{"report_id":"f584b426-e753-4ff4-94c7-f99c26a3dde9","version":6,"status":"done","tags":[],"date":"2025-08-01T16:42:39Z","url":{"schema":"http","addr":"www.tfc0b3te.com/2LFFX4Q/32PF9MP/?sub1=1_402551_267312\u0026sub2=1027_71810_597198_6\u0026sub3=1010514473_tvrnjb","fqdn":"www.tfc0b3te.com","domain":"tfc0b3te.com","tld":"com"},"ip":{"addr":"34.98.80.218","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"title":"manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7"},"submit":{"url":{"schema":"http","addr":"www.tfc0b3te.com/2LFFX4Q/32PF9MP/?sub1=1_402551_267312\u0026sub2=1027_71810_597198_6\u0026sub3=1010514473_tvrnjb","fqdn":"www.tfc0b3te.com","domain":"tfc0b3te.com","tld":"com"},"ip":{"addr":"34.98.80.218","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-05T16:42:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-01T16:42:17Z","timestamp":1754066537,"ip_dst":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.4","port":35916,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)","source":"{\"timestamp\":\"2025-08-01T16:42:17.064072+0000\",\"flow_id\":1821692903666533,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":35916,\"dest_ip\":\"192.0.78.26\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2855174,\"rev\":1,\"signature\":\"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_24\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_24\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_08_24\"]}},\"tls\":{\"sni\":\"href.li\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":753,\"bytes_toclient\":3864,\"start\":\"2025-08-01T16:42:17.045925+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"shulives.com","ip":{"addr":"208.116.59.132","port":443,"asn":25653,"as":"FORTRESSITX","country":"United States","country_code":"US"},"domain_registered":"2024-11-13","domain_rank":0,"first_seen":"2016-01-01T17:20:42Z","last_seen":"2025-07-20T15:15:03.480963Z","alert_count":0,"request_count":1,"received_data":503,"sent_data":661,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.12.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"manageuberquickthe-file.top","ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-27","domain_rank":0,"first_seen":"2025-08-01T16:42:39.302613Z","last_seen":"2025-08-01T16:42:40.796501Z","alert_count":7,"request_count":7,"received_data":176509,"sent_data":4320,"comment":"","tags":null,"fingerprints":[{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.tfc0b3te.com","ip":{"addr":"34.98.80.218","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2025-01-21","domain_rank":0,"first_seen":"2025-07-25T17:13:21.223314Z","last_seen":"2025-07-25T17:13:21.223314Z","alert_count":0,"request_count":1,"received_data":997,"sent_data":570,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"href.li","ip":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":36866,"first_seen":"2012-05-22T12:39:06Z","last_seen":"2025-07-25T23:04:48.475777Z","alert_count":0,"request_count":1,"received_data":1016,"sent_data":590,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"url.bestoffersfind.com","ip":{"addr":"54.196.173.211","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2024-08-19","domain_rank":0,"first_seen":"2025-07-25T15:04:33.196367Z","last_seen":"2025-07-25T15:04:33.196367Z","alert_count":0,"request_count":1,"received_data":20804,"sent_data":541,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"aff.mcftracker.com","ip":{"addr":"172.67.211.237","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-09-08","domain_rank":0,"first_seen":"2022-09-08T16:46:31Z","last_seen":"2025-07-25T11:18:22.309194Z","alert_count":0,"request_count":1,"received_data":20937,"sent_data":591,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-01T16:42:17Z","timestamp":1754066537,"ip_dst":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.4","port":35916,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)","source":"{\"timestamp\":\"2025-08-01T16:42:17.064072+0000\",\"flow_id\":1821692903666533,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":35916,\"dest_ip\":\"192.0.78.26\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2855174,\"rev\":1,\"signature\":\"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_24\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_24\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_08_24\"]}},\"tls\":{\"sni\":\"href.li\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":753,\"bytes_toclient\":3864,\"start\":\"2025-08-01T16:42:17.045925+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"34401ce301e4af0d92b29654b9b580fa","sha1":"c2dbb60e0b75ac9f6eacea96a65a740b3b832a6d","sha256":"dff06ff33c18765b8a49eb48f70b2b102ba9a7b20d4dc24c5a8169daf8fd1063","sha512":"8eccb32a95fc9121a1567474fa5df45150097f040308b129466d2de3aeb27700f6c812d2b856a10ab63fa94bdd722168f98718fb2c752b1574a69b6fe138494d","ssdeep":"","tlshash":"39d08cc888c70a00c217398281394027722812a2a57e48a93e3ce3a0cb3358ad04cced","size":261,"data":"","first_seen":"2025-06-10T12:56:31.113545Z","last_seen":"2025-11-18T18:40:34.373203Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"1f0fe184fd2a8b8ed9058c32f1704cee","sha1":"9101fb2283bc209debf40795525093b68a83f51b","sha256":"be43400e83aba5adf687d7f1507d1269ea953103ce0ab6aabd2daa4778ae14af","sha512":"318ee7f6374a3b872673292bc9e21bd83530e659238176d15cc2488a93d21196ee8eee149c4cd9165c2b308468defc679c3d48a2d3db728adbfd7659ba2a6723","ssdeep":"","tlshash":"4db09bc458c65900c21335a1c03a643762351671917d45651a3db3549533116f15cc5d","size":129,"data":"","first_seen":"2025-06-10T12:56:31.12419Z","last_seen":"2026-05-14T07:16:43.139153Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"edef3a17f092003fd750a2c7c7cda4d9","sha1":"cb4fbf347534bbf53602b35ecbb3b60f45d957db","sha256":"37324d699b87238c5da3d05d46fb2d356f3a90505d7eb7121891c54e5d5227ab","sha512":"3f6b06e6e0b8695155979cb56b499ad0c752fa3129fb7a3f34e56055a749679310cf4b18b6b191bfe2090956687e79148a33bd7a29f47a9e1bf9d021259bedaf","ssdeep":"","tlshash":"35c08c880ceb2910c21b35d3903a982b312417b3867e48693b3ca3949bb301ad1accad","size":185,"data":"","first_seen":"2025-06-10T12:56:31.120465Z","last_seen":"2025-11-18T18:40:34.35841Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"7bd7f1c4252a6d03c301075ec84a0941","sha1":"7c9861dc4db7f4411207b6a36a0e0077576cc7e7","sha256":"e743a93ddb4c0a84f42683e324dba0b2a7f7b02074da76b5ddab52c827b7368b","sha512":"9ceafa0f3a69dedcf25946a3890b7445c2a969026c0b0160ab6b8551b2890abc53e58f76a76135879bd245dde647b27460ebda61bb3d627768eb5b83ee086712","ssdeep":"","tlshash":"5dc09bc45cc66900c31739e2d03e953b61345771927d4465173da3d4957311ad15cc9d","size":134,"data":"","first_seen":"2025-06-10T12:56:31.127117Z","last_seen":"2026-05-20T08:21:33.504025Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"98d8a0d61c2786079247eca3d4d2f012","sha1":"47b00b337e6fee5db590d77dd213399984dad659","sha256":"74d339b2275fe907947001016115c5206c5879f484440b77ae552a84cec5290e","sha512":"51db515fcf221e7d9e8c41bcbb3791d3ca04ae9eec0e029b076f831c80aa78f12b9c9a2e20ef447dc8ca40cfbdbc5af771f2787dadd4c49be71765d7c3badb70","ssdeep":"","tlshash":"e3d08cc888c71a00c217398181394037722812a2a57e48a93e3ce3a0db3314ad04cced","size":261,"data":"","first_seen":"2025-06-10T12:56:31.118538Z","last_seen":"2026-01-24T19:42:52.44974Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"4f234b8e6e9fc26c5969ca10ed333c3b","sha1":"552b12d15bfed27e7cc3f153f7a320ceb350b48b","sha256":"c1a67c0a4dfe02ef95d69eda40225ffb5957044a502427425f542684eb1f07a6","sha512":"320b59c30900068d95d4b008d0a38cf52e68de114bffd3b254373733d365163520703c545380744464b27ee8e3f87f136699242cb266c39f728bdc95280dc784","ssdeep":"","tlshash":"91c02bc048c20900c30339c1c039503b22381230807e48642b3ca354c173106d04ccad","size":138,"data":"","first_seen":"2025-06-10T12:56:31.125679Z","last_seen":"2026-05-24T22:01:06.828439Z","times_seen":29,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"c16150690afc2a51fa878fd65532bda8","sha1":"0b6425fd3ed1c13fadd68ddfbed78532c46a5b17","sha256":"86e15cf2ba1293fdd7a354e53b00168df3ab493f459af6729f5bc72106af271c","sha512":"e670624c615befe45b966795aeafcda97c4a1e29a3c4bac031be62fa937c9cca302218659d1cfafff49a9297a8051a391b0bf1afb3911fe320517362d1944647","ssdeep":"","tlshash":"d3c02bc038c20900c2133490c239543b317d3321c0be4864163df390a233007e00ccde","size":137,"data":"","first_seen":"2025-06-10T12:56:31.108779Z","last_seen":"2025-11-18T18:40:34.356379Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"741a58dd2a12a99fd30b053da7a639d0","sha1":"d554f8021a3cbf64e7fcf06a83e5fe66d7fe1197","sha256":"213e9f5825e109f36f0621d637d6f4c85fd2fa5831c8ab2b6b055b96ac839968","sha512":"590baf0383eb512402cd1feae58aefe75cdcdbc0c0e3d77739a47e0e2b3c8c2657d2031f2d5ed9835b2261ba619128d5620a21791b6542ae48892da0b5a3d854","ssdeep":"","tlshash":"66c08c984cea2910c20b35d3d0ba8837312416b3817d48693b3ca3d49bb300ad06ccad","size":164,"data":"","first_seen":"2025-06-10T12:56:31.110618Z","last_seen":"2026-01-24T19:42:52.43261Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"51dd4e9b09da768c7c8bc586211af2eb","sha1":"fc2a25fea7e86af3b15cf33f11a229866370c6de","sha256":"7301ebd1f7c4906f83d13f737a625edd773e26c32cc135e9177e13a7706997eb","sha512":"ee6b5ec79a65a907180fa9d4436ee34d31af38cb1e0f19e42572054025323b293903846f1b8eb08c70c44e21e59e39765ba234d956ad214c8ab5b16b12358b98","ssdeep":"","tlshash":"b7d08cc888c70a00c217398581394027722822a2a57e48a93e3ce3a0cb3314ad00cced","size":261,"data":"","first_seen":"2025-06-10T12:56:31.122759Z","last_seen":"2025-11-18T18:40:34.373702Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad8c1b0c9c26083634ef70adee9bacfb","sha1":"a55000c113c41780a200381852034f6daf8d5a66","sha256":"9d090b64325455b674d11bb46d0fe9f610beeea72f70cc9efa27e29108432dc7","sha512":"4c5e9275d75fa1ef006e74fe5de9134240ed8b143c2f792a129e952763353d08680fa1969deed5aa1f0e47d841c278cb42d9fec634bdebdb393bfae5819643c2","ssdeep":"768:+ogYDI9igu3cdAjOXFEn6rqIMWpcuD045NRCYvZShZaBSBrQWm:+ogkIsd3wAf6rqIMWpcuD0473chAM9m","tlshash":"4c532d4ab6e320309223f0395a5fd90e7735540f1989fe583a4c52666f8ca3da7f1bd8","size":64277,"data":"","first_seen":"2025-06-10T12:56:31.088278Z","last_seen":"2025-11-18T18:40:34.330242Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a64ddbb49e047fb5187111359cd82100","sha1":"fd3ab324fde8ac1cf7887205d8514e147552dc59","sha256":"6d4bc7943ecccb181ffbd92f4e112e0b7f56f3b1fccd0bff9198a69884b9e64b","sha512":"2f175d25a4229e2e05b90c074144d09be5db24e95035b7781e7cbdee422c45d29339b17017359817564a6d0736caf0fd2ca3e0b855f6bb3f8349964e125c6059","ssdeep":"","tlshash":"d841fb08a7fb04646623903d4eee854a2235051f598b9e647e1c15c0afc6f7db1f0fe4","size":1998,"data":"","first_seen":"2025-08-01T16:42:41.906516Z","last_seen":"2025-08-01T16:42:41.906516Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"863bc417fd7d1e30526c8faa51b944ed","sha1":"c27ae373a5e5945bea54847152654afc4a715223","sha256":"bd8cf3150560223899d908e0a9fae58e4bc1e85104d3f1ba436766ec06070d84","sha512":"f07fdd2150e389025eae1c08b6936cddf538cd32728bd35a50f4b957ec48019b576f2708d724f02f8488a88b3ede464a89662e5450445e13312b84bbffbf631a","ssdeep":"","tlshash":"d6d08cc888c70a00c217398191394027722816a2a57e48a93e3ce3a0cb3318ad10cced","size":261,"data":"","first_seen":"2025-06-10T12:56:31.112089Z","last_seen":"2026-01-24T19:42:52.438786Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"1ada05f08ed554cbbf1987b866ca20c9","sha1":"4407e145fec5f0c934c3521c778216416ec7e9e6","sha256":"37df9e171ebcb77811b7766e58329614dd09998c39f6808637c5e356434b2bfd","sha512":"2a9536e4730a1ee9a10a06268dc958e0e52be99e6e0dc9fadeea9d710ada6c92879939d0da49efe16efb353079cab826a69421b1f1983b3e3008e01948a79e4c","ssdeep":"","tlshash":"8dd022c804812900820b3780802e50322238b76c62bf88b8253d976484f3586d00cc6d","size":198,"data":"","first_seen":"2025-06-10T12:56:31.115097Z","last_seen":"2025-11-18T18:40:34.374549Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"f3b36850f807aef4acad58e895d36039","sha1":"902cb6a78a67f05882f2f3c81360008f43d86d87","sha256":"0b3b4d2f6c45ac82be93c1f4f0bcfa1326531c6cc0b1d203655eafc72250ddfd","sha512":"bda33877d723ae5343af157b59b7cfcc644bcf86171fcde47498f5432fb0ce82e811951f6dffaf95544624bb1c71899fdf152a80d72203a8968150070d8b0d3f","ssdeep":"","tlshash":"05c02bc00cc62910c30739d2c03b893761342331827d4865173df390907300ad02ccdd","size":140,"data":"","first_seen":"2025-06-10T12:56:31.12869Z","last_seen":"2026-01-24T19:42:52.430663Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"a7b50bcb87d1f78677d14aad4b9e88ec","sha1":"77777fe18cf1afa78c711ef65472ee85d638f4c7","sha256":"da2b4f47389f332181a2550910e5cb189f0c2ce5933fe5274e6fedae3ea812ea","sha512":"82f3572c223a2881e8e09ecb65af62dff820ee52f561eb3e00d9f81a440475820a117bc31e585f2d0d3ec9e7c736c04ddf42cff72a72acc75ed73a59e7c4e297","ssdeep":"","tlshash":"8fd08cc888c70a00c257398181394027722812a2a57e48aa3e3ce3a0cb3324ad00dced","size":261,"data":"","first_seen":"2025-06-10T12:56:31.117026Z","last_seen":"2026-01-24T19:42:52.439577Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"shulives.com/x1fmQj2mETNi7gWlvxsZcyWDv1C9IxKV6mvBXtQTEl5BJRsNMHbWahJE_atLFIiGDItA5kNJ5iB6_ja9515dPw~~/1001/cc992877529244898b4aec08dda6711d/1_402551_267312/1027_71810_597198_6/1010514473_tvrnjb","fqdn":"shulives.com","domain":"shulives.com","tld":"com"},"ip":{"addr":"208.116.59.132","port":443,"asn":25653,"as":"FORTRESSITX","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T16:42:16.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shulives.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Jun 2025 10:07:50 GMT","end":"Fri, 12 Sep 2025 10:07:49 GMT"},"fingerprint":{"sha1":"9F:4E:4A:94:D0:AB:52:55:BC:00:0C:76:8F:8D:57:D4:CE:90:80:EB","sha256":"E7:87:2E:E8:C6:20:DB:8D:67:4C:62:9D:58:61:66:1E:9B:B6:71:1F:C0:82:48:BF:6F:E0:0F:C8:F4:EF:D9:BD"}}},"request":{"raw":"GET /x1fmQj2mETNi7gWlvxsZcyWDv1C9IxKV6mvBXtQTEl5BJRsNMHbWahJE_atLFIiGDItA5kNJ5iB6_ja9515dPw~~/1001/cc992877529244898b4aec08dda6711d/1_402551_267312/1027_71810_597198_6/1010514473_tvrnjb HTTP/1.1\r\nHost: shulives.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 16:42:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: nginx/1.12.2\r\nvary: Accept-Encoding\r\nset-cookie: uid3039=482730324-20250801124216-8e645a75916a2af33a9a6ba307da5cbe-; domain=; expires=Fri, 01-Aug-2025 17:42:16 GMT; path=/; SameSite=None; Secure\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.12.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":161,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"2213e0f397da6ca431a871a12fcd2956","sha1":"ba67154c2846731289f4ac059b5fdaa953680067","sha256":"d5d818bf0d93de05eb33d7912203473522e8e2c3cb28bee033fc379188338772","sha512":"7f85668d91f82a2f84115e8422c1885a134fb8f6850a1952d8f169423576223434331c97bddf4cf3e8947348078b98126e466e153ac4c31535893399d7a1956b","ssdeep":"","tlshash":"89c08cd78e89aaac825808e2c09af81dc49783e89d04d869c2a080f0a2017ca0e1cd8a","first_seen":"2025-08-01T16:42:41.853507Z","last_seen":"2025-08-01T16:42:41.853507Z","times_seen":1,"resource_available":false,"data":null}},"time_used":691,"timings":{"blocked":236,"dns":25,"connect":99,"send":0,"wait":219,"receive":0,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T16:42:18.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manageuberquickthe-file.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 26 Jul 2025 23:08:22 GMT","end":"Sat, 25 Oct 2025 00:06:59 GMT"},"fingerprint":{"sha1":"11:D9:EF:F0:3A:BD:E6:BB:E1:E9:63:9E:6F:AC:8F:F5:37:C1:79:A7","sha256":"12:8A:49:F2:09:D1:1F:F0:CD:0D:08:E4:6A:16:E6:17:5F:00:FC:E0:22:BF:4E:D8:ED:3C:1B:BC:64:15:71:5D"}}},"request":{"raw":"GET /Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7 HTTP/1.1\r\nHost: manageuberquickthe-file.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 16:42:18 GMT\r\ncontent-type: text/html\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version\r\naccess-control-allow-credentials: true\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cQl1RfvndDu1nIsh91vt0ytR9DWcKp4xzQjmUDLIHuRoekRtXc8dlrGd%2F1w90XZfoRXPyTl5gZl1fKzQizdNuD2xhp5d8%2BjimuZmlzXku5iBNxzxDFkBb7E%3D\"}]}\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nserver: cloudflare\r\nset-cookie: session=xN9uhbJfcTaE8jp-rzxZnFK5RV2Q03xg; SameSite=None; Secure; Path=/\r\ncf-ray: 9686c9b9cedab4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20147,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (11830)","md5":"b7a46e0405062d05b6570ff9d67d94a1","sha1":"f68da1808439d6cfbc67e9a53d98ef46a9bbaa62","sha256":"896a7076c8b8208b91891de3512228c77d5d813c3d1ede2c74a309a848f6db79","sha512":"5b78932d9da54740ba51e37e494489714006a9789d1c98d99c36c368d029fd8e8b3559004059a842ba174748e839df718e3070c653c5495e2dff59ac3c53c504","ssdeep":"192:jHlrOgf9vMYbkBxUieY7FLZrhQoO9+VIIV1cVhc7W:rpOq9kNBxQY7v1QoO9gIIV1cVl","tlshash":"6c92a731c855142af163c19972b1af8f7165c00ae6230b6ebbacb718cfc7ddb9561744","first_seen":"2025-08-01T16:42:41.856878Z","last_seen":"2025-08-01T16:42:41.856878Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1001,"timings":{"blocked":322,"dns":304,"connect":1,"send":0,"wait":357,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/15026/pop-img.png","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","date":"2025-08-01T16:42:19.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manageuberquickthe-file.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 26 Jul 2025 23:08:22 GMT","end":"Sat, 25 Oct 2025 00:06:59 GMT"},"fingerprint":{"sha1":"11:D9:EF:F0:3A:BD:E6:BB:E1:E9:63:9E:6F:AC:8F:F5:37:C1:79:A7","sha256":"12:8A:49:F2:09:D1:1F:F0:CD:0D:08:E4:6A:16:E6:17:5F:00:FC:E0:22:BF:4E:D8:ED:3C:1B:BC:64:15:71:5D"}}},"request":{"raw":"GET /lp-media/15026/pop-img.png HTTP/1.1\r\nHost: manageuberquickthe-file.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\nCookie: session=xN9uhbJfcTaE8jp-rzxZnFK5RV2Q03xg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 16:42:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 2016\r\nlast-modified: Wed, 14 May 2025 08:19:12 GMT\r\netag: \"68245200-7e0\"\r\ncache-control: public, max-age=86400\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nage: 33078\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=meWWGW5%2BoQwYDcsaQaQ8a33v9vJFzI9W1vA4cuUvql2Pm9Dr1R9GK5AL6hLB9I98uyYNZm9ibo4v0e8CTSUW8LdrTQYgLn%2F68kGyDyr9cge61cDYxVdjfqY%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9686c9bd3ba7b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2016,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"5640ac07a1de3a84a12346b2375c07c4","sha1":"54b580e4bee93cf0428bf1ab7a17bcb1f124cfd9","sha256":"8dd11a30ea3b83edb618a3d62ce501623eab675dd09b460360289cf84f9b7281","sha512":"5d03336b8ea75553e47e97e0c5b7f548d4f909d7fcdbaf280b621fbf0d411beafca159097cbb13115a0544787fee2f480dfc819fb0e1c5d4c03e4bfd19edaa55","ssdeep":"","tlshash":"1b41f60ee5f1acc0961eac9636fe107788631940d4e1a472fadb8c9e1d203759d8b5ca","first_seen":"2025-06-10T12:56:31.10173Z","last_seen":"2025-11-18T18:40:34.346888Z","times_seen":20,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/15026/icon2.png","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","date":"2025-08-01T16:42:19.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manageuberquickthe-file.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 26 Jul 2025 23:08:22 GMT","end":"Sat, 25 Oct 2025 00:06:59 GMT"},"fingerprint":{"sha1":"11:D9:EF:F0:3A:BD:E6:BB:E1:E9:63:9E:6F:AC:8F:F5:37:C1:79:A7","sha256":"12:8A:49:F2:09:D1:1F:F0:CD:0D:08:E4:6A:16:E6:17:5F:00:FC:E0:22:BF:4E:D8:ED:3C:1B:BC:64:15:71:5D"}}},"request":{"raw":"GET /lp-media/15026/icon2.png HTTP/1.1\r\nHost: manageuberquickthe-file.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\nCookie: session=xN9uhbJfcTaE8jp-rzxZnFK5RV2Q03xg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 16:42:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 3263\r\nlast-modified: Wed, 14 May 2025 08:19:12 GMT\r\netag: \"68245200-cbf\"\r\ncache-control: public, max-age=86400\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nage: 41022\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T5VNNe2sqh98ovBTxmYnKY91i95w%2FBavpuDt%2F5TSUTjMH2Qn7atpPI8Is3tADWbmqy5U%2FOKlu7eLncNrloO6kYDi4Z471GGdsnTjLGV2ZSgDKGA2umOSW0I%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9686c9bd3baab4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3263,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 248 x 248, 8-bit/color RGBA, non-interlaced","md5":"f65790c0ad497bb917360b357c437794","sha1":"d67c62fbc929597a6a5c21537a0ac191e009a031","sha256":"554a124de9c1c0ebb0ef6d6eaa524edaa0d28c3bb916be141eff4c3ba8db251a","sha512":"cb9ad7789af11f7f7138175e7646661e01407175bc945882671abef937028343e43b0d984b632078f2f9d3009495b6cb049d4a75c2e765fec17d9d030bdd5f4f","ssdeep":"","tlshash":"49610a89b6f0185498ff626023d90d37c8037640eea0fe66be8dd3136676364893a44f","first_seen":"2025-06-10T12:56:31.092171Z","last_seen":"2025-11-18T18:40:34.35352Z","times_seen":20,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/15026/icon-1.png","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","date":"2025-08-01T16:42:19.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manageuberquickthe-file.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 26 Jul 2025 23:08:22 GMT","end":"Sat, 25 Oct 2025 00:06:59 GMT"},"fingerprint":{"sha1":"11:D9:EF:F0:3A:BD:E6:BB:E1:E9:63:9E:6F:AC:8F:F5:37:C1:79:A7","sha256":"12:8A:49:F2:09:D1:1F:F0:CD:0D:08:E4:6A:16:E6:17:5F:00:FC:E0:22:BF:4E:D8:ED:3C:1B:BC:64:15:71:5D"}}},"request":{"raw":"GET /lp-media/15026/icon-1.png HTTP/1.1\r\nHost: manageuberquickthe-file.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\nCookie: session=xN9uhbJfcTaE8jp-rzxZnFK5RV2Q03xg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 16:42:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 55296\r\nlast-modified: Wed, 14 May 2025 08:19:12 GMT\r\netag: \"68245200-d800\"\r\ncache-control: public, max-age=86400\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nage: 41022\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E1tD6vy%2FArWJ7xhCLpjialFXfL1j0eaEsYDkl7lLGZYtQj8YcCRoI92%2FTOudyu5Nf27px%2BskFhOUL75xNvCkYbR2VGC%2FSvRupopQTYKr2UTiX522hT7%2B1oQ%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9686c9bd3baeb4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55296,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 248 x 248, 8-bit/color RGBA, non-interlaced","md5":"b36a3f495dda2dfb8e4c98c09533c4df","sha1":"de781837a1257138f26cc316047a15ee22d60c86","sha256":"ff00b7546e07d28c49fd888ac7b8a6d44996346725cda90faceecf154ebf0b54","sha512":"2be4c1522f2a6cc2f2678d7c82ddd2448fbfa09de2c5ff80a73cb4a023a207ae3c6d13133cb218c90cf69541e3a49c171046a4989086a0e005c6530dee2130be","ssdeep":"1536:gXqffBbCLKkFOLI3pI/4z8bKO8CSFkq/uURt19hiaB1Gs:g6RewAp6V0WURH9IYos","tlshash":"19430191d7e5cb0131efc9aef8447f82fe29d1553498e085fc142a619de92e38b5ea03","first_seen":"2025-06-10T12:56:31.103973Z","last_seen":"2025-11-18T18:40:34.329014Z","times_seen":20,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/favicon.ico","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","date":"2025-08-01T16:42:19.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manageuberquickthe-file.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 26 Jul 2025 23:08:22 GMT","end":"Sat, 25 Oct 2025 00:06:59 GMT"},"fingerprint":{"sha1":"11:D9:EF:F0:3A:BD:E6:BB:E1:E9:63:9E:6F:AC:8F:F5:37:C1:79:A7","sha256":"12:8A:49:F2:09:D1:1F:F0:CD:0D:08:E4:6A:16:E6:17:5F:00:FC:E0:22:BF:4E:D8:ED:3C:1B:BC:64:15:71:5D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: manageuberquickthe-file.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\nCookie: session=xN9uhbJfcTaE8jp-rzxZnFK5RV2Q03xg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 01 Aug 2025 16:42:19 GMT\r\ncontent-type: text/html\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=gI6r4vOi%2BdryMBBrdnJPPezYUMB0RCXvaQIciNdu7uT4Nqa3kPbK2qpqBQ5lxzxF021gtf4uJ%2BN4RwtZWpeY%2Bo2MVJfGiFJGa%2FkTSFu6oUHr7b6F88XQvvDHQRJp%2F64JGFJrV0n6YB2k4vJ7MWQ%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\ncontent-encoding: br\r\ncf-ray: 9686c9be3d4d0afa-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=4957\u0026min_rtt=641\u0026rtt_var=4175\u0026sent=47\u0026recv=63\u0026lost=0\u0026retrans=0\u0026sent_bytes=7026\u0026recv_bytes=4168\u0026delivery_rate=373331\u0026ss_exit_cwnd=0\u0026ss_exit_reason=0\u0026cwnd=18117\u0026unsent_bytes=0\u0026cid=041a5183327ad930\u0026ts=715\u0026inflight_dur=32\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"ec1a5a7229110c027a7d2239e8e2319e","sha1":"11d3e60650be0aad32390f916bbe05dccab7bf1c","sha256":"596a7877daab309e06612012bc9e22cb94827f4aa2de86b62f449e25022f3e79","sha512":"895fea5012d04a5dafe312a91373628ce5e2267aad9e0aa3cfc3b5625755be3088ed9933ffb37bd1cdbaa268e61c32778ba9c000ace60c918565f8edb31672d6","ssdeep":"","tlshash":"a1c02b2d39137c4cc663317822c37481c0c6837764ba41128400800331cf2998ac3397","first_seen":"2023-04-07T01:20:13Z","last_seen":"2026-05-14T23:55:02.295224Z","times_seen":395,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":372,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tfc0b3te.com/2LFFX4Q/32PF9MP/?sub1=1_402551_267312\u0026sub2=1027_71810_597198_6\u0026sub3=1010514473_tvrnjb","fqdn":"www.tfc0b3te.com","domain":"tfc0b3te.com","tld":"com"},"ip":{"addr":"34.98.80.218","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T16:42:15.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tfc0b3te.com","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Sat, 12 Jul 2025 21:04:55 GMT","end":"Fri, 10 Oct 2025 22:00:50 GMT"},"fingerprint":{"sha1":"4D:0E:5E:2C:06:61:F5:B7:A4:EF:14:87:13:8B:10:19:E1:51:F6:32","sha256":"ED:B5:6F:0E:7B:7F:E9:9E:BE:64:D7:57:ED:17:39:D1:90:22:C6:B1:57:37:E3:EA:C2:9A:33:D3:5A:E0:8A:8B"}}},"request":{"raw":"GET /2LFFX4Q/32PF9MP/?sub1=1_402551_267312\u0026sub2=1027_71810_597198_6\u0026sub3=1010514473_tvrnjb HTTP/1.1\r\nHost: www.tfc0b3te.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 01 Aug 2025 16:42:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 224\r\naccept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model\r\nlocation: https://shulives.com/x1fmQj2mETNi7gWlvxsZcyWDv1C9IxKV6mvBXtQTEl5BJRsNMHbWahJE_atLFIiGDItA5kNJ5iB6_ja9515dPw~~/1001/cc992877529244898b4aec08dda6711d/1_402551_267312/1027_71810_597198_6/1010514473_tvrnjb\r\nset-cookie: uniqueClick_32PF9MP=75a1797a-7bad-4b88-b8d4-5fbc8f6f47f8:1754066536; Path=/; Expires=Sat, 02 Aug 2025 16:42:16 GMT; Secure; SameSite=None\ntransaction_id=cc992877529244898b4aec08dda6711d; Path=/; Expires=Thu, 30 Oct 2025 16:42:16 GMT; Secure; SameSite=None\r\nvary: Origin\r\nx-eflow-request-id: bbc61869-edab-4c1a-b070-57a834060c9a\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":161,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T18:31:00.561381Z","times_seen":15971922,"resource_available":true,"data":null}},"time_used":658,"timings":{"blocked":251,"dns":9,"connect":26,"send":0,"wait":155,"receive":0,"ssl":213},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"href.li/?https://url.bestoffersfind.com/cmp/R2S9XH/717L7N/?source_id=540215\u0026sub1=482730324","fqdn":"href.li","domain":"href.li","tld":"li"},"ip":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T16:42:17.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tls.automattic.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 13 Jul 2025 18:43:14 GMT","end":"Sat, 11 Oct 2025 18:43:13 GMT"},"fingerprint":{"sha1":"5B:94:A4:A9:A1:E6:6A:8B:EE:20:93:81:D3:F0:7F:25:D3:5C:9D:0B","sha256":"C8:BD:83:B4:3E:E8:ED:A2:5E:EE:CF:60:23:C6:3B:E9:10:EB:91:0F:DC:33:35:3F:3F:6F:CF:42:5C:5B:3C:2D"}}},"request":{"raw":"GET /?https://url.bestoffersfind.com/cmp/R2S9XH/717L7N/?source_id=540215\u0026sub1=482730324 HTTP/1.1\r\nHost: href.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shulives.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 01 Aug 2025 16:42:17 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\nx-ac: 4.arn _dca MISS\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=MISS;dur=116.0\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":680,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"d865e3c932c2029e62ea2e9214927202","sha1":"e61a0255f2ca374b2eb06bb41aa8b03232acd5f1","sha256":"f21d7ecaf5aa14a0a7472dc1b56201409f7919d2fef7f8ce83ff4f2db0091e68","sha512":"d2399b5a0b82c8c49f78ab9d0386babfa357a9bb615bb80697afc7f34d3d4572eebe4dd0c061b8a2367f5f998493bd13bf75e224c0f6ef08c67ef294444be01d","ssdeep":"","tlshash":"e50199c7958034f6826824f188d5b60cc1f793e45c4aa068d37004fa8d52acf8a1aaea","first_seen":"2025-08-01T16:42:41.868717Z","last_seen":"2025-08-01T16:42:41.868717Z","times_seen":1,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":34,"dns":13,"connect":7,"send":0,"wait":124,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"url.bestoffersfind.com/cmp/R2S9XH/717L7N/?source_id=540215\u0026sub1=482730324","fqdn":"url.bestoffersfind.com","domain":"bestoffersfind.com","tld":"com"},"ip":{"addr":"54.196.173.211","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T16:42:17.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"url.bestoffersfind.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 13:37:06 GMT","end":"Wed, 08 Oct 2025 13:37:05 GMT"},"fingerprint":{"sha1":"D2:23:83:A2:91:3A:1C:EB:FC:7E:B7:DD:94:F9:49:31:34:49:9A:56","sha256":"A9:63:8A:90:16:BE:9F:74:D7:19:61:6B:08:0F:B1:18:3C:0A:98:71:2D:10:78:14:EE:1A:30:9E:44:6B:77:C4"}}},"request":{"raw":"GET /cmp/R2S9XH/717L7N/?source_id=540215\u0026sub1=482730324 HTTP/1.1\r\nHost: url.bestoffersfind.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nserver: nginx\r\ndate: Fri, 01 Aug 2025 16:42:17 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 166\r\naccept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model\r\nlocation: https://aff.mcftracker.com/IZkkcu/?utm_source=126732\u0026utm_campaign=18508218\u0026cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\nset-cookie: uniqueClick_717L7N=8293fdaa-17d0-40a5-8e8d-1e695bc16e7b:1754066537; Path=/; Expires=Sat, 02 Aug 2025 16:42:17 GMT; SameSite=None\ntransaction_id=7d0f09aa1e9844bea5f49b5057bae8a7; Path=/; Expires=Thu, 30 Oct 2025 16:42:17 GMT; SameSite=None\r\nvary: Origin\r\nx-eflow-request-id: 5e292091-9749-4d55-8872-bfcfb6e5682a\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20147,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T18:31:00.561381Z","times_seen":15971922,"resource_available":true,"data":null}},"time_used":636,"timings":{"blocked":242,"dns":22,"connect":104,"send":0,"wait":149,"receive":2,"ssl":114},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aff.mcftracker.com/IZkkcu/?utm_source=126732\u0026utm_campaign=18508218\u0026cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","fqdn":"aff.mcftracker.com","domain":"mcftracker.com","tld":"com"},"ip":{"addr":"172.67.211.237","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T16:42:17.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcftracker.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Jun 2025 19:05:19 GMT","end":"Fri, 05 Sep 2025 20:03:55 GMT"},"fingerprint":{"sha1":"75:85:09:A3:4C:EA:56:65:4C:0D:A7:CA:67:EE:E2:79:AB:D2:E2:AB","sha256":"A6:76:86:3D:2C:4E:A9:31:9C:D7:9C:63:6C:B7:C2:89:89:64:ED:8B:94:C1:2F:D7:39:B2:17:16:FD:CE:86:F5"}}},"request":{"raw":"GET /IZkkcu/?utm_source=126732\u0026utm_campaign=18508218\u0026cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7 HTTP/1.1\r\nHost: aff.mcftracker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 01 Aug 2025 16:42:18 GMT\r\ncontent-type: text/html\r\nlocation: https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rf6uJK31RBnmbYMZPPQZNR6dpUtaZmZB7Kf78nUgUA77M9%2B7Doz1S4MYIs4cQ8iYb7GJvs5rUQB5HrbEaTG%2BfIpQSj6auynkXwYvm9Y7hC4%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9686c9b58c4a5690-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20147,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T18:31:00.561381Z","times_seen":15971922,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":50,"dns":22,"connect":1,"send":0,"wait":352,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/15026/favicon.png","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","date":"2025-08-01T16:42:19.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manageuberquickthe-file.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 26 Jul 2025 23:08:22 GMT","end":"Sat, 25 Oct 2025 00:06:59 GMT"},"fingerprint":{"sha1":"11:D9:EF:F0:3A:BD:E6:BB:E1:E9:63:9E:6F:AC:8F:F5:37:C1:79:A7","sha256":"12:8A:49:F2:09:D1:1F:F0:CD:0D:08:E4:6A:16:E6:17:5F:00:FC:E0:22:BF:4E:D8:ED:3C:1B:BC:64:15:71:5D"}}},"request":{"raw":"GET /lp-media/15026/favicon.png HTTP/1.1\r\nHost: manageuberquickthe-file.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\nCookie: session=xN9uhbJfcTaE8jp-rzxZnFK5RV2Q03xg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 16:42:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 25736\r\nlast-modified: Wed, 14 May 2025 08:19:11 GMT\r\netag: \"682451ff-6488\"\r\ncache-control: public, max-age=86400\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nage: 41022\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NDe9Y9lgsXH%2FT%2BfkAEGhBv7bjRYbL7uecPSd3gPQqX3sFyrxQow9PcTXU8%2Fe%2Bo6a0cdbUnU309%2BkUZRs2z3h1HUOYvMWfs7lLlVkRtLkfGaiFjam3QYkNj8%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9686c9bd3bb1b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25736,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 217 x 159, 8-bit/color RGBA, non-interlaced","md5":"f6a6ee194a2a7542705d73c0f7e3dea4","sha1":"b4e9be78aac1de704bdd0d458c6d2066f356c231","sha256":"1b8d041b3706449b830606768b84a2a81a5aec4310d1b5d926f8616ed4806071","sha512":"8945d5a506b26eb62f70deb76d6f9fa9f918cba3d21e0a5fcfddfe5c9a905f7db60078f44c0b5d14ab43e9297843df31168e45c6bf6dde50584b79336bd4511b","ssdeep":"768:a2l80blaNsQDlv0ajzrYyG9aCGujn0C2bkgmyfr:4jNsQDhBlCGujn0BHRfr","tlshash":"15c2e1c7778ce45ae70b98d92476693ad4a800c393951c0f3dded6266b303b6e5943ce","first_seen":"2025-06-10T12:56:31.094849Z","last_seen":"2025-11-18T18:40:34.322733Z","times_seen":20,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"manageuberquickthe-file.top/lp-media/utils/alpinejs.js","fqdn":"manageuberquickthe-file.top","domain":"manageuberquickthe-file.top","tld":"top"},"ip":{"addr":"104.21.29.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7","date":"2025-08-01T16:42:19.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"manageuberquickthe-file.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 26 Jul 2025 23:08:22 GMT","end":"Sat, 25 Oct 2025 00:06:59 GMT"},"fingerprint":{"sha1":"11:D9:EF:F0:3A:BD:E6:BB:E1:E9:63:9E:6F:AC:8F:F5:37:C1:79:A7","sha256":"12:8A:49:F2:09:D1:1F:F0:CD:0D:08:E4:6A:16:E6:17:5F:00:FC:E0:22:BF:4E:D8:ED:3C:1B:BC:64:15:71:5D"}}},"request":{"raw":"GET /lp-media/utils/alpinejs.js HTTP/1.1\r\nHost: manageuberquickthe-file.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://manageuberquickthe-file.top/Ek8y621WhFC0Ya6nOeUWbCwhM44fqmvQDxjt7CayJpI/?cn_par1=7d0f09aa1e9844bea5f49b5057bae8a7\u0026cn_par2=2F78NK7\r\nCookie: session=xN9uhbJfcTaE8jp-rzxZnFK5RV2Q03xg\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 16:42:19 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 14 May 2025 08:10:32 GMT\r\netag: \"68244ff8-fb15\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-encoding: gzip\r\nage: 4109\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S2GAea8QbIo41cbjCkcs4kKIm9%2FaPJgJYBz5Bqkzn3zBiYXDPpDQUNbD%2BuUYeU%2FmxtikOTkKxkPkpZSBMi5QN8gYY6khwzw7dlXSSHdLjGIQ4ZQgo7a%2BL8E%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9686c9bd3bb4b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64277,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"ad8c1b0c9c26083634ef70adee9bacfb","sha1":"a55000c113c41780a200381852034f6daf8d5a66","sha256":"9d090b64325455b674d11bb46d0fe9f610beeea72f70cc9efa27e29108432dc7","sha512":"4c5e9275d75fa1ef006e74fe5de9134240ed8b143c2f792a129e952763353d08680fa1969deed5aa1f0e47d841c278cb42d9fec634bdebdb393bfae5819643c2","ssdeep":"768:+ogYDI9igu3cdAjOXFEn6rqIMWpcuD045NRCYvZShZaBSBrQWm:+ogkIsd3wAf6rqIMWpcuD0473chAM9m","tlshash":"4c532d4ab6e320309223f0395a5fd90e7735540f1989fe583a4c52666f8ca3da7f1bd8","first_seen":"2025-06-10T12:56:31.088278Z","last_seen":"2025-11-18T18:40:34.330242Z","times_seen":20,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"manageuberquickthe-file.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}