{"report_id":"fe8a8ca7-4b61-4e6f-b2ff-4793089ae74a","version":6,"status":"done","tags":[],"date":"2024-11-06T16:35:54Z","url":{"schema":"http","addr":"uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=","fqdn":"uddeve.com","domain":"uddeve.com","tld":"com"},"ip":{"addr":"88.208.38.96","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"rt.betulinherl.shop/ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","fqdn":"rt.betulinherl.shop","domain":"betulinherl.shop","tld":"shop"},"title":"rt.betulinherl.shop/ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-15T16:35:54Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cagrep.com","ip":{"addr":"185.162.85.1","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-10-08","domain_rank":0,"first_seen":"2024-10-13T06:34:00.138169Z","last_seen":"2024-11-06T14:32:13.04532Z","alert_count":2,"request_count":2,"received_data":368,"sent_data":1127,"comment":"","tags":null,"fingerprints":null},{"fqdn":"wokoez.com","ip":{"addr":"185.162.85.3","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-02-05","domain_rank":0,"first_seen":"2024-02-06T14:55:06Z","last_seen":"2024-10-30T20:00:23.125378Z","alert_count":1,"request_count":1,"received_data":239,"sent_data":476,"comment":"","tags":null,"fingerprints":null},{"fqdn":"iaqcfo.com","ip":{"addr":"138.68.123.185","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-03-25","domain_rank":0,"first_seen":"2024-03-25T15:19:03Z","last_seen":"2024-10-31T13:20:12.008858Z","alert_count":0,"request_count":1,"received_data":379,"sent_data":1045,"comment":"","tags":null,"fingerprints":null},{"fqdn":"track.wbdpnz.com","ip":{"addr":"143.204.55.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2022-05-27","domain_rank":0,"first_seen":"2022-06-01T12:56:18Z","last_seen":"2024-10-31T13:20:12.03546Z","alert_count":0,"request_count":1,"received_data":1037,"sent_data":660,"comment":"","tags":null,"fingerprints":null},{"fqdn":"rt.betulinherl.shop","ip":{"addr":"23.109.170.66","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-09-30","domain_rank":0,"first_seen":"2024-10-14T16:05:49.083595Z","last_seen":"2024-10-31T13:20:12.351586Z","alert_count":0,"request_count":4,"received_data":20425,"sent_data":5725,"comment":"","tags":null,"fingerprints":null},{"fqdn":"oontenrobe.top","ip":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2024-10-31","domain_rank":0,"first_seen":"2024-11-04T19:43:44.936034Z","last_seen":"2024-11-04T19:43:44.936034Z","alert_count":2,"request_count":2,"received_data":1139,"sent_data":1087,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-06T16:35:31Z","timestamp":1730910931,"ip_dst":{"addr":"172.18.0.8","port":45936,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"medium","alert":"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)","source":"{\"timestamp\":\"2024-11-06T16:35:31.806019+0000\",\"flow_id\":1238194424339383,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"212.117.184.188\",\"src_port\":443,\"dest_ip\":\"172.18.0.8\",\"dest_port\":45936,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031230,\"rev\":1,\"signature\":\"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2020_11_23\"],\"updated_at\":[\"2020_11_23\"]}},\"tls\":{\"subject\":\"CN=oontenrobe.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:AF:B2:03:39:F6:95:45:CF:2F:6A:B7:F3:2F:53:E6:7D\",\"fingerprint\":\"ea:b6:74:d5:d6:60:cf:b4:d7:b1:5d:cc:08:60:8f:74:a6:10:dd:ed\",\"sni\":\"oontenrobe.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-10-31T00:00:00\",\"notafter\":\"2025-01-29T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1329,\"bytes_toclient\":4011,\"start\":\"2024-11-06T16:35:31.744375+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-06T16:35:31Z","timestamp":1730910931,"ip_dst":{"addr":"172.18.0.8","port":45936,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2024-11-06T16:35:31.806019+0000\",\"flow_id\":1238194424339383,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"212.117.184.188\",\"src_port\":443,\"dest_ip\":\"172.18.0.8\",\"dest_port\":45936,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=oontenrobe.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:AF:B2:03:39:F6:95:45:CF:2F:6A:B7:F3:2F:53:E6:7D\",\"fingerprint\":\"ea:b6:74:d5:d6:60:cf:b4:d7:b1:5d:cc:08:60:8f:74:a6:10:dd:ed\",\"sni\":\"oontenrobe.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-10-31T00:00:00\",\"notafter\":\"2025-01-29T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1329,\"bytes_toclient\":4011,\"start\":\"2024-11-06T16:35:31.744375+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-06T16:35:31Z","timestamp":1730910931,"ip_dst":{"addr":"172.18.0.8","port":45952,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"medium","alert":"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)","source":"{\"timestamp\":\"2024-11-06T16:35:31.810133+0000\",\"flow_id\":1785845704253475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"212.117.184.188\",\"src_port\":443,\"dest_ip\":\"172.18.0.8\",\"dest_port\":45952,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031230,\"rev\":1,\"signature\":\"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2020_11_23\"],\"updated_at\":[\"2020_11_23\"]}},\"tls\":{\"subject\":\"CN=oontenrobe.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:AF:B2:03:39:F6:95:45:CF:2F:6A:B7:F3:2F:53:E6:7D\",\"fingerprint\":\"ea:b6:74:d5:d6:60:cf:b4:d7:b1:5d:cc:08:60:8f:74:a6:10:dd:ed\",\"sni\":\"oontenrobe.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-10-31T00:00:00\",\"notafter\":\"2025-01-29T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1329,\"bytes_toclient\":4011,\"start\":\"2024-11-06T16:35:31.745507+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-06T16:35:31Z","timestamp":1730910931,"ip_dst":{"addr":"172.18.0.8","port":45952,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2024-11-06T16:35:31.810133+0000\",\"flow_id\":1785845704253475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"212.117.184.188\",\"src_port\":443,\"dest_ip\":\"172.18.0.8\",\"dest_port\":45952,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=oontenrobe.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:AF:B2:03:39:F6:95:45:CF:2F:6A:B7:F3:2F:53:E6:7D\",\"fingerprint\":\"ea:b6:74:d5:d6:60:cf:b4:d7:b1:5d:cc:08:60:8f:74:a6:10:dd:ed\",\"sni\":\"oontenrobe.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-10-31T00:00:00\",\"notafter\":\"2025-01-29T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1329,\"bytes_toclient\":4011,\"start\":\"2024-11-06T16:35:31.745507+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"cagrep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"wokoez.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"cagrep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"oontenrobe.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"oontenrobe.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rt.betulinherl.shop/ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","fqdn":"rt.betulinherl.shop","domain":"betulinherl.shop","tld":"shop"},"ip":{"addr":"23.109.170.66","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"74bcdb854ab16ca0977687a071ccface","sha1":"3fc98dccf6a4c618323aacd44660d0c32d1e9016","sha256":"f729e7b610069468cbe062a7821762c27a15271967ac88eae69a538d48c5a29b","sha512":"2bb5e903bc4e9992428b89e3186d32a214428964230340b4f7eb82f0b48284f336ce91f0f13ae99f7bb0bf65c713d3acfd27033f12a74f6067a64426f616c2e1","ssdeep":"","tlshash":"e9500000c000000cc0c0000c0000300000000c0000030c000000000000300003030000","size":8,"data":"","first_seen":"2023-03-07T01:10:08Z","last_seen":"2026-05-12T06:59:53.4981Z","times_seen":9786,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"cagrep.com/rpe?a=1\u0026s=1\u0026act=18\u0026src=2\u0026p=1010256\u0026st=1373924\u0026wd=655274\u0026d=uddeve.com\u0026tpl=78\u0026rnd=0.30502951346588836\u0026sbid=13371\u0026sbid2=intent%3A%2F%2Fuddeve.com%2Fplay-2_1","fqdn":"cagrep.com","domain":"cagrep.com","tld":"com"},"ip":{"addr":"185.162.85.1","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-11-06T16:35:30.553894299Z","timestamp":1730910930553,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /rpe?a=1\u0026s=1\u0026act=18\u0026src=2\u0026p=1010256\u0026st=1373924\u0026wd=655274\u0026d=uddeve.com\u0026tpl=78\u0026rnd=0.30502951346588836\u0026sbid=13371\u0026sbid2=intent%3A%2F%2Fuddeve.com%2Fplay-2_1 HTTP/1.1\r\nHost: cagrep.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uddeve.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uddeve.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Wed, 06 Nov 2024 16:35:30 GMT\r\ncontent-length: 0\r\naccept-ch: Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-12T09:03:06.503968Z","times_seen":15051144,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"cagrep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"wokoez.com/phtbload?a=1\u0026e=aeyJwaWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzR9","fqdn":"wokoez.com","domain":"wokoez.com","tld":"com"},"ip":{"addr":"185.162.85.3","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-11-06T16:35:30.60693468Z","timestamp":1730910930606,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /phtbload?a=1\u0026e=aeyJwaWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzR9 HTTP/1.1\r\nHost: wokoez.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://uddeve.com/\r\nOrigin: https://uddeve.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Wed, 06 Nov 2024 16:35:30 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2\r\naccess-control-allow-origin: *\r\naccept-ch: Sec-CH-UA-Platform-Version\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2,"size_decoded":2,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-05-12T09:02:45.081738Z","times_seen":267963,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"wokoez.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"cagrep.com/rpe?a=1\u0026s=1\u0026act=7\u0026src=2\u0026p=1010256\u0026st=1373924\u0026wd=655274\u0026d=uddeve.com\u0026tpl=78\u0026rnd=0.15802703187058975\u0026sbid=13371\u0026sbid2=intent%3A%2F%2Fuddeve.com%2Fplay-2_1","fqdn":"cagrep.com","domain":"cagrep.com","tld":"com"},"ip":{"addr":"185.162.85.1","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-11-06T16:35:30.67289201Z","timestamp":1730910930672,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /rpe?a=1\u0026s=1\u0026act=7\u0026src=2\u0026p=1010256\u0026st=1373924\u0026wd=655274\u0026d=uddeve.com\u0026tpl=78\u0026rnd=0.15802703187058975\u0026sbid=13371\u0026sbid2=intent%3A%2F%2Fuddeve.com%2Fplay-2_1 HTTP/1.1\r\nHost: cagrep.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uddeve.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uddeve.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Wed, 06 Nov 2024 16:35:30 GMT\r\ncontent-length: 0\r\naccept-ch: Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-12T09:03:06.503968Z","times_seen":15051144,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"cagrep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"iaqcfo.com/tb?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=","fqdn":"iaqcfo.com","domain":"iaqcfo.com","tld":"com"},"ip":{"addr":"138.68.123.185","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-06T16:35:30.717Z","timestamp":1730910930717,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"iaqcfo.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Sep 2024 22:03:24 GMT","end":"Wed, 18 Dec 2024 22:03:23 GMT"},"fingerprint":{"sha1":"2D:61:45:BB:2A:80:8F:69:98:D7:24:96:2E:E1:39:EE:31:5E:1A:31","sha256":"87:ED:B8:C5:6C:58:E2:D9:C4:D3:40:9B:18:E0:AC:03:D9:1F:CC:C1:5C:ED:BB:2E:FF:57:06:DE:9A:F6:FA:D5"}}},"request":{"raw":"GET /tb?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2=intent://uddeve.com/play-2_1?h=waWQiOjEwMTAyNTYsInNpZCI6MTM3MzkyNCwid2lkIjo2NTUyNzQsInNyYyI6Mn0=eyJ\u0026click_id=M7434184765546168352\u0026si1=13371\u0026si2= HTTP/1.1\r\nHost: iaqcfo.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uddeve.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.15.0\r\nDate: Wed, 06 Nov 2024 16:35:30 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: https://track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=\u0026campaign_id=\u0026country=\u0026browser=\u0026zone_id=\u0026creative_id=\u0026format=\u0026os=\u0026partner_id=1010256\u0026sub_period=\u0026cost=\u0026click_id=\r\nX-Zone: eu\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-12T09:03:06.503968Z","times_seen":15051144,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":108,"dns":0,"connect":31,"send":0,"wait":32,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=\u0026campaign_id=\u0026country=\u0026browser=\u0026zone_id=\u0026creative_id=\u0026format=\u0026os=\u0026partner_id=1010256\u0026sub_period=\u0026cost=\u0026click_id=","fqdn":"track.wbdpnz.com","domain":"wbdpnz.com","tld":"com"},"ip":{"addr":"143.204.55.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-06T16:35:30.861Z","timestamp":1730910930861,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"track.wbdpnz.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 17 Apr 2024 00:00:00 GMT","end":"Fri, 16 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"C8:81:F6:79:E2:7A:64:3E:95:34:AA:C4:2E:5E:20:88:55:9B:AB:7E","sha256":"F0:D6:B9:51:C7:A5:5E:AC:82:D3:C7:D6:BA:A3:3E:24:EC:58:58:26:28:11:21:95:FB:A0:1C:6A:09:28:2B:06"}}},"request":{"raw":"GET /0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=\u0026campaign_id=\u0026country=\u0026browser=\u0026zone_id=\u0026creative_id=\u0026format=\u0026os=\u0026partner_id=1010256\u0026sub_period=\u0026cost=\u0026click_id= HTTP/1.1\r\nHost: track.wbdpnz.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://uddeve.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-length: 0\r\nlocation: https://rt.betulinherl.shop/ifdMVSGIWM9dNH/WQQEB?param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635\r\ndate: Wed, 06 Nov 2024 16:35:31 GMT\r\nserver: nginx\r\ncache-control: no-store, no-cache, pre-check=0, post-check=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nset-cookie: 0f72aceb-1686-4bca-a918-ff82f889bf8f-v4=fxC2zKNAdjVxdDCbqPG8rNztTvLB1-ZdQh_ii7yY-Ko; Max-Age=86400; Expires=Thu, 07 Nov 2024 16:35:31 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None\ncc-v4=7c4PglG%2BlhhAUlXlLXWlbK7GN1KIC%2FMBmCSUzuScPqShYPnjZSW6LyUn1T6qpND0URT4htmfhwFIDwVvyITaqmEe7N1Lt3U0HwPACSBKFpJA83jDvX%2B99tgaIApgtAvlUHXEopC0kYin7Tq%2FXEtQHg%3D%3D; Max-Age=31536000; Expires=Thu, 06 Nov 2025 16:35:31 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: aGUvN5HDyUbM-KtkkhaWdZqY8oYQPsI-pq4Q8yaSBnDd3lv3pyhKPQ==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-12T09:03:06.503968Z","times_seen":15051144,"resource_available":true,"data":null}},"time_used":1149,"timings":{"blocked":556,"dns":1,"connect":1,"send":0,"wait":36,"receive":0,"ssl":552},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rt.betulinherl.shop/ifdMVSGIWM9dNH/WQQEB?param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","fqdn":"rt.betulinherl.shop","domain":"betulinherl.shop","tld":"shop"},"ip":{"addr":"23.109.170.66","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-06T16:35:31.460Z","timestamp":1730910931460,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rt.betulinherl.shop","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 30 Sep 2024 10:42:24 GMT","end":"Sun, 29 Dec 2024 10:42:23 GMT"},"fingerprint":{"sha1":"68:48:1A:9B:23:76:7A:E4:27:57:FC:A1:7D:31:88:DB:D1:3A:C9:00","sha256":"40:BC:D0:76:E3:F4:3B:F0:AE:32:CB:B2:C3:30:FA:4C:32:AB:69:43:96:6D:3D:03:C0:6F:F8:9D:E7:4A:2E:56"}}},"request":{"raw":"GET /ifdMVSGIWM9dNH/WQQEB?param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635 HTTP/1.1\r\nHost: rt.betulinherl.shop\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://uddeve.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:31 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nSet-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 07-Nov-2024 16:35:31 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Thu, 07-Nov-2024 16:35:31 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15190,"size_decoded":40062,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (39798)","md5":"94fd8b1b21335e169ee71d93dbb84b83","sha1":"d172b094d3e4dbe4fbeac38f26a6601685c959b0","sha256":"fd0a52e75884e37c26237308a41fd39bc5e12894942b1170feaa6685401b24e7","sha512":"f40879447a140451e3407f96f2ee9bedcef9ac1795242dd9edad9c3d5b12cb7e241ef438fef26b9a6f5db2585d56d47039e8a92a481b6fe04211caccc124f508","ssdeep":"768:vU5IGHAuIrzcBw9um6EHWVzKUdXOSfSx3PdAbjkJh5ZlcGfs40YJe4k0is/8:vU5ISmJ0acGC","tlshash":"6a03c7c5b7a170b843e551a1a23f911af23a68d814ee88f0c346f9503d7564af0feed9","first_seen":"2024-11-06T16:35:54.676709Z","last_seen":"2024-11-06T16:35:54.676709Z","times_seen":1,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":58,"dns":1,"connect":17,"send":0,"wait":43,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oontenrobe.top/cuid/?f=https%3A%2F%2Frt.betulinherl.shop","fqdn":"oontenrobe.top","domain":"oontenrobe.top","tld":"top"},"ip":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rt.betulinherl.shop/ifdMVSGIWM9dNH/WQQEB?param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","date":"2024-11-06T16:35:31.896Z","timestamp":1730910931896,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oontenrobe.top","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Wed, 29 Jan 2025 23:59:59 GMT"},"fingerprint":{"sha1":"EA:B6:74:D5:D6:60:CF:B4:D7:B1:5D:CC:08:60:8F:74:A6:10:DD:ED","sha256":"F0:70:07:00:76:26:06:8F:9E:EB:3D:58:07:C8:95:5A:C0:9E:E6:51:24:43:DE:74:22:FA:15:1C:2E:8F:8B:C9"}}},"request":{"raw":"OPTIONS /cuid/?f=https%3A%2F%2Frt.betulinherl.shop HTTP/1.1\r\nHost: oontenrobe.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://rt.betulinherl.shop/\r\nOrigin: https://rt.betulinherl.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:31 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://rt.betulinherl.shop\r\nAccess-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for\r\nAccess-Control-Max-Age: 600\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-12T09:03:06.503968Z","times_seen":15051144,"resource_available":true,"data":null}},"time_used":143,"timings":{"blocked":-1,"dns":1,"connect":19,"send":0,"wait":17,"receive":0,"ssl":89},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"oontenrobe.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rt.betulinherl.shop/favicon.ico","fqdn":"rt.betulinherl.shop","domain":"betulinherl.shop","tld":"shop"},"ip":{"addr":"23.109.170.66","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rt.betulinherl.shop/ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","date":"2024-11-06T16:35:32.092Z","timestamp":1730910932092,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rt.betulinherl.shop","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 30 Sep 2024 10:42:24 GMT","end":"Sun, 29 Dec 2024 10:42:23 GMT"},"fingerprint":{"sha1":"68:48:1A:9B:23:76:7A:E4:27:57:FC:A1:7D:31:88:DB:D1:3A:C9:00","sha256":"40:BC:D0:76:E3:F4:3B:F0:AE:32:CB:B2:C3:30:FA:4C:32:AB:69:43:96:6D:3D:03:C0:6F:F8:9D:E7:4A:2E:56"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rt.betulinherl.shop\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rt.betulinherl.shop/ifdMVSGIWM9dNH/WQQEB?param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635\r\nCookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:31 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1406\r\nLast-Modified: Wed, 06 Nov 2024 14:01:20 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"672b76b0-57e\"\r\nExpires: Thu, 07 Nov 2024 16:35:31 GMT\r\nCache-Control: max-age=86400\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1406,"size_decoded":1406,"mime_type":"application/octet-stream","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-05-12T08:28:36.123572Z","times_seen":20454,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oontenrobe.top/cuid/?f=https%3A%2F%2Frt.betulinherl.shop","fqdn":"oontenrobe.top","domain":"oontenrobe.top","tld":"top"},"ip":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rt.betulinherl.shop/ifdMVSGIWM9dNH/WQQEB?param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","date":"2024-11-06T16:35:31.896Z","timestamp":1730910931896,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oontenrobe.top","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Wed, 29 Jan 2025 23:59:59 GMT"},"fingerprint":{"sha1":"EA:B6:74:D5:D6:60:CF:B4:D7:B1:5D:CC:08:60:8F:74:A6:10:DD:ED","sha256":"F0:70:07:00:76:26:06:8F:9E:EB:3D:58:07:C8:95:5A:C0:9E:E6:51:24:43:DE:74:22:FA:15:1C:2E:8F:8B:C9"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Frt.betulinherl.shop HTTP/1.1\r\nHost: oontenrobe.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rt.betulinherl.shop/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://rt.betulinherl.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:31 GMT\r\nContent-Type: application/json\r\nContent-Length: 32\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://rt.betulinherl.shop\r\nAccess-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for\r\nAccess-Control-Max-Age: 600\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nSet-Cookie: a97fa794a0f9=675fc31dee23745f71e07d; expires=Sat, 16 Mar 2052 14:23:47 GMT; domain=oontenrobe.top; path=/; secure; SameSite=None\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32,"size_decoded":32,"mime_type":"application/json","magic":"JSON text data","md5":"d950633b8b136e928d7acc0304ead982","sha1":"8d194b2f12dc09477804c8237ab4150c39137dd8","sha256":"c3cc4761d4c18fee7683c1d2fdaee094d87018ab5d8d65826a4d5642f79f5023","sha512":"dc5b268d7b6475661a2d10f67f0184bf1641f9180cfd0c7acbcec8acfa2f3ab874e09f9420234b2ce09674963686e798b7eaf7d82aea1b071464ef1f922774d1","ssdeep":"","tlshash":"3c80003c22ea0ca22800a00888200233a30020a0b880008b08a8c282ca803c30a8b883","first_seen":"2024-11-06T16:35:54.679657Z","last_seen":"2024-11-06T16:35:54.679657Z","times_seen":1,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":-1,"dns":1,"connect":19,"send":0,"wait":17,"receive":0,"ssl":89},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-06","alert":"Sinkholed","trigger":"oontenrobe.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rt.betulinherl.shop/ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","fqdn":"rt.betulinherl.shop","domain":"betulinherl.shop","tld":"shop"},"ip":{"addr":"23.109.170.66","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-06T16:35:32.018Z","timestamp":1730910932018,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rt.betulinherl.shop","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 30 Sep 2024 10:42:24 GMT","end":"Sun, 29 Dec 2024 10:42:23 GMT"},"fingerprint":{"sha1":"68:48:1A:9B:23:76:7A:E4:27:57:FC:A1:7D:31:88:DB:D1:3A:C9:00","sha256":"40:BC:D0:76:E3:F4:3B:F0:AE:32:CB:B2:C3:30:FA:4C:32:AB:69:43:96:6D:3D:03:C0:6F:F8:9D:E7:4A:2E:56"}}},"request":{"raw":"GET /ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635 HTTP/1.1\r\nHost: rt.betulinherl.shop\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rt.betulinherl.shop/ifdMVSGIWM9dNH/WQQEB?param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635\r\nCookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:32 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":61,"size_decoded":52,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"86733bb66fb84b851592d733e51f0cbd","sha1":"42eaf19a5ca195667a9212b0ea3557eee76954a8","sha256":"927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d","sha512":"a8c4b7ea33487c8308d0700e573367d976b4a0407719089157679ebb8ce14168fb8825f798ac5aaa4b14892c5cc22a6468491fb776ab8b0dc29218628f1fcaa8","ssdeep":"","tlshash":"c99002d55c01c1289cf0094418e2b15c090886541806d48070c09db509503959c22585","first_seen":"2024-01-18T20:18:28Z","last_seen":"2026-05-12T06:59:53.495602Z","times_seen":10013,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rt.betulinherl.shop/favicon.ico","fqdn":"rt.betulinherl.shop","domain":"betulinherl.shop","tld":"shop"},"ip":{"addr":"23.109.170.66","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rt.betulinherl.shop/ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635","date":"2024-11-06T16:35:32.092Z","timestamp":1730910932092,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rt.betulinherl.shop","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 30 Sep 2024 10:42:24 GMT","end":"Sun, 29 Dec 2024 10:42:23 GMT"},"fingerprint":{"sha1":"68:48:1A:9B:23:76:7A:E4:27:57:FC:A1:7D:31:88:DB:D1:3A:C9:00","sha256":"40:BC:D0:76:E3:F4:3B:F0:AE:32:CB:B2:C3:30:FA:4C:32:AB:69:43:96:6D:3D:03:C0:6F:F8:9D:E7:4A:2E:56"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rt.betulinherl.shop\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rt.betulinherl.shop/ilcePgojeQuFhjNeariDdAp/102305/?md=eyJ0dmMiOjAsImEiOjE3ODQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vdWRkZXZlLmNvbS8iLCJxIjoiaHR0cHM6Ly9ydC5iZXR1bGluaGVybC5zaG9wL2lmZE1WU0dJV005ZE5IL1dRUUVCP3BhcmFtXzQ9JnBhcmFtXzU9d3AxcWg3bDF0dHM4OG9kNWpxdW5rNjM1IiwiaCI6MzUxNywibCI6ImVuLVVTIiwidCI6MCwieiI6MTkxMCwiayI6NCwidSI6IjY3NWZjMzFkZWUyMzc0NWY3MWUwN2QiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiNG9tZG5ncnN6aWxjNnEwIiwibyI6dHJ1ZSwibSI6MTczMDkxMDkzMTkzNSwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoidW5jaGVja2VkIiwidnIiOiJ1bmNoZWNrZWQiLCJhYyI6MTYsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6NjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ\u0026pdc=uPwVulxiRnQuf75wayzV*CRKXv3wx6yHLFDDIaf2NR0\u0026param_4=\u0026param_5=wp1qh7l1tts88od5jqunk635\r\nCookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 16:35:32 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1406\r\nLast-Modified: Wed, 06 Nov 2024 14:01:20 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"672b76b0-57e\"\r\nExpires: Thu, 07 Nov 2024 16:35:32 GMT\r\nCache-Control: max-age=86400\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1406,"size_decoded":1406,"mime_type":"application/octet-stream","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-05-12T08:28:36.123572Z","times_seen":20454,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}