{"report_id":"fc3e8f8f-084f-4a0c-9964-05e5275302bb","version":6,"status":"done","tags":[],"date":"2026-05-10T23:33:01Z","url":{"schema":"http","addr":"klj.gangaoadmin.cyou","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"title":"Rakuten","dom":{"size":1483,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (715)","md5":"7abf76c90f0da2666fcda9a568020304","sha1":"d1dc34d6998e7019b9b73d30c6c8d7b6d836211f","sha256":"5364c30e2f8d9f73183f1be612b9daac4a2a6f4e51547b1de691ca3c4c47cbc9","sha512":"d562c2fde5f20f19ada448b00df2f14a8adeb50602baa7633cd8069cd88da19b93e82baad9ee5e814706ab1409fb11a13205ae22b2f4d49306bc8a81c0888ae4","ssdeep":"","tlshash":"f831df7d1419802712279e8978f0ea6db4e2db0bca47dd2056ff03941bd5d81cdacc35","dom_hash":"domhashad1c1c8763c48e69cfa934135d73bf78","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"klj.gangaoadmin.cyou","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-14T23:33:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"klj.gangaoadmin.cyou","ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-01","domain_rank":0,"first_seen":"2026-05-09T13:03:23.404778Z","last_seen":"2026-05-09T13:03:23.404778Z","alert_count":64,"request_count":16,"received_data":2916091,"sent_data":7409,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/index-ccfbb568.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"2ed8ef844baa1ff8821b227cd623b26a","sha1":"aa381c6e2db181484c2a8b83b92636b45970981e","sha256":"e5b2ef438050c45aa5e34dc17d0add11cbfaa99e040c17942e98f4e171d8a9d5","sha512":"a6102d0573d5f5c7881541ef7ecec178b3815658218fb80f6a35e5ddc6e781dceb0562addd5ea4ab9a918f6fe56e07f50a776ad54ce662c1cc8328f234e488a4","ssdeep":"192:hvuSbE/DnmkcctFqAgCwBOljQ+vSxScy5mSu:hvuS4/SctFBwBOgzy5mSu","tlshash":"011260e8b2d1b0f25ba770b8503f910bf276a8a4a08c9450d25ed4f0bdb8c9d0563f39","size":9804,"data":"","first_seen":"2026-05-10T23:33:04.872093Z","last_seen":"2026-05-10T23:33:04.872093Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/login-439ec4bc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d398be7103a1e6560fad8b4cdb0907c2","sha1":"2e567b905b6a243e3b64a7c9a54f8f263a8f742b","sha256":"b244d663937acc65623d568b284a33d88c1d42c5052654f1e16fc378c169b61a","sha512":"85874f4d99c786d42248cd2e831fc68a58248788846f435af456fd7369b64bcee8759d1be6196e0e74cf9de2346fdf247acea52604e442c5945c184b15fba210","ssdeep":"","tlshash":"b551652eb857a77941731cf435d91064a0182fc6f174dd93a1e80a941af2ded931ef17","size":2688,"data":"","first_seen":"2026-05-10T23:33:04.8703Z","last_seen":"2026-05-10T23:33:04.8703Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"50feeac8dda68304e86e50e78e3dfae1","sha1":"b255ddb7e316241a868944ef9242f2c835dab66c","sha256":"6c954037493b72d0aefbea8e8f8784069e1101df7ba2ed3ecd664def434e8c3d","sha512":"4b823a24e274ffe898041d28aeed8aefb128584628cfe21c5d77720e756b8b3eb0741a3c603e6be1973abe661736f667fef61c7a4c12973a3beac910df366ac7","ssdeep":"","tlshash":"d5c022c0a09268211a426c04206f30f4c020843324acae429c94ec443e530b08123db8","size":181,"data":"","first_seen":"2026-05-09T11:03:16.512157Z","last_seen":"2026-06-12T02:10:38.349036Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"14a4fd16cf281b0b7d44a68b2e32d986","sha1":"bb09ea5c55e06bb62eb8afc069790a827a1564d1","sha256":"a4e50c004034df0400e68fd06ad2f4bd68ac82459b5da30915aeca916a1c205e","sha512":"ed2f960e31ddc498e1354b3e4ed3decb3ed7aae8afd55e06465ddeaabf8080579ec74bf38b525ff1e80c7103896899e2329f6bd3a61163b8df675e0afb8466af","ssdeep":"","tlshash":"f5c08cc4a0c26d0016026a1124bf28e49034403670481b028c94dc493e230b08233ea8","size":141,"data":"","first_seen":"2026-05-09T11:03:16.556351Z","last_seen":"2026-06-12T02:10:38.344284Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"a478d29aa6ba187ce39b7419e3cba3cb","sha1":"af39c3046c86c05330d6c217cdfc3d71dbc120f9","sha256":"84c35978bde01a5d650c746107a723b3948d5ae98ea54d3fb1e1a0d99cf4b7a3","sha512":"2355844a775711b5c913b674ea7e673d2b918624f37a44c469e3873a76f7e5df3367aa87754017599cea8399846b3ec9dee72cd2271a62b95823aa99ef4303a9","ssdeep":"","tlshash":"71c08cc8b0d22d411682a81050bf35e4d0288827788caf52dce8ec583e6b0b08237ffc","size":156,"data":"","first_seen":"2026-05-09T11:03:16.55027Z","last_seen":"2026-06-12T02:10:38.348079Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f97cea2edb9202f2bdab04081d72ebb5","sha1":"388b954ef07a08a9be9a5d83546bcca99aedc0b6","sha256":"b407a141fe57e6fd1b5d8102193ee36a44d593ca63cd9c3b7dc95c850dbe2faf","sha512":"56ba36be7ab5e5bc63420e837fb552b724e44bf2003c249eca3cb30c65c5cea22411cf120102a3743cfaff0063cd276a54925575704cb3137927f714f021b28e","ssdeep":"","tlshash":"eec08cd9a0d2ae002642681a20bf24e8d02484277049ab228cd4dc593e230b48237ea8","size":154,"data":"","first_seen":"2025-10-16T01:21:17.532532Z","last_seen":"2026-06-12T02:10:38.34202Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"03656175987d38b6d6ba7c6c3c2c9cb9","sha1":"41e4677c0507167ad3a3d947d423dda4830fd087","sha256":"87a776d4a2b2bfbd13fae90cbc388898ea3bc1cdbf0284cf83de675044fcbef8","sha512":"4ff89280de77d61ceaa664da087f3a9720479fe6cab9d90b5641b504d81abc9e53204f99e7518afc813bb7447dd6e3e963f852efb20c8092c2fe5c7917880887","ssdeep":"","tlshash":"6ec08cc4a0c7ae041706ea11a4af39f8a0345827b0596b52acd8e8593e620b09233ebc","size":156,"data":"","first_seen":"2023-11-08T22:59:26Z","last_seen":"2026-06-12T02:10:38.343507Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/index-656b34cc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2ef207c4b20443a8db973abf1e358fd","sha1":"eaa46f0339c15b816a391e353d944e1550213e26","sha256":"93cd60cdfdf0676ef37b8311094711b76dfca08aa8d94bb26366b7e2d99d6310","sha512":"ca845653bd800db5177aa368c4e43f9efd76334133d9b57884917b42fc8bb76b431ab703ef2e63213034ca3fbdb5f5189f354a30d1afa2584a9cf4d8e90e7048","ssdeep":"49152:dEbHOJKeMJl9QLFShInwkWrpaTP/4Ai8mIGBRR/qBHl45XM6cXsKoR5gktvU9HXx:8Gm3e","tlshash":"f6858d6923edf8aa0295b5c1e34d0334b81d2c7af726c3514e77d46e25d9d34822eb3a","size":1767692,"data":"","first_seen":"2026-05-10T23:33:04.892432Z","last_seen":"2026-05-10T23:33:04.892432Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/applogo-b181ffbc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"1f56553c8dadca21e7c1b45f4acfe2a7","sha1":"97aedd009cef2403dac4e3332d3e68d9d27145fa","sha256":"c36d76d610ea4fcf5ec079a35ac34ff154efd95453f9403a6ead2c59c37c533d","sha512":"2c9b2d5135d9f9a5e2fd831eecf916c136a734e17b74e6b79fa5201dbadf5230ebcce5af6cace90caab0b26b330968cee71f9e37e6bcc59c101a78304b572e01","ssdeep":"","tlshash":"0d90020558040de0052925bc9726d95414410214a95546a984284515a755581754ac21","size":55,"data":"","first_seen":"2025-10-21T01:37:16.464206Z","last_seen":"2026-06-12T02:10:38.325786Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/applogo-b181ffbc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:40.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/applogo-b181ffbc.js HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://klj.gangaoadmin.cyou/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ua9y6G0vwgTbuE%2BPb93SKF1IY849PkcbRMeyf1duQRyrcsgu6Oaha%2FEnutz4h6PRbdfdKmNTONPtQOBt9cRJKxCMT%2BqrOdgeKPfXwodHdVrS5SGBKrWISyYGi%2FKwGQyjaY%2FA%2FUhqsA%3D%3D\"}]}\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Mon, 11 May 2026 11:32:41 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: br\r\ncf-cache-status: EXPIRED\r\netag: W/\"6a00bdde-37\"\r\ncf-ray: 9f9cbe9aa83732fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"1f56553c8dadca21e7c1b45f4acfe2a7","sha1":"97aedd009cef2403dac4e3332d3e68d9d27145fa","sha256":"c36d76d610ea4fcf5ec079a35ac34ff154efd95453f9403a6ead2c59c37c533d","sha512":"2c9b2d5135d9f9a5e2fd831eecf916c136a734e17b74e6b79fa5201dbadf5230ebcce5af6cace90caab0b26b330968cee71f9e37e6bcc59c101a78304b572e01","ssdeep":"","tlshash":"0d90020558040de0052925bc9726d95414410214a95546a984284515a755581754ac21","first_seen":"2025-10-21T01:37:16.464206Z","last_seen":"2026-06-12T02:10:38.325786Z","times_seen":15,"resource_available":true,"data":null}},"time_used":402,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":402,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/login-439ec4bc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:41.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/login-439ec4bc.js HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/assets/index-656b34cc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a00bdde-a80\"\r\nexpires: Mon, 11 May 2026 11:32:41 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3D2lgGKgiJRUvTD4Lt680FvvWv8oGUE%2Bfk9L3GjQy%2FrkKvEVNW9MBXDv5c%2FMl5DF3WVzzFOliFB97TNeXbqQaP%2FrPAvEuV5C1p8PRXfoyPEH6DWawXHBYlk132%2B3oHs5gsdbNzfXZg%3D%3D\"}]}\r\ncf-ray: 9f9cbe9d28dd32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2688,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2617)","md5":"d398be7103a1e6560fad8b4cdb0907c2","sha1":"2e567b905b6a243e3b64a7c9a54f8f263a8f742b","sha256":"b244d663937acc65623d568b284a33d88c1d42c5052654f1e16fc378c169b61a","sha512":"85874f4d99c786d42248cd2e831fc68a58248788846f435af456fd7369b64bcee8759d1be6196e0e74cf9de2346fdf247acea52604e442c5945c184b15fba210","ssdeep":"","tlshash":"b551652eb857a77941731cf435d91064a0182fc6f174dd93a1e80a941af2ded931ef17","first_seen":"2026-05-10T23:33:04.8703Z","last_seen":"2026-05-10T23:33:04.8703Z","times_seen":1,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/index-ccfbb568.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:40.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/index-ccfbb568.js HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://klj.gangaoadmin.cyou/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a00bdde-264c\"\r\nexpires: Mon, 11 May 2026 11:32:41 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VmUUxZsusbGQfqNtQNBwJHTvdf4GYU7bPnwRI4H4%2BGBIUVgCtZGXRwgFRp%2BjoWU40r4ijo31ICatYR%2FErMV8UtT%2BxGTsilU3YUd2QDVjy1zWF1NUGMs9C8%2BEo0sJDzrb1ukfd1giXw%3D%3D\"}]}\r\ncf-ray: 9f9cbe9aa83832fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9804,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9608)","md5":"2ed8ef844baa1ff8821b227cd623b26a","sha1":"aa381c6e2db181484c2a8b83b92636b45970981e","sha256":"e5b2ef438050c45aa5e34dc17d0add11cbfaa99e040c17942e98f4e171d8a9d5","sha512":"a6102d0573d5f5c7881541ef7ecec178b3815658218fb80f6a35e5ddc6e781dceb0562addd5ea4ab9a918f6fe56e07f50a776ad54ce662c1cc8328f234e488a4","ssdeep":"192:hvuSbE/DnmkcctFqAgCwBOljQ+vSxScy5mSu:hvuS4/SctFBwBOgzy5mSu","tlshash":"011260e8b2d1b0f25ba770b8503f910bf276a8a4a08c9450d25ed4f0bdb8c9d0563f39","first_seen":"2026-05-10T23:33:04.872093Z","last_seen":"2026-05-10T23:33:04.872093Z","times_seen":1,"resource_available":true,"data":null}},"time_used":393,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":393,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/favicon.ico","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:41.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L%2ByXiDXmqBCuDGVQmvd7tK6taEnIIlxYHqq8%2BsDF6mIfn7%2FVghltGIt%2BnmQItGQMouphrAVbU4WeC53g8yndCPXSDK2oRxCl8Cik6HWOvEAKVsgHhl1QWC0wG4tWqiQN73O6lAGWsg%3D%3D\"}]}\r\nlast-modified: Mon, 16 Jun 2025 16:45:06 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"68504a12-304\"\r\ncf-ray: 9f9cbe9d38e132fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":772,"size_decoded":0,"mime_type":"image/x-icon","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 32x32, components 3","md5":"188a4fd4cfaa24d210e01be158c91843","sha1":"2e16031c3d5d5bdc7fe783ab01e0902ee4c507ec","sha256":"75ba2151a87d90d4ac2e971f47a342b9138e2853df36aa99eb500c8293310349","sha512":"62487707c22b7b6b7b70647706e9803432651c87fab4e0537a28f807ff5b01c2f09af6994c8e7189cd224e95ac9019c8ab0ed543961f5e33fea1948c8ed226b5","ssdeep":"","tlshash":"060160ecaf06400dd926833880f1b589eb6c3c80ac302f6842240dc5a8fa4c888a0f08","first_seen":"2025-07-06T21:51:06.522211Z","last_seen":"2026-06-12T02:10:38.307759Z","times_seen":27,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":384,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/applogo-b181ffbc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:41.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/applogo-b181ffbc.js HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/assets/login-439ec4bc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RjI4Nz%2F5QPlvaKRYTY7fXp3JiQE7Ph%2BpnovRHBkNPcgD2Ia73wBIoih0lHEupKHH6OpArYPAs5%2FqNOen7SgMxRa7CZZVg6LGuttaHQsavPoyxkpMR6%2FvsuwDhzRQHjEwZp%2FVk%2FRHmA%3D%3D\"}]}\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Mon, 11 May 2026 11:32:41 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: br\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"6a00bdde-37\"\r\ncf-ray: 9f9cbe9d48e332fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"1f56553c8dadca21e7c1b45f4acfe2a7","sha1":"97aedd009cef2403dac4e3332d3e68d9d27145fa","sha256":"c36d76d610ea4fcf5ec079a35ac34ff154efd95453f9403a6ead2c59c37c533d","sha512":"2c9b2d5135d9f9a5e2fd831eecf916c136a734e17b74e6b79fa5201dbadf5230ebcce5af6cace90caab0b26b330968cee71f9e37e6bcc59c101a78304b572e01","ssdeep":"","tlshash":"0d90020558040de0052925bc9726d95414410214a95546a984284515a755581754ac21","first_seen":"2025-10-21T01:37:16.464206Z","last_seen":"2026-06-12T02:10:38.325786Z","times_seen":15,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-10T23:32:38.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 10 May 2026 23:32:39 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=12tPylvGYm1UH9lUSvTAMSQV8iKJBhCGnBuSwNuEXR%2FOJMXK2MMvNDeqYSXg9WFJ%2B5WSOfudciGMSRm5LpWtKAGzRJ8rzJzWSOEd5efXiMK6hSANIjnqX9cAJF1zI00Y7N9FuPiCOg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9f9cbe8d79c956a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":423,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"8c87e6aa40d0c322dadbf495811c1fd7","sha1":"bd2159f802f5b11ff67f617edbe89c7fd59e7bad","sha256":"39e9527de3cee1204b736a053676679a225dc1f43509c393c9789e08735d81d0","sha512":"7610873e2b4397a621d04e941377079be797123a6afe4eeada8dfb85b1af368190b72f57e148920420d3576705408c229642a042e0f4f69dd09b744826901593","ssdeep":"","tlshash":"04e0ab4588e18819133092043cd0f4588c82db4787499d1031eb90680fc4b8b8dcf86c","first_seen":"2026-05-10T23:33:04.875235Z","last_seen":"2026-05-10T23:33:04.875235Z","times_seen":1,"resource_available":true,"data":null}},"time_used":548,"timings":{"blocked":87,"dns":68,"connect":1,"send":0,"wait":374,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/nav_03-3b538df2.jpg","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:40.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/nav_03-3b538df2.jpg HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:40 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 06 May 2026 12:04:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69fb2e54-1064\"\r\nexpires: Mon, 08 Jun 2026 13:02:53 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nage: 124187\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0ibVbZ5T8oa%2FSM30mx%2FhN2ZrpwEVEwDiwhUMkv8tdNGVNC1%2BJwDyLJ4g6F4d7x0debxrMiMYm5BPI1gnWIknWjaHhVWQylIJsasUDshVeraqUfF4vQAAnWaXkWCVvWjMeN9BiixbDQ%3D%3D\"}]}\r\ncf-ray: 9f9cbe9a683232fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4196,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 144x144, components 3","md5":"6fe85316242f3b563cececf45efbe953","sha1":"3177272a8bfca449a20101bc31ce62930f39389f","sha256":"3b538df2541c5f5000c82edfcabf74da573c506a29a9420932a34d939bedd0b7","sha512":"97acf1663555a2ddfb30819610a8c518a828c94246d745b1bddd7bc71e145abe06fe702c0c022ebcff073a11c8b947a1f66d8361f3304ec504f0862fc2e60028","ssdeep":"96:JEDNmzbMI5jPteEGn/podqPMvEu9gp3jpYexi:JVMZEKp97/nxi","tlshash":"96813912ebcac7a21f2b55ad643c3ef36756908a3ccd109e39931a84f650e62e41b57c","first_seen":"2025-07-06T21:51:06.520467Z","last_seen":"2026-06-12T02:10:38.322351Z","times_seen":23,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/index-ccfbb568.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:41.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/index-ccfbb568.js HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/assets/login-439ec4bc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a00bdde-264c\"\r\nexpires: Mon, 11 May 2026 11:32:41 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N%2B30ZkKiqg9Q3uP1Wg%2Bio6Yywrnghams1C45zLpYXF0QKwta%2FIswwj9K315GTAMRV26QB%2FiKPwrGvuemYlgirnXS8qiZvbadfgY2MGKFf4yKJPtmL5bGExMHPcPsAedtjcejsMKxgg%3D%3D\"}]}\r\ncf-ray: 9f9cbe9d48e432fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9804,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9608)","md5":"2ed8ef844baa1ff8821b227cd623b26a","sha1":"aa381c6e2db181484c2a8b83b92636b45970981e","sha256":"e5b2ef438050c45aa5e34dc17d0add11cbfaa99e040c17942e98f4e171d8a9d5","sha512":"a6102d0573d5f5c7881541ef7ecec178b3815658218fb80f6a35e5ddc6e781dceb0562addd5ea4ab9a918f6fe56e07f50a776ad54ce662c1cc8328f234e488a4","ssdeep":"192:hvuSbE/DnmkcctFqAgCwBOljQ+vSxScy5mSu:hvuS4/SctFBwBOgzy5mSu","tlshash":"011260e8b2d1b0f25ba770b8503f910bf276a8a4a08c9450d25ed4f0bdb8c9d0563f39","first_seen":"2026-05-10T23:33:04.872093Z","last_seen":"2026-05-10T23:33:04.872093Z","times_seen":1,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/applogo-4a81ceb8.png","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:41.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/applogo-4a81ceb8.png HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 06 May 2026 12:04:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69fb2e54-94fb2\"\r\nexpires: Sun, 07 Jun 2026 12:19:17 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nage: 213203\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i4sHCin6JyglIwYNQDSexsObEw9CknnfXBhGLg5RxpgZBfxKW%2BDWNNnVX5YvWtPE7qh%2FSwFp9EO5SedKEotI%2Bw7jjRW8WQH%2FIwW%2FcKhn7qYnW9qI%2BlZtMTkrwBfqAWc0IWUZmCn0bw%3D%3D\"}]}\r\ncf-ray: 9f9cbe9d78eb32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":610226,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"852abc3b2d6b69c9405aa30b5b739169","sha1":"435ec81a2ced4e06b5cec8f039475e218045032c","sha256":"4a81ceb819066ab64ff99256343120ffdca29e64f1e60d43f752d549e4c4bb65","sha512":"452b99e5c4adae35efbacf5da34459d1b968fc8101fd6ad5de7eb050173f4b63c5676ed90b17efca882ed63ba9a571ecd0f588175096795027eb5aab03977091","ssdeep":"12288:JTbdrPEaRXGKhr33bU97xMGsilJGSQVJ0/JkN4QzMuRyHXvGeWtUe:PrPEoG6r33w9Rs6Q/JPjsHX7WtR","tlshash":"a9d422b2f3c3db41d387d17c212e3ca7c76541c81590080ba4ab6e56ba99fb8a84773d","first_seen":"2025-10-21T01:37:16.444847Z","last_seen":"2026-06-12T02:10:38.32372Z","times_seen":15,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/material-icons-4a4dbc62.woff","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:41.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/material-icons-4a4dbc62.woff HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/assets/index-028f128b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: font/woff\r\ncontent-length: 128616\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\npriority: u=4,i=?0\r\netag: \"6a00bdde-1f668\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E7p4P6jWZCCAryx1Xo5XWGxRPozjMnRLqlrUERnGNBa0LILjvWhnEUChqS7hTJHWfyN1tnaAA9JkJ5oy9QvfJxcpVk5W%2FSK8dfsxQA1%2F96bWBq6iB4F6UViohXuwBweLn8i%2FpFyz6g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f9cbe9d88ed32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128616,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format (Version 2), TrueType, length 128616, version 1.0","md5":"a4160421d2605545f69a4cd6cd642902","sha1":"aaae93b146d97737fabe87a6bc741113e6899ad3","sha256":"4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b","sha512":"d2ba5c00c3b6c1fc58519768b0dcd23951e74c00fdd424ab4565e7c2dc9c6b8e8077dc75015d9158bfd12f4573a7feed6bc3fb16eec96785c356511c9551416f","ssdeep":"3072:g9Q1hzkZsrnBLBDz44c4vHx8K+QpXKL4NfsuNhi:g+34iB544c+HWlT4N0uLi","tlshash":"95c31255b28d16451bf7c831e158675e36e32d52d03fbe8c44efca2496e1f9b2b29060","first_seen":"2023-04-16T16:36:03Z","last_seen":"2026-06-27T00:23:13.71986Z","times_seen":8549,"resource_available":false,"data":null}},"time_used":978,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":396,"receive":581,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/index-656b34cc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:39.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/index-656b34cc.js HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:39 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a00bdde-1af90c\"\r\nexpires: Mon, 11 May 2026 11:32:39 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k9ekVTuBRaAMPc0KWDg7FaF8VOv%2FLRC%2B5F40Olw1ue%2BxsHEVVVUfP%2Be5OzRV3VxhCPq67phJSbFw67%2By%2F9MZIRhY10ayD9c%2F1AHm5XHn19YHpu80nvY7yFAHX2AO%2B4ji23zSnvl5wg%3D%3D\"}]}\r\ncf-ray: 9f9cbe90cf4e32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1767692,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (64693)","md5":"fc1682b3bf1eb3fc5ff6685108298215","sha1":"71a9cd838ee6acf01019574b0fb1e006250edf73","sha256":"798887828389f5ff8850cc8d992616095dffecdfadbe50cdc5cb0a45e048df77","sha512":"7b3d70d6c87b928961f5aa4a322b5f12c96418940c478461b78222df80f814205d0ea334c31fba132366b648e3f1590909a3e90e2d3a8a06b6d31c58ef25e0d5","ssdeep":"24576:dEbHOJKeMJl9QLFShInwkWrpaTP/4Ai8mIGBRR/qBHl45XM6cXsKoR5gktLDU9Ht:dEbHOJKeMJl9QLFShInwkWrpaTP/4Aim","tlshash":"2965bfad33ecf759029975c1e34e0634b82c3c7af61b876147bac5ad15c6d44822ab3b","first_seen":"2026-05-10T23:33:04.882098Z","last_seen":"2026-05-10T23:33:04.882098Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":403,"receive":965,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/index-028f128b.css","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:39.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/index-028f128b.css HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a00bdde-2e8d9\"\r\nexpires: Mon, 11 May 2026 11:32:39 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5HEpN2i0ouBdVVzLnVQGwY4w412gpke4Gpr289G67GbZCzObvYoEaG7cQBhXl0uabXyqlh12qiBil4rKW0AfkRp9yDVDeSGNDJ6epm9pTrdPl9O5UiMP4cL%2B3sWAdt%2FjmK5aKrkW%2Fg%3D%3D\"}]}\r\ncf-ray: 9f9cbe90cf4f32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":190681,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"dd843ef305adc5509655c4ce5db80e79","sha1":"df13d61d9a812f35636980172c2663adcadcc7bd","sha256":"028f128b27dd13837c979f1ce615ae13ff3e030d437dfc33b1f0d9bc895609b0","sha512":"dbc8dd043fe0ad91c1ad8c12d2f8bdb12851d90ea610964ad2d7bb06642ada687108cd24fb638f883e06b199155e0945d1139ed66107ca9b96cc9a2d94e29084","ssdeep":"1536:b9QtIeRN5J+jOkiHcplpVwwsgiOz4q3LKs5Y1Ab5a4zADVbVyx0:Ve+5w9sziooq0","tlshash":"bd1493a5ea9091bc7f17f275ab8b96dcf23cb560ed01caa4f10451580ec7bf50623a1a","first_seen":"2025-07-06T21:51:06.51612Z","last_seen":"2026-06-12T02:10:38.311113Z","times_seen":23,"resource_available":false,"data":null}},"time_used":810,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":424,"receive":386,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/nav_05_green-c355c16c.jpg","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:40.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/nav_05_green-c355c16c.jpg HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:40 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 06 May 2026 12:04:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69fb2e54-2d78\"\r\nexpires: Sun, 07 Jun 2026 12:19:16 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nage: 213203\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ku0eE7%2BDqP2%2FFXJkCPSqV%2FRktKyCbUqF%2FzFF5ovns6Rdv6mJCYPEVeRiR7ToKWS03ZrwjGYbFArTbSjJRi5U0LX535qpAeJ6%2FPGNqJBuYOBVZ%2BD8TNAehqIoIwh%2FNn5IZhYeCPGQGw%3D%3D\"}]}\r\ncf-ray: 9f9cbe9a683132fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11640,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=144, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=144], progressive, precision 8, 144x144, components 3","md5":"8aa7d845bd431c11c33c787796824c16","sha1":"23fccefb1ae52cc6af1c989b01e9aa1e60d61055","sha256":"c355c16cd77a6ca295ba158d12a5dcf67f1823b79b45cfbb72e0c41439d9a098","sha512":"0f7a5428a477d70f2f71ae0dc1b819d6039d974d3f5638285039f5e9fbc34756090309d65cd1a56e227c311f6def10ebfdbc8fe7672cbb6a912dd8c574779baa","ssdeep":"192:N6gd+tWEwJp28y4lta6Z6gd+tWEwJNkn03jk5JCcnH6:h+lwyPit9+lw8n03jkHBna","tlshash":"2c32083967948e33f9e1a23986a1cb97a321dc0066772b43b88d35c57f727928c1e346","first_seen":"2025-07-06T21:51:06.518684Z","last_seen":"2026-06-12T02:10:38.333405Z","times_seen":23,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/login-a216d718.css","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:40.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/login-a216d718.css HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a00bdde-586\"\r\nexpires: Mon, 11 May 2026 11:32:41 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hfMOwk6Arj%2BZWaRqIFk2H%2B4n9YMVBpwsN9UoZCFq4SHyAxCbwwEFoKx%2FHf%2BJWM89KQNPFyjNj96dAangdJTn3FmLzbA%2BJyD33ow1ciHixIr5M14psZgD5I73Ded6XKZWR3u8uyL4gA%3D%3D\"}]}\r\ncf-ray: 9f9cbe9a983532fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1414,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1413)","md5":"7905685b52cf14076577d80387b309cf","sha1":"86572dfe9196b3b9965d6c999429d912120d05e2","sha256":"a216d7181ba6bbd38e4d2e8de55efad81215e0f160c1301523c931d02cc86b53","sha512":"39d199371bcd553f73c5a9d6fd77d0d0dfc1dbe8f1b10fbdc958a5d6a6a89bd5667cb4a192338b94a04e65ffb92806f391edf3727f73e554295043f66307e189","ssdeep":"","tlshash":"9921fb3691a86428b923cc7435e29a86b04d9276c3a7e72cdda3352bcc4e0b31771b18","first_seen":"2025-10-21T01:37:16.476823Z","last_seen":"2026-06-12T02:10:38.32089Z","times_seen":14,"resource_available":false,"data":null}},"time_used":403,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":403,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/fonts/Roboto.ttf","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:41.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /fonts/Roboto.ttf HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klj.gangaoadmin.cyou/assets/index-028f128b.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 163448\r\nlast-modified: Mon, 27 Feb 2023 12:36:56 GMT\r\npriority: u=4,i=?0\r\netag: \"63fca3e8-27e78\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P2LQl9MKQjpWZdQJU%2BPbGlA3Tp2T%2BAVefwEf7izXlVn76kY%2Fzha2pSM1AZI0gCInEFT0%2BBhVw4bj7Fk4dL0APTAUCbrTF2LhRfM2VjBQMJrZ%2BLrsdq3KXCT1It%2FYv%2FNf2i3eaKkX1Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f9cbe9d98f232fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":163448,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, digitally signed, 19 tables, 1st \"DSIG\", 23 names, Macintosh, Font data copyright Google 2011RobotoBoldGoogle:Roboto:2011Roboto BoldVersion 1.00000; 2011Robot","md5":"36b5bab58a18b9c924861a4ccbf1a790","sha1":"d313ab2c45756bf4e972647f5b2ad691ad250990","sha256":"24571503140760240924dcd1238f77e7cd0454c0d8b0793990cefa2fad71471f","sha512":"2b8fd5bd0877926b1d7b31908f9632ea4830faa60dced49506f9fc3e43a1f6abe86c6e7360ff190411527deb2347b6191702c1c37bd541e5e0570b722fa7b0bb","ssdeep":"3072:K00P+GU8cnHJ4bNt0ji9U4Rkd8cuyka/ghJZBW4S9QNcJSPxRL72tkYBJa21U:K00Pp19xY/UAtzS","tlshash":"baf35a1bb347eb52ce356d7902b5c3926609fc2522379b5be0bfbb64a8430e50d274e1","first_seen":"2023-04-13T08:26:55Z","last_seen":"2026-06-26T02:54:52.918617Z","times_seen":334,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":398,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klj.gangaoadmin.cyou/assets/login-439ec4bc.js","fqdn":"klj.gangaoadmin.cyou","domain":"gangaoadmin.cyou","tld":"cyou"},"ip":{"addr":"172.67.150.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://klj.gangaoadmin.cyou/","date":"2026-05-10T23:32:40.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gangaoadmin.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 May 2026 07:40:36 GMT","end":"Tue, 04 Aug 2026 07:40:35 GMT"},"fingerprint":{"sha1":"13:AD:1D:78:AA:D8:A4:1B:78:9E:74:49:8C:1D:0D:F3:1D:43:F1:69","sha256":"41:36:3F:42:19:2E:35:11:B6:F7:9A:1E:9A:39:6C:3F:6F:6A:81:FB:06:C3:3E:CA:6D:4A:44:ED:7A:C6:00:6A"}}},"request":{"raw":"GET /assets/login-439ec4bc.js HTTP/1.1\r\nHost: klj.gangaoadmin.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://klj.gangaoadmin.cyou/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 10 May 2026 23:32:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 10 May 2026 17:18:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a00bdde-a80\"\r\nexpires: Mon, 11 May 2026 11:32:41 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9eWX8JEAuuVH6wDfiV6uBRIEeFw%2FE%2FEGaduWCd77WX%2FiWZCeLOvtA8iC%2BiqfLL%2FPZnwnvyUxc4eSEJa%2F7F60E8gMkzDpm5noiSth7c%2Fm8zSugTAtvHHeiQUs0Kh3aB1CRT%2F83JTPiQ%3D%3D\"}]}\r\ncf-ray: 9f9cbe9a983632fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2688,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2617)","md5":"d398be7103a1e6560fad8b4cdb0907c2","sha1":"2e567b905b6a243e3b64a7c9a54f8f263a8f742b","sha256":"b244d663937acc65623d568b284a33d88c1d42c5052654f1e16fc378c169b61a","sha512":"85874f4d99c786d42248cd2e831fc68a58248788846f435af456fd7369b64bcee8759d1be6196e0e74cf9de2346fdf247acea52604e442c5945c184b15fba210","ssdeep":"","tlshash":"b551652eb857a77941731cf435d91064a0182fc6f174dd93a1e80a941af2ded931ef17","first_seen":"2026-05-10T23:33:04.8703Z","last_seen":"2026-05-10T23:33:04.8703Z","times_seen":1,"resource_available":true,"data":null}},"time_used":401,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":401,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"klj.gangaoadmin.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"klj.gangaoadmin.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}