{"report_id":"20e593a7-0293-4ac6-9b2d-c3aaf4e1ce92","version":6,"status":"done","tags":[],"date":"2025-10-12T22:02:00Z","url":{"schema":"http","addr":"litefuck.top/video/41","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":0,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"http","addr":"litefuck.top/video/41","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"title":"Sandra and her mom » Lite Fuck"},"submit":{"url":{"schema":"http","addr":"litefuck.top/video/41","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":0,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-16T22:02:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":10}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T22:01:34Z","timestamp":1760306494,"ip_dst":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.15","port":48852,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-12T22:01:34.480161+0000\",\"flow_id\":590932290234421,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":48852,\"dest_ip\":\"185.73.220.15\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"litefuck.top\",\"url\":\"/video/41\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1048},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":677,\"bytes_toclient\":5055,\"start\":\"2025-10-12T22:01:34.387125+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"na.nawpush.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"0hosta.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"storage.multstorage.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"03402681d5.37bf116186.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"js.wpadmngr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"js.capndr.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-08-30","domain_rank":156902,"first_seen":"2021-08-30T12:51:01Z","last_seen":"2025-10-06T19:28:17.438631Z","alert_count":2,"request_count":2,"received_data":98489,"sent_data":839,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"enrtx.com","ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-10-07","domain_rank":18023,"first_seen":"2024-11-04T09:19:58Z","last_seen":"2025-10-06T06:35:10.436767Z","alert_count":0,"request_count":1,"received_data":4922,"sent_data":486,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"03402681d5.37bf116186.com","ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2025-09-12","domain_rank":0,"first_seen":"2025-10-12T06:16:47.071625Z","last_seen":"2025-10-12T06:16:47.071625Z","alert_count":1,"request_count":1,"received_data":345,"sent_data":833,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"litefuck.top","ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"domain_registered":"2022-10-30","domain_rank":3872412,"first_seen":"2025-10-12T16:25:57.968364Z","last_seen":"2025-10-12T16:25:57.968364Z","alert_count":9,"request_count":7,"received_data":134503,"sent_data":2697,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"0hosta.top","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-02","domain_rank":0,"first_seen":"2025-10-11T13:39:24.68518Z","last_seen":"2025-10-11T13:39:24.68518Z","alert_count":2,"request_count":2,"received_data":1308916,"sent_data":871,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"storage.multstorage.com","ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2023-09-22","domain_rank":101055,"first_seen":"2023-09-22T12:56:00Z","last_seen":"2025-10-06T06:29:18.890107Z","alert_count":1,"request_count":1,"received_data":144,"sent_data":535,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]},{"fqdn":"fp.metricswpsh.com","ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-10-29","domain_rank":154722,"first_seen":"2022-04-22T11:20:32Z","last_seen":"2025-10-06T06:11:27.410987Z","alert_count":2,"request_count":2,"received_data":813,"sent_data":1044,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2025-10-05T22:27:08.603601Z","alert_count":0,"request_count":3,"received_data":6933,"sent_data":1786,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-10-05T22:12:06.373682Z","alert_count":0,"request_count":1,"received_data":1080,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"js.wpadmngr.com","ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-06-02","domain_rank":77954,"first_seen":"2021-06-02T14:43:46Z","last_seen":"2025-10-06T06:11:26.596228Z","alert_count":1,"request_count":1,"received_data":150040,"sent_data":419,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"na.nawpush.com","ip":{"addr":"45.133.44.24","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2020-12-21","domain_rank":175362,"first_seen":"2020-12-23T08:18:12Z","last_seen":"2025-10-06T06:11:27.457722Z","alert_count":1,"request_count":1,"received_data":1537,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"nereserv.com","ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2020-12-21","domain_rank":17097,"first_seen":"2020-12-21T11:07:56Z","last_seen":"2025-10-06T06:11:27.515689Z","alert_count":4,"request_count":2,"received_data":644,"sent_data":1104,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ntvpforever.com","ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-11-18","domain_rank":18811,"first_seen":"2021-11-19T01:49:18Z","last_seen":"2025-10-06T06:11:27.147081Z","alert_count":0,"request_count":2,"received_data":712,"sent_data":1021,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T22:01:34Z","timestamp":1760306494,"ip_dst":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.15","port":48852,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-12T22:01:34.480161+0000\",\"flow_id\":590932290234421,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":48852,\"dest_ip\":\"185.73.220.15\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"litefuck.top\",\"url\":\"/video/41\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1048},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":677,\"bytes_toclient\":5055,\"start\":\"2025-10-12T22:01:34.387125+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"litefuck.top/i/to_top.js","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0174e48bc02ddc90023a645329e8044c","sha1":"f6f36e3a761f366db527ff85656a70d9e36678d3","sha256":"86c82a3e451657cf46e1fc4bc8fc783367d098e6af2e1e2f1c43f88cfd640ebb","sha512":"1e7189ee1742c3f013b50a5740f2a9c3f4bf5379ad65742fc428e04eac53dd88f63cf73f507cf47270c7bb323057477737ac626e662b3f4baf4952030213de05","ssdeep":"","tlshash":"51d0a90cf088631001f93a3a463b02533a266ca6afc1098020e089b45a68a2a2e93404","size":196,"data":"","first_seen":"2023-11-22T00:51:21Z","last_seen":"2026-04-15T19:15:44.098763Z","times_seen":262,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/i/li.js","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"914e12e0167a770efecc51cece6029a2","sha1":"f1a77274994d6535fa6b900b8194f5f833e64383","sha256":"f4b0d5dedb7921f0561ba6b72c898ca542ad32fb583baa1606b0db3141116f74","sha512":"5400b7065356d1b8fdb695b30d9dd1501d3bc2d7c0c3b8738e030fb8b2a9b79b87e40ab6c111b3b085bc9b93eed46a13c2c3eb0d73e1ccd51f68f1fb8ea52ae7","ssdeep":"","tlshash":"bef02770590360a994a65877b8a485642abda1e16a417343614e263e2189fa1743e638","size":459,"data":"","first_seen":"2023-11-22T00:51:21Z","last_seen":"2026-04-15T19:15:44.091088Z","times_seen":259,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/i/jquery.js","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"e40ec2161fe7993196f23c8a07346306","sha1":"afb90752e0a90c24b7f724faca86c5f3d15d1178","sha256":"874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4","sha512":"5f57cc757fff0e9990a72e78f6373f0a24bce2edf3c4559f0b6fef3cf65edf932c0f3eca5a35511ea11eabc0a412f1c7563282ec76f6fa005cc59504417159eb","ssdeep":"1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh","tlshash":"db83d6d9b2c67062977730b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","size":84245,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-19T01:48:26.36613Z","times_seen":54723,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpadmngr.com/static/adManager.js","fqdn":"js.wpadmngr.com","domain":"wpadmngr.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a6276e2884d8f805a5b3e06b63e7e37","sha1":"17219ffc953e351c8d7b954451abf3812acb95c2","sha256":"44cdcafec7893d902a9cdaa568b666ab6be3badaf87ba9b6d007b78a7506daa8","sha512":"ef199641beccb089c5ad56c1d4507d22dc8b61bd295770777187c81b9733dc2fb8a0c7b49c8e6a7f1503cc4fde943eda25ed76d3317401f76c6e7d1ce4434387","ssdeep":"1536:Z2c1pgoXEMtQy9RixdpOkxQKf7YbK2Ec+tskajUOPVKIZujAB5R1HKvfVf3dnCjH:BRizplOK8mvDtsjbnujATLqs+da","tlshash":"a7e33ac9b2d2b07407e75099d43f1206f73a1a16b80c9058f6a6e9c17878ddb9237f7a","size":149652,"data":"","first_seen":"2025-10-07T15:30:22.84378Z","last_seen":"2025-10-13T11:27:49.855572Z","times_seen":269,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/popunder-admanager/build.m.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dbfce16599360aa674a0fb79a914bae","sha1":"2742d678b3094e79576457f1346abefcd4197246","sha256":"440f99137790a2e9c8096ddaf3dd29771daeca900d941af543c0189e52253f4b","sha512":"08bf90593bc959a1510ef3550d7294b13ee59cc2088751972d50058557cb24f1b3112bc8cee02a62480ac4e31cabdf2aaa8eb26ae1bd8b44386d2875582fff1f","ssdeep":"768:ubVWcprcLsdOKZlnsKVal8Ail58Jn62sIHfyH2Xq9qAkdq3KF9x81ohS/SOQdqFd:WkmOKbeA8JgWXivj3+kh","tlshash":"46a328cdb7c2b07042a7a4ba903f151ab33e29197849442cf965c9d138add4fa327f79","size":97702,"data":"","first_seen":"2025-10-06T10:23:12.433027Z","last_seen":"2025-10-17T08:59:14.342795Z","times_seen":330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"472503ac3e6a9dd02bc0c756705a33b2","sha1":"0e450c593d6f8c0de0358de74c1492b694e350c8","sha256":"7fe0b4e87d1c301cbefa51b409c146aa56ed142264e6c64009cbcae962bed43e","sha512":"dc224245a2ea122b360ff965c7e9a4fac59005c69dfcccaece6cab467ba7be721a7c581e7c9414313a005489aed5f9f75956b1a5b31a6983decae0d941e18d16","ssdeep":"","tlshash":"c2e0e74c550068c4d5f09551f3d5853403ca7313e141d3c67f851776168b9d3d47c13c","size":296,"data":"","first_seen":"2025-10-12T22:02:02.870909Z","last_seen":"2025-10-12T22:02:02.870909Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"na.nawpush.com/tags/205939?version_name=d\u0026domain=litefuck.top","fqdn":"na.nawpush.com","domain":"nawpush.com","tld":"com"},"ip":{"addr":"45.133.44.24","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"na.nawpush.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 02:32:20 GMT","end":"Thu, 18 Dec 2025 02:32:19 GMT"},"fingerprint":{"sha1":"38:85:B2:05:59:7D:15:16:9D:87:1B:83:46:10:68:2E:DC:7C:7A:D1","sha256":"FE:22:4E:C6:6F:85:46:CA:64:38:8F:48:77:17:E8:29:0E:7C:14:27:20:EA:A9:7B:CB:5E:49:87:A6:B0:60:2F"}}},"request":{"raw":"GET /tags/205939?version_name=d\u0026domain=litefuck.top HTTP/1.1\r\nHost: na.nawpush.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\ncontent-type: application/json\r\nserver: nginx/1.24.0\r\ncache-control: max-age=300, public\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1298,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"cbfcd486b0786fc559e21ea9e43f4e5d","sha1":"5e8f7eb2dc6ce50d79700908a2942e54e9619987","sha256":"32b541ac9b22d9cc3c971b7ec4dbf1c4767d9782878b3ad357f1ec3abe2812ae","sha512":"9e69953ee4083b224ea23984024801b957a1f5ff79996c83bc1f73bdadbb652efdc3ae739b67af1e01235c7d9d0f65c4050ae17f06625ecc0064957386ad57a3","ssdeep":"","tlshash":"9e2115ecd529dcf9c1c055ce45d93f8c0664327b70c86457f59c09ac15ce6661e2f14b","first_seen":"2025-05-22T06:14:24.332274Z","last_seen":"2026-01-19T17:21:01.845052Z","times_seen":148,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":89,"dns":59,"connect":19,"send":0,"wait":19,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"na.nawpush.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/favicon.ico","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.270Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: litefuck.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 41=1; visited=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Oct 2025 22:01:35 GMT\r\nContent-Type: image/x-icon\r\nLast-Modified: Wed, 27 Nov 2019 20:35:50 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"5ddede26-627e\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25214,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel","md5":"0c424fe8d592b3227e668c8dd97231c2","sha1":"aea97b3cdbee7be1de91ad9495c3e52cea0b841b","sha256":"8b258546e3e4a0317fde5e5df23a5f6ce315bd0dea3f88f436b8df75f5a83b47","sha512":"cd42ca7a475861abd9b9b52553668069c9cc5479076c1511e74a544486edb826541fbb44aded361d25038c0f2ec3815406eadf1bc0ec1846e69f361154b4fd11","ssdeep":"384:kPU2DQg/H/drpImSIRDMJ1ueztuuuue2Puuuueuuuuuuub7uuuuuxuuuxlukqYit:y/XpYlBUne3LKkUqsY/tTxp8","tlshash":"fab23e102e30bc06c40596b684e7c67b1728ed1b58929d6f1ae07f0f353aad1e877f96","first_seen":"2023-05-24T04:47:48Z","last_seen":"2026-04-15T19:15:44.10387Z","times_seen":388,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=f55b65f3-9df2-4698-9a0d-c28cd0173db8\u0026subid=1087087885\u0026spot_id=839096\u0026created_at=2025-10-12\u0026timezone=0\u0026ver=1.168.23","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:36.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 02:36:27 GMT","end":"Tue, 25 Nov 2025 02:36:26 GMT"},"fingerprint":{"sha1":"64:AC:96:73:4F:92:FF:85:D0:1E:15:16:DA:B2:A2:8F:FA:02:1D:05","sha256":"1B:3E:09:8B:67:DE:C9:73:00:B7:68:C4:8A:D7:17:4D:D5:19:A0:85:23:3B:65:9C:31:C6:FB:A5:8E:BA:22:83"}}},"request":{"raw":"GET /in/dip?event_id=f55b65f3-9df2-4698-9a0d-c28cd0173db8\u0026subid=1087087885\u0026spot_id=839096\u0026created_at=2025-10-12\u0026timezone=0\u0026ver=1.168.23 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sun, 12 Oct 2025 22:01:36 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0hosta.top/i/logo/litefuck.top.png","fqdn":"0hosta.top","domain":"0hosta.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0hosta.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 20:18:56 GMT","end":"Wed, 31 Dec 2025 21:02:18 GMT"},"fingerprint":{"sha1":"04:31:3C:05:ED:82:11:51:EB:D0:75:F7:75:BF:C2:9F:38:45:F7:A5","sha256":"B5:C4:48:A3:38:91:0C:00:51:D1:66:CF:0E:04:65:CF:DB:BE:14:15:44:45:F5:E3:6D:00:AA:D8:20:4C:FA:F4"}}},"request":{"raw":"GET /i/logo/litefuck.top.png HTTP/1.1\r\nHost: 0hosta.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 22:01:34 GMT\r\ncontent-type: image/png\r\ncontent-length: 34414\r\nserver: cloudflare\r\nlast-modified: Fri, 25 Oct 2024 13:40:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"671b9fb8-866e\"\r\naccept-ranges: bytes\r\nage: 690\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FjdrppIK8T9Ug%2FEHcDKmvHPK6iSaaaGuleNUKzVmWTpywaGnb7lThit%2FarysRkZBMjHhhDUnJ2SKnW3IGXsyPmTkef2r%2Fz1a\"}]}\r\ncf-ray: 98d9e06939b00b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34414,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 446 x 160, 8-bit/color RGBA, non-interlaced","md5":"ea9532de92b543d5ca92063b405ebf85","sha1":"63736fb9aae142b3ca2501d512f37c1bb67f1cd4","sha256":"ad8401c6615c5ab181132760b4476e0d5af35ec33f7330261261518262506254","sha512":"c21e540209c6ffd5e621e5f3b2c4dd528799d17da2766f02f3a0293e784a94ac6631b5e981b142f2b663130e9485cf6d64718f6f41e07bda721f47cb35a3c719","ssdeep":"768:k1qR5ob5QVA5Rq4AXE+Sih03L8jpDe44DhMgNRGwNznNMaZmeY0d6fNANuT3:k1EYNi++Si5jFD4GezrbY0d6fNZ","tlshash":"c1f2e192beac2ae21037da26d68431b5c9fded5b2e4dce3850a3b2c905c4fd4542539c","first_seen":"2025-10-12T16:26:01.393549Z","last_seen":"2025-11-30T06:16:29.701582Z","times_seen":11,"resource_available":false,"data":null}},"time_used":661,"timings":{"blocked":316,"dns":33,"connect":1,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"0hosta.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/i/li.js","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.602Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /i/li.js HTTP/1.1\r\nHost: litefuck.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 41=1; visited=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Oct 2025 22:01:34 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Fri, 10 Jan 2025 13:48:55 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"67812547-1cb\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":459,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (399), with CRLF line terminators","md5":"914e12e0167a770efecc51cece6029a2","sha1":"f1a77274994d6535fa6b900b8194f5f833e64383","sha256":"f4b0d5dedb7921f0561ba6b72c898ca542ad32fb583baa1606b0db3141116f74","sha512":"5400b7065356d1b8fdb695b30d9dd1501d3bc2d7c0c3b8738e030fb8b2a9b79b87e40ab6c111b3b085bc9b93eed46a13c2c3eb0d73e1ccd51f68f1fb8ea52ae7","ssdeep":"","tlshash":"bef02770590360a994a65877b8a485642abda1e16a417343614e263e2189fa1743e638","first_seen":"2023-11-22T00:51:21Z","last_seen":"2026-04-15T19:15:44.091088Z","times_seen":259,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":8,"dns":1,"connect":30,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"storage.multstorage.com/log/count.html","fqdn":"storage.multstorage.com","domain":"multstorage.com","tld":"com"},"ip":{"addr":"76.223.26.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.multstorage.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Sep 2025 02:54:50 GMT","end":"Mon, 22 Dec 2025 02:54:49 GMT"},"fingerprint":{"sha1":"A7:F0:92:B0:60:17:0F:89:16:0D:51:27:DB:FE:C6:A0:D9:39:15:0F","sha256":"D8:BB:7C:8D:91:E4:6A:95:F9:86:5F:70:CE:DE:E9:AA:14:7C:0B:84:56:FC:96:09:E6:62:FD:5E:68:8E:E2:11"}}},"request":{"raw":"GET /log/count.html HTTP/1.1\r\nHost: storage.multstorage.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 410 Gone\r\nalt-svc: h3=\":50944\"; ma=2592000\r\nserver: Caddy\r\ncontent-length: 0\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"410","status_text":"Gone","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":86,"dns":26,"connect":1,"send":0,"wait":20,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"storage.multstorage.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 02:36:27 GMT","end":"Tue, 25 Nov 2025 02:36:26 GMT"},"fingerprint":{"sha1":"64:AC:96:73:4F:92:FF:85:D0:1E:15:16:DA:B2:A2:8F:FA:02:1D:05","sha256":"1B:3E:09:8B:67:DE:C9:73:00:B7:68:C4:8A:D7:17:4D:D5:19:A0:85:23:3B:65:9C:31:C6:FB:A5:8E:BA:22:83"}}},"request":{"raw":"OPTIONS /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: http://litefuck.top/\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.24.0\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":201,"timings":{"blocked":82,"dns":22,"connect":27,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=205939","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Fri, 15 Aug 2025 02:47:45 GMT","end":"Thu, 13 Nov 2025 02:47:44 GMT"},"fingerprint":{"sha1":"F4:AD:2A:0D:F1:0A:AB:04:F2:6F:6F:72:39:99:7F:4B:E4:5B:2E:4C","sha256":"12:8C:54:04:9B:26:0A:7E:35:D0:23:72:4F:A8:FC:52:77:D0:9D:FA:F5:AC:FE:2F:D2:49:97:F4:24:B6:72:0A"}}},"request":{"raw":"OPTIONS /fp?tag_id=205939 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: http://litefuck.top/\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.20.1\r\nDate: Sun, 12 Oct 2025 22:01:35 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type\r\nAccess-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nAccess-Control-Allow-Origin: http://litefuck.top\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":192,"timings":{"blocked":82,"dns":1,"connect":25,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/i/to_top.js","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.596Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /i/to_top.js HTTP/1.1\r\nHost: litefuck.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 41=1; visited=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Oct 2025 22:01:34 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Mon, 23 Oct 2023 04:48:07 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"6535fb07-c4\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":196,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with no line terminators","md5":"0174e48bc02ddc90023a645329e8044c","sha1":"f6f36e3a761f366db527ff85656a70d9e36678d3","sha256":"86c82a3e451657cf46e1fc4bc8fc783367d098e6af2e1e2f1c43f88cfd640ebb","sha512":"1e7189ee1742c3f013b50a5740f2a9c3f4bf5379ad65742fc428e04eac53dd88f63cf73f507cf47270c7bb323057477737ac626e662b3f4baf4952030213de05","ssdeep":"","tlshash":"51d0a90cf088631001f93a3a463b02533a266ca6afc1098020e089b45a68a2a2e93404","first_seen":"2023-11-22T00:51:21Z","last_seen":"2026-04-15T19:15:44.098763Z","times_seen":262,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":35,"dns":1,"connect":33,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0hosta.top/i/players/11.gif","fqdn":"0hosta.top","domain":"0hosta.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0hosta.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 20:18:56 GMT","end":"Wed, 31 Dec 2025 21:02:18 GMT"},"fingerprint":{"sha1":"04:31:3C:05:ED:82:11:51:EB:D0:75:F7:75:BF:C2:9F:38:45:F7:A5","sha256":"B5:C4:48:A3:38:91:0C:00:51:D1:66:CF:0E:04:65:CF:DB:BE:14:15:44:45:F5:E3:6D:00:AA:D8:20:4C:FA:F4"}}},"request":{"raw":"GET /i/players/11.gif HTTP/1.1\r\nHost: 0hosta.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 22:01:34 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1273171\r\nserver: cloudflare\r\nlast-modified: Fri, 11 Aug 2023 09:06:04 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"64d5f9fc-136d53\"\r\naccept-ranges: bytes\r\nage: 5586\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kDU3ftg08mrVwyvOj%2BB6Cc1F0Vui8hh7UOh26ht0I8X%2BavLE3SkiHh7FWrSsFY8dUG%2Boa5KoxHj47Aqkc5HoV1NT3xGcbFxA\"}]}\r\ncf-ray: 98d9e06939b50b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1273171,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 600 x 338","md5":"108701246a65b8722b70a0da5d66d15d","sha1":"d1a3bb06c58c1abf730e5cfde92dc4c5da3f27f0","sha256":"9bb9ca515e6baac201bf8601681b24f23e494b105bb4f83c5e3622cf8f38d791","sha512":"f095950d930fb86634e281c2021756917e534fcc8ffefef6215f61b4e13024eeb5c523955374356499967893d2481a65d531364729ecc71aae8ddef63542da0f","ssdeep":"24576:HOkX2Elyh/BRbemWnj7g6O4FflQZfk9j9jJfx6:NXah/H0j7zO4FflSfk9BNJ6","tlshash":"fc2501ee8f27058144f0c7a64d6e8b30d877d868b1693e3a98b870166d7237f6e1c953","first_seen":"2025-10-12T09:51:40.2027Z","last_seen":"2025-10-27T12:16:15.747999Z","times_seen":9,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":316,"dns":0,"connect":0,"send":0,"wait":11,"receive":107,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"0hosta.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/advertising.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.capndr.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 02:32:40 GMT","end":"Wed, 12 Nov 2025 02:32:39 GMT"},"fingerprint":{"sha1":"29:AD:62:97:FC:BB:60:DB:88:37:9C:81:9B:75:1A:F9:A2:C2:D0:62","sha256":"D8:5B:F4:35:C6:F5:9C:AE:95:BB:5C:A9:3E:61:B6:13:E7:D6:E5:E3:64:B9:D8:A2:F0:28:B8:1C:F9:65:27:3A"}}},"request":{"raw":"GET /advertising.js HTTP/1.1\r\nHost: js.capndr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nlast-modified: Fri, 14 Jul 2023 08:23:25 GMT\r\netag: \"64b105fd-0\"\r\nexpires: Sun, 12 Oct 2025 22:06:35 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1747\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":58,"dns":13,"connect":21,"send":0,"wait":22,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=205939","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Fri, 15 Aug 2025 02:47:45 GMT","end":"Thu, 13 Nov 2025 02:47:44 GMT"},"fingerprint":{"sha1":"F4:AD:2A:0D:F1:0A:AB:04:F2:6F:6F:72:39:99:7F:4B:E4:5B:2E:4C","sha256":"12:8C:54:04:9B:26:0A:7E:35:D0:23:72:4F:A8:FC:52:77:D0:9D:FA:F5:AC:FE:2F:D2:49:97:F4:24:B6:72:0A"}}},"request":{"raw":"POST /fp?tag_id=205939 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 1972\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 12 Oct 2025 22:01:35 GMT\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 58\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: http://litefuck.top\r\nSet-Cookie: id=10416636606298336477; Expires=Mon, 12 Oct 2026 22:01:35 GMT; Secure; SameSite=None\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c4efc1d6d16235d9433cd2565d887460","sha1":"22d069a5f536640e46122475c79db933e82d7f2e","sha256":"f0a6b8c736b7d8c5d3304a9ccd10d2114a0f25f2ba946cce62204df3384a131f","sha512":"af1cfe529f3173efdc7f4aff67355529095e775d8edb38d8a7c9565e09807aff470a465ffdf89ef6555f06cc88efa675823becc942896c63fa64a3140858f539","ssdeep":"","tlshash":"5ba00294c5c00e3c80200c3a73cf901628e4d304120217880ca66b5108822abe333c91","first_seen":"2025-07-26T17:44:43.174102Z","last_seen":"2026-04-19T01:23:10.688117Z","times_seen":6280,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":1,"connect":31,"send":0,"wait":26,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:42:48 GMT","end":"Mon, 15 Dec 2025 08:42:47 GMT"},"fingerprint":{"sha1":"B8:19:CD:6B:C9:17:D6:19:47:43:3F:1E:4F:ED:FC:03:B7:CA:02:F6","sha256":"B2:36:8A:F6:ED:83:58:AB:24:95:A4:DA:77:3B:10:3C:CB:CB:99:B1:2A:25:1B:AB:51:A5:E7:2A:DD:6F:68:D6"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:65jBKKlUN7Zrs2sFLnuf9oTxHwpeeA:bhBgbp1_-OP8sOyh; Expires=Tue, 12-Oct-2027 22:01:35 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-988023688:1760306495937204\u0026ifkv=AfYwgwVFaiJhwUOi_dgS1lp63IyFIwAFSJr_Uj6Iz0ax1o5Z3Ja-CyVrDtRe99Jpfc8GBY0y8X8H2A\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-wXq7F7T-cBMroC9ngyHi2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\ncross-origin-opener-policy: unsafe-none\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-resource-policy: cross-origin\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":231,"timings":{"blocked":96,"dns":0,"connect":28,"send":0,"wait":37,"receive":1,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-988023688:1760306495937204\u0026ifkv=AfYwgwVFaiJhwUOi_dgS1lp63IyFIwAFSJr_Uj6Iz0ax1o5Z3Ja-CyVrDtRe99Jpfc8GBY0y8X8H2A","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:42:48 GMT","end":"Mon, 15 Dec 2025 08:42:47 GMT"},"fingerprint":{"sha1":"B8:19:CD:6B:C9:17:D6:19:47:43:3F:1E:4F:ED:FC:03:B7:CA:02:F6","sha256":"B2:36:8A:F6:ED:83:58:AB:24:95:A4:DA:77:3B:10:3C:CB:CB:99:B1:2A:25:1B:AB:51:A5:E7:2A:DD:6F:68:D6"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-988023688:1760306495937204\u0026ifkv=AfYwgwVFaiJhwUOi_dgS1lp63IyFIwAFSJr_Uj6Iz0ax1o5Z3Ja-CyVrDtRe99Jpfc8GBY0y8X8H2A HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:f-brdX6nB9VrChhMlqsE218yW-PqOg:g7blpeUZvoRwMYga;Path=/;Expires=Tue, 12-Oct-2027 22:01:35 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-988023688%3A1760306495937204\u0026hl=en\u0026ifkv=AfYwgwXt-x4GDUgvDnDchjJnGbKolq1qUnGo94RgqgS2KRBZaZNSQSHEE_4zpmlFrO5wPB71ga2xBA\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-FRMv1SEKjAKx28U-rg6sQw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 420\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-988023688%3A1760306495937204\u0026hl=en\u0026ifkv=AfYwgwXt-x4GDUgvDnDchjJnGbKolq1qUnGo94RgqgS2KRBZaZNSQSHEE_4zpmlFrO5wPB71ga2xBA\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:36.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:42:48 GMT","end":"Mon, 15 Dec 2025 08:42:47 GMT"},"fingerprint":{"sha1":"B8:19:CD:6B:C9:17:D6:19:47:43:3F:1E:4F:ED:FC:03:B7:CA:02:F6","sha256":"B2:36:8A:F6:ED:83:58:AB:24:95:A4:DA:77:3B:10:3C:CB:CB:99:B1:2A:25:1B:AB:51:A5:E7:2A:DD:6F:68:D6"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-988023688%3A1760306495937204\u0026hl=en\u0026ifkv=AfYwgwXt-x4GDUgvDnDchjJnGbKolq1qUnGo94RgqgS2KRBZaZNSQSHEE_4zpmlFrO5wPB71ga2xBA\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sun, 12 Oct 2025 22:01:36 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-vaDwZiUgKSq_zgGWbz9C0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.BI5tr39CAHY.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"enrtx.com/get/","fqdn":"enrtx.com","domain":"enrtx.com","tld":"com"},"ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:36.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"popunder-base.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 07:32:10 GMT","end":"Thu, 04 Dec 2025 07:32:09 GMT"},"fingerprint":{"sha1":"50:EA:C1:7E:9B:20:00:A4:62:CE:FD:F9:FD:D2:E9:BE:77:FE:08:47","sha256":"81:9C:C4:CA:23:66:01:BB:6E:7A:21:04:B3:6B:69:EF:E7:F2:C5:8D:CB:6E:F7:3D:A2:3C:90:1F:BE:0B:6F:48"}}},"request":{"raw":"POST /get/ HTTP/1.1\r\nHost: enrtx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1840\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sun, 12 Oct 2025 22:01:36 GMT\r\ncontent-type: application/json\r\ncontent-length: 1519\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4543,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"894883da0143dca00e63255e53f6a7e8","sha1":"ca7e1e59358aa1e1abb618fd4b452593b953797d","sha256":"8dfaad9552c2abee0e12a179f27d1404d0426a52c1e0b3295391f956a171efc4","sha512":"f3aa9bb9c3e7067e9d3079791802169ca60c57d279eb14ce4b33a8f71100aa5470e16260b41191bb538dc5b503439db83443b4851adffa6fe333cf7842f7869a","ssdeep":"96:zKLl6T+wrRuFhVI7oL8Pbk3Y3y+1wmpQLl6T+wrRuFhE8Pbk3Y3y+1wmQXdCQ:uE+wNuv67oLibk3Yi/FE+wNuvEibk3Yu","tlshash":"a1911b846963fdb100c5f162e00193661fc5a56acee95d7eedf683329d803b021dbe0e","first_seen":"2025-10-12T22:02:02.671214Z","last_seen":"2025-10-12T22:02:02.671214Z","times_seen":1,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":95,"dns":14,"connect":24,"send":0,"wait":236,"receive":1,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"litefuck.top/video/41","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T22:01:34.287Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /video/41 HTTP/1.1\r\nHost: litefuck.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":0,"dns":1,"connect":30,"send":0,"wait":0,"receive":0,"ssl":36},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T22:01:34Z","timestamp":1760306494,"ip_dst":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.15","port":48852,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-12T22:01:34.480161+0000\",\"flow_id\":590932290234421,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":48852,\"dest_ip\":\"185.73.220.15\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"litefuck.top\",\"url\":\"/video/41\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1048},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":677,\"bytes_toclient\":5055,\"start\":\"2025-10-12T22:01:34.387125+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/i/jquery.js","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.594Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /i/jquery.js HTTP/1.1\r\nHost: litefuck.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 41=1; visited=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Oct 2025 22:01:34 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Sun, 19 Jan 2020 21:38:49 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"5e24cc69-14915\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84245,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32061)","md5":"e40ec2161fe7993196f23c8a07346306","sha1":"afb90752e0a90c24b7f724faca86c5f3d15d1178","sha256":"874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4","sha512":"5f57cc757fff0e9990a72e78f6373f0a24bce2edf3c4559f0b6fef3cf65edf932c0f3eca5a35511ea11eabc0a412f1c7563282ec76f6fa005cc59504417159eb","ssdeep":"1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh","tlshash":"db83d6d9b2c67062977730b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-19T01:48:26.36613Z","times_seen":54723,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/i/page_top.png","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.604Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /i/page_top.png HTTP/1.1\r\nHost: litefuck.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 41=1; visited=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Oct 2025 22:01:34 GMT\r\nContent-Type: image/png\r\nContent-Length: 1704\r\nLast-Modified: Sun, 08 Dec 2019 19:15:45 GMT\r\nConnection: keep-alive\r\nETag: \"5ded4be1-6a8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1704,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"7781586db71c65cb8b670848b05ddb12","sha1":"59427673a7d03bb7c08080c49d4606d5608d2213","sha256":"785e372d3cfba72ce672720f766915972feffa0a093473e6d85b80b5885c1af2","sha512":"1df11dfc13dddf4ac479c2ccec5352fd4bbdd1d08278fb71ad9c98defe3cfecc3ae5ceac148d56f25b8dac557f8b0215ae1788079ff87421e5aeb4ba03c07722","ssdeep":"","tlshash":"0331fdf7bed07d3088d29996991a2701f50478a11b6c2bf5766c416034d07901f7a6ed","first_seen":"2023-05-24T04:47:48Z","last_seen":"2026-04-15T19:15:44.093255Z","times_seen":267,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":128,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"03402681d5.37bf116186.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTY5NDE1ODIxNDAxNDMzNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjM4LjUiLCJ0YWdfaWQiOjIwNTkzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjMxLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9","fqdn":"03402681d5.37bf116186.com","domain":"37bf116186.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"03402681d5.37bf116186.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 02:48:10 GMT","end":"Wed, 07 Jan 2026 02:48:09 GMT"},"fingerprint":{"sha1":"7A:5E:42:20:1D:8F:D8:E3:65:CB:DC:A3:93:13:70:FD:FE:92:EB:02","sha256":"FA:6F:1F:9F:39:11:BB:EB:F2:39:AA:20:E4:50:CC:63:DC:AD:64:2E:1C:D6:72:7F:F9:B4:88:6E:D3:7E:57:59"}}},"request":{"raw":"GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTY5NDE1ODIxNDAxNDMzNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjM4LjUiLCJ0YWdfaWQiOjIwNTkzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjMxLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1\r\nHost: 03402681d5.37bf116186.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nx-cdn-host-id: AH1747\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":237,"timings":{"blocked":89,"dns":40,"connect":24,"send":0,"wait":50,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"03402681d5.37bf116186.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/popunder-admanager/build.m.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.capndr.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 02:32:40 GMT","end":"Wed, 12 Nov 2025 02:32:39 GMT"},"fingerprint":{"sha1":"29:AD:62:97:FC:BB:60:DB:88:37:9C:81:9B:75:1A:F9:A2:C2:D0:62","sha256":"D8:5B:F4:35:C6:F5:9C:AE:95:BB:5C:A9:3E:61:B6:13:E7:D6:E5:E3:64:B9:D8:A2:F0:28:B8:1C:F9:65:27:3A"}}},"request":{"raw":"GET /popunder-admanager/build.m.js HTTP/1.1\r\nHost: js.capndr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Mon, 06 Oct 2025 08:24:49 GMT\r\netag: W/\"68e37cd1-17da6\"\r\ncontent-encoding: gzip\r\nexpires: Sun, 12 Oct 2025 22:06:35 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1747\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":97702,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6dbfce16599360aa674a0fb79a914bae","sha1":"2742d678b3094e79576457f1346abefcd4197246","sha256":"440f99137790a2e9c8096ddaf3dd29771daeca900d941af543c0189e52253f4b","sha512":"08bf90593bc959a1510ef3550d7294b13ee59cc2088751972d50058557cb24f1b3112bc8cee02a62480ac4e31cabdf2aaa8eb26ae1bd8b44386d2875582fff1f","ssdeep":"768:ubVWcprcLsdOKZlnsKVal8Ail58Jn62sIHfyH2Xq9qAkdq3KF9x81ohS/SOQdqFd:WkmOKbeA8JgWXivj3+kh","tlshash":"46a328cdb7c2b07042a7a4ba903f151ab33e29197849442cf965c9d138add4fa327f79","first_seen":"2025-10-06T10:23:12.433027Z","last_seen":"2025-10-17T08:59:14.342795Z","times_seen":330,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 02:36:27 GMT","end":"Tue, 25 Nov 2025 02:36:26 GMT"},"fingerprint":{"sha1":"64:AC:96:73:4F:92:FF:85:D0:1E:15:16:DA:B2:A2:8F:FA:02:1D:05","sha256":"1B:3E:09:8B:67:DE:C9:73:00:B7:68:C4:8A:D7:17:4D:D5:19:A0:85:23:3B:65:9C:31:C6:FB:A5:8E:BA:22:83"}}},"request":{"raw":"POST /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 184\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\ncontent-type: application/json\r\ncontent-length: 46\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1f84e91bfffb40ffd5dca4fec4ecefac","sha1":"e26b1e81382751f2455c21b9247777a827f0b03c","sha256":"e48df70b850fd297d4d3cdba03f3c58df937ad44303b724887e506e3f676d809","sha512":"ae08af88b1b8775089d6d8db19314b02b63617599d7de90deea54c51bc33f63862c1c8d49583d4b0be75534c3fc9f23397fb927106673b23bd464e660d9fd91a","ssdeep":"","tlshash":"4e90041c714d040f0cdddc413513c751141d510104557cdd5cd3f05057d054074cc5cd","first_seen":"2025-10-12T22:02:02.803067Z","last_seen":"2025-10-12T22:02:02.803067Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=f55b65f3-9df2-4698-9a0d-c28cd0173db8\u0026subid=1087087885\u0026spot_id=839096\u0026created_at=2025-10-12\u0026timezone=0\u0026ver=1.168.23","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:35.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 02:36:27 GMT","end":"Tue, 25 Nov 2025 02:36:26 GMT"},"fingerprint":{"sha1":"64:AC:96:73:4F:92:FF:85:D0:1E:15:16:DA:B2:A2:8F:FA:02:1D:05","sha256":"1B:3E:09:8B:67:DE:C9:73:00:B7:68:C4:8A:D7:17:4D:D5:19:A0:85:23:3B:65:9C:31:C6:FB:A5:8E:BA:22:83"}}},"request":{"raw":"GET /in/dip?event_id=f55b65f3-9df2-4698-9a0d-c28cd0173db8\u0026subid=1087087885\u0026spot_id=839096\u0026created_at=2025-10-12\u0026timezone=0\u0026ver=1.168.23 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nOrigin: http://litefuck.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sun, 12 Oct 2025 22:01:35 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T02:23:19.368905Z","times_seen":13918819,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":33,"dns":0,"connect":0,"send":0,"wait":47,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"litefuck.top/video/41","fqdn":"litefuck.top","domain":"litefuck.top","tld":"top"},"ip":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T22:01:34.390Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /video/41 HTTP/1.1\r\nHost: litefuck.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sun, 12 Oct 2025 22:01:34 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 4251\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.4.33\r\nSet-Cookie: 41=1; expires=Sun, 12-Oct-2025 22:09:54 GMT; Max-Age=500; path=/\nvisited=1; expires=Mon, 13-Oct-2025 04:01:34 GMT; Max-Age=21600; path=/\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":20974,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (20974), with no line terminators","md5":"cd560a531eba9b9ea0e39f3f14780111","sha1":"4b15b9df0822d5fd1ed7b56a31f290769645cc80","sha256":"65ec6fa014e3c8371cc2c3d4309d84176e5022557ae5b7c903e833691188b942","sha512":"9f1c3af8b30ef91a1d26f9797e2478a66b67f5b4189b980f3d8b1c6e8ac732b121966721dcbe511037d9bf063b866a2f340c8c26d3819236e1f7b39927901039","ssdeep":"384:SQTanXCfw1MkgHp766H8XyAYRirjR2FId5YRe:HKLsZe","tlshash":"50925271c2c014bf443f47da7aa5baa0f9a24379d7a71b81f9f184f18b97ea494004ed","first_seen":"2025-10-12T22:02:02.84005Z","last_seen":"2025-10-12T22:02:02.84005Z","times_seen":1,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":40,"dns":1,"connect":43,"send":0,"wait":50,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T22:01:34Z","timestamp":1760306494,"ip_dst":{"addr":"185.73.220.15","port":80,"asn":32338,"as":"HOSTISERVER","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.15","port":48852,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-10-12T22:01:34.480161+0000\",\"flow_id\":590932290234421,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":48852,\"dest_ip\":\"185.73.220.15\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"litefuck.top\",\"url\":\"/video/41\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1048},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":677,\"bytes_toclient\":5055,\"start\":\"2025-10-12T22:01:34.387125+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"litefuck.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Fredoka+One","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"04:E6:D3:58:E3:A1:E3:05:2B:C3:56:5D:68:BB:1B:0A:08:C6:E3:FB","sha256":"25:4C:B3:A3:9A:E1:D7:FD:25:B6:BF:E9:AA:97:95:20:5D:F2:15:EA:41:46:B6:6B:01:17:19:26:EC:EF:D3:CA"}}},"request":{"raw":"GET /css?family=Fredoka+One HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 12 Oct 2025 22:01:34 GMT\r\ndate: Sun, 12 Oct 2025 22:01:34 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":394,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"0e7fe1c6c350b42bce285e97811326f1","sha1":"c20f7e72dfdcc15a52c6dcf23801fe081928f39b","sha256":"eab3508878149c5d8e1503f6ec6d573dc8c16c169bfaf9eb73518d08de6d26a4","sha512":"1b131997c2f33a796ac759e9d6db128f874a6671853de4aca33c83782437aa3bcc668d1434e030212c3d6fe2e1cb58fdf57c3688234a1c308233d9697fd1f0b1","ssdeep":"","tlshash":"7ae06882087ee940e3d32cc212cd3a31ee0ea0956840a825d6fe14dcfc91c626393b1e","first_seen":"2025-09-21T02:33:29.928434Z","last_seen":"2026-04-17T12:18:09.990316Z","times_seen":138,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":102,"dns":0,"connect":20,"send":0,"wait":32,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpadmngr.com/static/adManager.js","fqdn":"js.wpadmngr.com","domain":"wpadmngr.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://litefuck.top/video/41","date":"2025-10-12T22:01:34.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.wpadmngr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 03:32:10 GMT","end":"Mon, 01 Dec 2025 03:32:09 GMT"},"fingerprint":{"sha1":"A8:B8:5C:A8:67:08:FB:6F:5B:FE:20:D6:BB:7A:04:B0:B2:1A:BE:F7","sha256":"03:91:48:19:1B:C5:3E:CF:59:DE:C7:39:A3:C0:C3:E0:BC:41:15:48:FB:42:AB:77:8C:5B:FF:37:FE:1F:3C:54"}}},"request":{"raw":"GET /static/adManager.js HTTP/1.1\r\nHost: js.wpadmngr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://litefuck.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 22:01:34 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Tue, 07 Oct 2025 14:31:20 GMT\r\netag: W/\"68e52438-24894\"\r\ncontent-encoding: gzip\r\nexpires: Sun, 12 Oct 2025 22:06:34 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1747\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":149652,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6a6276e2884d8f805a5b3e06b63e7e37","sha1":"17219ffc953e351c8d7b954451abf3812acb95c2","sha256":"44cdcafec7893d902a9cdaa568b666ab6be3badaf87ba9b6d007b78a7506daa8","sha512":"ef199641beccb089c5ad56c1d4507d22dc8b61bd295770777187c81b9733dc2fb8a0c7b49c8e6a7f1503cc4fde943eda25ed76d3317401f76c6e7d1ce4434387","ssdeep":"1536:Z2c1pgoXEMtQy9RixdpOkxQKf7YbK2Ec+tskajUOPVKIZujAB5R1HKvfVf3dnCjH:BRizplOK8mvDtsjbnujATLqs+da","tlshash":"a7e33ac9b2d2b07407e75099d43f1206f73a1a16b80c9058f6a6e9c17878ddb9237f7a","first_seen":"2025-10-07T15:30:22.84378Z","last_seen":"2025-10-13T11:27:49.855572Z","times_seen":269,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":14,"connect":25,"send":0,"wait":21,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"js.wpadmngr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}