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: ZCMtJVu4_1NkKsGyLD7YPUAUSwpReS9oGbJMBGUarW53YT9KKFd1sQ==\r\nage: 1886211\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":16670,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"a82eedb1d7e6578752df419ccb0ef8d2","sha1":"7403dfd074460c776066139856853bebcae07be6","sha256":"52104af9331415f0de65052b23abb652efdfb953e988f7f28a4983495c26c56f","sha512":"52b6a5efa4ea1395c0f85a01718e29b66362c0295ae41f4ce545b85a0133b559ea61f2c3a490ce9946d21022acb679c4191fc103d59e73957481f356932892c4","ssdeep":"384:T45WYUdAs44HpQPfhYloNpTqIuA+S6V0on78+Dgwi+P8:kYDvcf0igIl76VjI+EtF","tlshash":"4772d0402032fb46ab6d8102d86f6a8ef558e54bd24c68b9c2097fcdcbd51a59d067f3","first_seen":"2025-11-09T08:42:38.512316Z","last_seen":"2026-01-02T05:36:01.866156Z","times_seen":16,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":64,"dns":47,"connect":3,"send":0,"wait":3,"receive":1,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/bank-4.dc8934fa.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/bank-4.dc8934fa.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 2602\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-a2a\"\r\nserver: cloudflare\r\nexpires: Wed, 26 Nov 2025 03:24:33 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 68019\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iGgtHsQdXy87tNZgH4JkO9hXzQ6HKpstm7I0AGe0mkEA01vFh7Qo3G726%2Fp7bSgs2xg%2BCSYwtnrclJdUl%2FJaeXkLRXQHFC2J%2FKTa8XE%3D\"}]}\r\ncf-ray: 9a45a58f4c554e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2602,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"dc8934fa475b1cfc1d97b58bbdfd592c","sha1":"209b76cd837a6dd9637ea1e72cbf6034f8991bad","sha256":"b644299c6cd6b2dd5a68d2155e2201846a7e68488281a7c53af3c5714a4b6c55","sha512":"d5b2d225e92772d56ac09ca13e94c998c83ddbde23a34c0c153f356c14f39112fc1fb506851a9c753d3d7f45a2052377546a3066c0e2b84ffe1ff2eb132395a7","ssdeep":"","tlshash":"c1516ce4a6ad50bbdac60b3a121f6617edd208d3f8bc1a53158dc0ab05d18abe78940c","first_seen":"2025-11-02T10:05:17.007121Z","last_seen":"2026-03-08T20:41:40.153416Z","times_seen":34,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"client.salesmartly.com/setting/sounds/ling.mp3","fqdn":"client.salesmartly.com","domain":"salesmartly.com","tld":"com"},"ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.salesmartly.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 05 Nov 2025 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"21:16:EC:FB:98:9D:64:FD:1E:C8:5C:02:6A:93:88:4B:65:15:09:07","sha256":"26:1B:3A:72:0D:8B:91:C8:40:3E:89:B3:CC:5C:13:07:99:A8:EB:AB:72:A0:AC:58:2B:0F:C1:C8:C7:85:2F:3A"}}},"request":{"raw":"GET /setting/sounds/ling.mp3 HTTP/1.1\r\nHost: client.salesmartly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: audio/mp3\r\ncontent-length: 47223\r\ndate: Tue, 25 Nov 2025 11:41:46 GMT\r\nx-amz-replication-status: REPLICA\r\nlast-modified: Tue, 02 Jul 2024 06:29:42 GMT\r\netag: \"1065fe976ff9e98d69772fe0f0d7b808\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: public, max-age=15552000\r\nx-amz-version-id: J6b7RzocQsVXwTzS3QxevgOr1gKTyblY\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ncontent-range: bytes 0-47222/47223\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: Dkhu3I6owsHBCZOXYM8veKgcaZxdWnXOMjn2pBqjn9qqNkGM1C7t_A==\r\nage: 49995\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":47223,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo","md5":"1065fe976ff9e98d69772fe0f0d7b808","sha1":"122193fafe8453db01635cf4502524eb93264fdc","sha256":"35fbb2ad61551e3a396591657a66b563222454418238c46005b89418556f9983","sha512":"7d0de1b98c66aaa939f56253d100f5efc36128c2b8420fc8c932f68873a643a1179411a9410125aa3ff5512f74dad1209f2e19c5a0734d4582c5b94280e242a7","ssdeep":"384:ju+iqqxhBRBJ2zjBQRB57Nsyf+/C6ufaPkm5NyxGo5Vtll9rFd1ft7FDehm:junhJdlac","tlshash":"00239434b6a108d0e14eaaffb0deb2121e771ec3cd56a84075ef78044fb1179255b8b6","first_seen":"2023-04-19T11:38:49Z","last_seen":"2026-04-06T07:34:33.842132Z","times_seen":2186,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":104,"dns":105,"connect":4,"send":0,"wait":2,"receive":2,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/PP-COLOR.png","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/PP-COLOR.png HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10724\r\ncf-ray: 9a45a5900f5c2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=604800, public\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origFmt=png, origSize=11875\r\ncontent-disposition: inline; filename=\"PP-COLOR.webp\"\r\netag: \"6914cbe7-2e63\"\r\nexpires: Thu, 27 Nov 2025 04:03:06 GMT\r\nlast-modified: Wed, 12 Nov 2025 18:03:19 GMT\r\nvary: Accept\r\ncf-cache-status: HIT\r\nage: 495455\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10724,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bc216353513c471624000ceae93ecf17","sha1":"015001f93a01e0df21fe3c9aed77114ca606e7dd","sha256":"0b72cfcb5309997f664ef260bb7a752cba4211f3f754a22f1b846b5a62158fb0","sha512":"3fa2361f13d6f727c4482778110c4ecccae7b8fa51521f12f9b5e0db4a0b8473f5048097914217d7361e5abd4b8bc627713b6392f55dfd5deffde2f1516e2de2","ssdeep":"192:sQ+avzZ5T7CWiGMrnLAT7/mpynKT5bhMf/HidXkcUkT1qTmlyFtTKdeJyA0:p+o3CWirrnLs+pT5daoUQYTIyFsY30","tlshash":"2422b04da4437b9b196b4d0da5214bbfb6744a9d181f60c0042feeebb1a1d04ba47ef2","first_seen":"2025-11-12T22:07:03.993027Z","last_seen":"2025-11-30T14:48:07.211569Z","times_seen":37,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/icon-play.810e3db0.png","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/icon-play.810e3db0.png HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 2221\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\netag: \"691f115c-8ad\"\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 18:34:01 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\naccept-ranges: bytes\r\nage: 74626\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a4bMgCc2i%2FojibKoCDQg20ILSA6Rc31i8jKTk71Z3LRd5TimsEFYVLZgOn1Pg1k%2BsfcH7hsRsSN5Ephy0Mu4lbPslkFbJiLkRNhAGFU%3D\"}]}\r\ncf-ray: 9a45a5910ddf4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2221,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 85 x 84, 8-bit/color RGBA, non-interlaced","md5":"810e3db0576b05bb4470e44b103e16ee","sha1":"26b7a24f1f4b5066bca27787a62f9b0275c235e8","sha256":"d6005c2098d32fd306ef8cbe51d8c0d8682cc51d80a4934f8b63da06a469797b","sha512":"f9d85474daab632bea03e1a13751b98da33595ecf1abfb27b873bfeff328f64503b1be568a9e9cee5eb96ea88a900e80da8e9c5612689e4ef030a186cd7845bf","ssdeep":"","tlshash":"df412bb26e5439fab698156d126b1701a0abf5da48f024bab0f0d6e4ac08d0c0cca18b","first_seen":"2025-11-02T10:05:17.019393Z","last_seen":"2026-03-08T20:41:40.190109Z","times_seen":34,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/mobile/mc/asset-manifest.json?t=1764120901459","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /mobile/mc/asset-manifest.json?t=1764120901459 HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: vl-cid=w4thi1a12f2p11ee348m4ri4; SHELL_deviceId=e622e07d-80f7-43a3-9342-a2585d65b81c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 25 Nov 2025 06:08:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692547ed-8431\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST\r\nserver: cloudflare\r\nexpires: Thu, 27 Nov 2025 01:35:01 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fgxoAvGQK1JYWirBEBF3hGfxoeM98LBiHYyZZ3TKOnGN51lBwdKk%2FqZzPL7yN1MjofGLE%2FLIg3RJ4hpmF4zGR82Rc1fMzWuRMHwIMOA%3D\"}]}\r\ncf-ray: 9a45a5922ede4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33841,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e769b8f76fea1c4135f3a7b62bc5a24f","sha1":"638d46497ff238e4abcfebedcfa36437ce9bb230","sha256":"8f6562f44f37c5db5016e87089bdfbcb10614256644d6c44b7e85482852ac82f","sha512":"83f15bee901b24e6f4c94184aa9ee1f4948e04eefd0e05b201b7e6f35dbf3297f8a81412deff55e8f3ba51f5a9943a1b9c847706044ff2081b227abf371e72d1","ssdeep":"768:XyD+Kue4Xzjc1DLMnueR3F/8RIJnGDFvM1vSMvMazRrba47jb+ty6OYMlgm:je4jjc1DLMnueR3F/8RIJnGDFQxNzRrd","tlshash":"eae2a4e486162ca366d9ae857dc34c9c15ac1f47c26230081befed45f47e91f5abb02e","first_seen":"2025-11-25T06:42:06.178959Z","last_seen":"2025-11-27T04:59:19.241449Z","times_seen":9,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/compressorjs/1.2.1/compressor.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:59.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/compressorjs/1.2.1/compressor.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 3943\r\ncf-ray: 9a45a5862ffa75ab-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"63fe81a2-f67\"\r\nlast-modified: Tue, 28 Feb 2023 22:35:14 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 334428\r\nexpires: Mon, 16 Nov 2026 01:34:59 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=lSEGRQUfIdBJieJyGHNsv7L8OEP0dySMi6W9uAjL9TMaUQQ4Z1tfjvu7RaF3Phs1BR6ncC1f1s4fsSWW%2FcOkwf%2BxlKA3zlxsAteumZJovv2beISXyQ1Ulc5207bIVn%2BbWyzAJBLa\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10663,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (10470)","md5":"8486526e5f5162882691ecc24a6a8ea4","sha1":"73fdc423f6adead042bcc65db6884a5d006f4578","sha256":"fd1b40a1808fb4901bb33f0905305af2e435442ada7afc74f81b0a96f0242f03","sha512":"32061e6058fc4774baaef647889d7103d70cfd50c6713e1e451150c0603ba833fb3476e758a366026dbccf42d58ceb94aa30f44fd271a4331d56ab193921da48","ssdeep":"192:1T7WZaQUCEUqlnRdI/i/Dh/jep3QHJzKGJJ9A+uYaVPKEpw+f:11UqtRdndKkJ2yJ9ApKA","tlshash":"81222ba83110b092507361e9807f450b7132ba391695c550b325dadaacb48df73bffb7","first_seen":"2023-05-08T15:21:30Z","last_seen":"2026-04-06T00:47:51.373263Z","times_seen":575,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":32,"dns":0,"connect":3,"send":0,"wait":17,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bm398.com/m/chunk-common.9f897a9c.css","fqdn":"www.bm398.com","domain":"bm398.com","tld":"com"},"ip":{"addr":"172.67.194.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:34:58.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bm398.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 16:25:28 GMT","end":"Wed, 21 Jan 2026 17:23:59 GMT"},"fingerprint":{"sha1":"CE:42:7E:D1:DA:BE:0D:B8:30:5F:9B:DE:88:57:6C:BF:DF:CE:60:FD","sha256":"03:E4:C5:45:6E:6B:6D:74:D1:82:0E:A8:10:7B:65:E9:C4:34:8B:D7:61:22:78:60:DE:FF:40:CB:24:E9:E8:0C"}}},"request":{"raw":"GET /m/chunk-common.9f897a9c.css HTTP/1.1\r\nHost: www.bm398.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:34:58 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 20 Nov 2025 13:02:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691f115c-31b75\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Tue, 25 Nov 2025 13:05:01 GMT\r\ncache-control: public, max-age=86400\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nage: 74669\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OFPECkjtfe8sESoa5Wppw438RXupwO9rOLoaW4HdpIteBXMKjcl52yJ581If9JhgpCKxc4yp7P8H9OfePA0HC1z4BjBRcZo0RWYt5EE%3D\"}]}\r\ncf-ray: 9a45a57e4fa24e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":203637,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65365)","md5":"9f897a9c1951be18264f122706c404d0","sha1":"f70f5944383da41215594818932186f3ffb64761","sha256":"f2be5ea2ae0cc0981a327433c4ae12f32ebf2f4456b5b7d95d20f18488a4778e","sha512":"ea8bfaf29fc9ccb981cac09b78215183657c92c250f2dcb24ee390fbf4901fb1778fdb5c87add2b8b6959538bb5338a4dc405e180ab93d92d2ea0d50960b52d1","ssdeep":"6144:VkZ8wh1nAukdDO3Xyr5Ir5el0dTYsmDxox5W6Y3HQRmQrTcVQs0:mZ8wh1nAukdDO3Xyr5Ir5el0dTUy/cid","tlshash":"d914a8ba45911619912b4f739bdc4e98463dc562d6231cee73036c0fc7c7bea239a217","first_seen":"2025-11-22T16:37:36.071407Z","last_seen":"2026-01-13T10:36:26.59439Z","times_seen":8,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"www.bm398.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.5204495.com/mcs-images/announcement/bm39mmkf7/1763895838090_%E0%B8%9D%E0%B8%B2%E0%B8%81%E0%B9%81%E0%B8%A3%E0%B8%81.webp","fqdn":"images.5204495.com","domain":"5204495.com","tld":"com"},"ip":{"addr":"104.18.9.245","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bm398.com/m/home?affiliateCode=proads01\u0026cid=w4thi1a12f2p11ee348m4ri4","date":"2025-11-26T01:35:01.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"5204495.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:46:05 GMT","end":"Sun, 15 Feb 2026 17:43:42 GMT"},"fingerprint":{"sha1":"C8:40:4E:11:B6:D1:FB:2F:0B:FF:03:7A:D6:D7:19:8C:FA:DF:E9:47","sha256":"5D:B0:08:7B:54:DE:3D:64:CE:B7:DC:C0:5F:14:5B:07:79:F7:80:48:40:19:DA:3B:15:2B:20:7A:D8:08:57:EE"}}},"request":{"raw":"GET /mcs-images/announcement/bm39mmkf7/1763895838090_%E0%B8%9D%E0%B8%B2%E0%B8%81%E0%B9%81%E0%B8%A3%E0%B8%81.webp HTTP/1.1\r\nHost: images.5204495.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bm398.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 01:35:01 GMT\r\ncontent-type: image/webp\r\ncontent-length: 476056\r\ncf-ray: 9a45a5935ab72efa-OSL\r\nlast-modified: Sun, 23 Nov 2025 11:03:59 GMT\r\netag: \"6922ea1f-74398\"\r\nexpires: Sun, 30 Nov 2025 11:05:33 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 224876\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":476056,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0cbfbab05b50f848642c765f24d46803","sha1":"93e695a24a4953e96ebbd5d25ffe8f95f7683df8","sha256":"7439ac2ddedf01b6e0b82b73c34c7dd37ce89cf6b29436ec18018a0e3c65e2d3","sha512":"68dc8fd28b5b88e02bd337bbfe6842820c35a4171434fa6c4a75cf77666f802ef3824044c4efd32d5e2af08874a8cc160240cf5bc028a32853b6d9c5fb9fb909","ssdeep":"12288:v9Odv7e7NbqO2OlNhaA94hRy1s6/Xe2nKNBeO/5a1WT1qllBr:v81OPlt8msEnKNBd/oC1qlT","tlshash":"0fa42377f312a6e0d0f5c8b2798961b5931dc3c2c13d59ac218ad5523cbe7bbc9068da","first_seen":"2025-11-25T06:42:06.185211Z","last_seen":"2026-03-08T20:41:40.044201Z","times_seen":19,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"images.5204495.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}