{"report_id":"252b8e67-f993-4467-b82a-2dfc90532578","version":6,"status":"done","tags":[],"date":"2025-11-03T18:20:38Z","url":{"schema":"http","addr":"www.xxx.com","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":0,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"www.xxx.com/","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"title":"XXX.com - XXX Sex Videos - Free Porn Movies","dom":{"size":9068,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (322)","md5":"3476c781fff54506e63b1774627e4e82","sha1":"4c828ed55bdc05fea418e0d364b97216f382cc35","sha256":"659c72881ea11a2f3f90b295395e0b6b81e7d1b68e51bb476c791b0f5d903698","sha512":"ec3d70256f6345bbe14748b2491714f6bef5b6063ca241ddcc9aa888455696762ab8751fdfd805e75544eeff511d8d6a015cc47f340f78999c9724a4a21e9ab3","ssdeep":"96:QrVQC/S/SRLbKLL6nZV5BU0U/5fZjSG5L5v+5bfV5WM51Ux5wjEP:KQCaKFbrUrd5BMQh","tlshash":"88121ea240f240b7059290c13b796e1befc6d657db6a854531ef07c99fcac82cd932ac","dom_hash":"domhashe4f632ea55b9c5a6aaf53169a75cced0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PGh0bWw+PGhlYWQ+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4KPHRpdGxlPlhYWC5jb20gLSBYWFggU2V4IFZpZGVvcyAtIEZyZWUgUG9ybiBNb3ZpZXM8L3RpdGxlPgogICAgPG1ldGEgY29udGVudD0iSUU9ZWRnZSxjaHJvbWU9MSIgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIj4KICAgIDxtZXRhIG5hbWU9InJhdGluZyIgY29udGVudD0iUlRBLTUwNDItMTk5Ni0xNDAwLTE1NzctUlRBIj4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSI+CiAgICA8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iWFhYIFNleCBWaWRlb3MgLSBGcmVlIFBvcm4gTW92aWVzIGF0IFhYWC5jb20iPgogICAgPGxpbmsgaHJlZj0iY3NzL21haW4uY3NzIiByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIj4KICAgIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CiAgICBib2R5LHRkLHRoIHsKCWZvbnQtZmFtaWx5OiBSb2JvdG8sIHNhbnMtc2VyaWY7Cn0KYm9keSB7CgliYWNrZ3JvdW5kLWltYWdlOiB1cmwoeHh4LmdpZik7CgltYXJnaW4tdG9wOiAycHg7Cn0KICAgIC5zdHlsZTEgewlmb250LXNpemU6IDE2cHg7Cn0KICAgIC5zdHlsZTIgewlmb250LXNpemU6IDEycHg7Cn0KICAgIDwvc3R5bGU+CjxsaW5rIHJlbD0iYXBwbGUtdG91Y2gtaWNvbiIgc2l6ZXM9IjE4MHgxODAiIGhyZWY9ImltZy9hcHBsZS10b3VjaC1pY29uLnBuZyI+CjxsaW5rIHJlbD0iaWNvbiIgdHlwZT0iaW1hZ2UvcG5nIiBzaXplcz0iMzJ4MzIiIGhyZWY9ImltZy9mYXZpY29uLTMyeDMyLnBuZyI+CjxsaW5rIHJlbD0iaWNvbiIgdHlwZT0iaW1hZ2UvcG5nIiBzaXplcz0iMTZ4MTYiIGhyZWY9ImltZy9mYXZpY29uLTE2eDE2LnBuZyI+CjwvaGVhZD4KPGJvZHkgdG9wbWFyZ2luPSIyIj4KPHNjcmlwdCBhc3luYz0iIiBzcmM9Ii8vd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tL2FuYWx5dGljcy5qcyI+PC9zY3JpcHQ+PHNjcmlwdD4KICAoZnVuY3Rpb24oaSxzLG8sZyxyLGEsbSl7aVsnR29vZ2xlQW5hbHl0aWNzT2JqZWN0J109cjtpW3JdPWlbcl18fGZ1bmN0aW9uKCl7CiAgKGlbcl0ucT1pW3JdLnF8fFtdKS5wdXNoKGFyZ3VtZW50cyl9LGlbcl0ubD0xKm5ldyBEYXRlKCk7YT1zLmNyZWF0ZUVsZW1lbnQobyksCiAgbT1zLmdldEVsZW1lbnRzQnlUYWdOYW1lKG8pWzBdO2EuYXN5bmM9MTthLnNyYz1nO20ucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUoYSxtKQogIH0pKHdpbmRvdyxkb2N1bWVudCwnc2NyaXB0JywnLy93d3cuZ29vZ2xlLWFuYWx5dGljcy5jb20vYW5hbHl0aWNzLmpzJywnZ2EnKTsKCiAgZ2EoJ2NyZWF0ZScsICdVQS0xNjMwOTQ0LTU1JywgJ3h4eC5jb20nKTsKICBnYSgnc2VuZCcsICdwYWdldmlldycpOwoKPC9zY3JpcHQ+CjxkaXYgYWxpZ249ImNlbnRlciI+PGltZyBzcmM9Inh4eC5jb20ucG5nIiBhbHQ9Inh4eCBzZXgiIGJvcmRlcj0iMCI+PC9kaXY+CjxtYWluIGNsYXNzPSJmcmVlIj4KICAgICAgICA8ZGl2IGNsYXNzPSJ0aXRsZSBmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciI+CiAgPHNwYW4gY2xhc3M9InRleHQiPldFTENPTUUgVE8gWFhYLkNPTTwvc3Bhbj48L2Rpdj4KICAgICAgICA8ZGl2IGNsYXNzPSJibHVyYiB3cmFwIj4KICAgICAgICAgICAgPGgzPlhYWCBTRVggTU9WSUVTPC9oMz4KPHA+aG90IGZyZWUgcG9ybiB2aWRlb3M8L3A+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdiBjbGFzcz0iZmxleCBjb2wiPgogICAgICAgICAgICA8YXJ0aWNsZT4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InRodW1iLXdyYXAiPgogICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lnh2aWRlb3MuY29tIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0icGxheS1idG4gZmxleCBhbGlnbi1jZW50ZXIganVzdGlmeS1jZW50ZXIiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0iZmxleCBhbGlnbi1jZW50ZXIganVzdGlmeS1jZW50ZXIiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuPkNMSUNLIFRBS0VTIFlPVSBUTyBYVklERU9TLkNPTTwvc3Bhbj4gCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgIDxpbWcgY2xhc3M9InRodW1iIiBzcmM9ImltZy94dmlkZW9zLmpwZyIgYWx0PSIiPgogICAgICAgICAgICAgICAgICAgIDwvYT4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0id3JhcCI+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0ibWV0YSI+CiAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSJodHRwczovL3d3dy54dmlkZW9zLmNvbSI+CiAgICAgICAgICAgICAgICAgICAgICA8aDI+WHZpZGVvcy5jb208L2gyPgogICAgICAgICAgICAgICAgICAgICAgPC9hPgogICAgICAgICAgICAgICAgICAgICAgPHA+WHZpZGVvcy5jb20gaXMgYW4gYXdhcmQgd2lubmluZyBmaWxlIGhvc3RpbmcgaHViIGFuZCB2aWRlbyBzaGFyaW5nIHR1YmUgZm9yIGFkdWx0cy4gRmluZCB0aGUgaG90dGVzdCBhbWF0ZXVyIHBvcm5zdGFyIHZpZGVvcyBpbiAxIGxvY2F0aW9uLiA4KyBtaWxsaW9uIHh4eCBjbGlwcyBvZiBhbmFsIHNleDsgaG90IGdpcmxzOyBNSUxGOyBibG93IGpvYnMsIGhhcmRjb3JlIG1vdmllcyB3aXRoIGdheXMgdHJhbnNzZXh1YWxzIGFuZCBsZXNiaWFuIHh4eCB2aWRlb3MuPC9wPgogICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ0YWdzIj4KICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4+JDA8L3NwYW4+CiAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuPjQuOSogUmF0aW5nPC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj48YSBocmVmPSJodHRwczovL3d3dy54dmlkZW9zLm5ldC9hcHAiPkFuZHJvaWQgQXBwPC9hPjwvc3Bhbj4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9hcnRpY2xlPgogICAgICAgICAgICA8YXJ0aWNsZT4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InRodW1iLXdyYXAiPgogICAgICAgICAgICAgICAgICAgIDxhIGNsYXNzPSJmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciIgaHJlZj0iaHR0cHM6Ly93d3cueG54eC5jb20iPgogICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwbGF5LWJ0biBmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4+Q0xJQ0sgVEFLRVMgWU9VIFRPIFhOWFguQ09NPC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICA8aW1nIGNsYXNzPSJ0aHVtYiIgc3JjPSJpbWcveG54eC5qcGciIGFsdD0iIj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9IndyYXAiPgogICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJtZXRhIj4KICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSJodHRwczovL3d3dy54bnh4LmNvbSI+CgkJCQkgICAgPGgyPlhOWFguQ09NPC9oMj4KICAgICAgICAgICAgICAgICAgICA8L2E+CiAgICAgICAgICAgICAgICAgICAgICAgIDxwPlhOWFguY29tIGlzIHRoZSBiZXN0IHBvcm5vIHR1YmUgaW4gdGhlIHdvcmxkISBYTlhYIGlzIGEgaHViIGZvciBmcmVlIHNleCBtb3ZpZXMgdXBsb2FkZWQgYnkgc3dpbmdlcnMgd2hvIHNoYXJlIHRoZWlyIGhvbWVtYWRlIHNleCBjbGlwcy4gRW5qb3kgaG90IGJsb3dqb2JzOyBNSUxGIGFzcyBmdWNraW5nIGFuZCBwdXNzeSBsaWNraW5nOyBhbWF0ZXVyIGNvdXBsZXM7IHNleHkgbGVzYmlhbnMgYW5kIGhvcm55IGdheSBhbmQgdHJhbnMgcGVuZXRyYXRpb24uIDwvcD4KICAgICAgICAgICAgICAgICAgPC9kaXY+CgogICAgICAgICAgICAgICAgICAgCgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InRhZ3MiPgogICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj4xMDAlIGZyZWU8L3NwYW4+CiAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuPjQuNyogUmF0aW5nPC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj48YSBocmVmPSJodHRwczovL3d3dy54bnh4Lm5ldC8iPlhueHggQXBwPC9hPjwvc3Bhbj4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICA8L2FydGljbGU+CiAgICAgICAgPC9kaXY+CjwvbWFpbj4KPG1haW4gY2xhc3M9ImJlc3QiPgogICAgPGRpdiBjbGFzcz0idGl0bGUgZmxleCBhbGlnbi1jZW50ZXIganVzdGlmeS1jZW50ZXIiPgogICAgICAgIDxwPkRPIFlPVSBXQU5UIFRIRSBCRVNUIFhYWCBTRVggSU4gNEs/PC9wPgogICAgPC9kaXY+CiAgICAgICAgPGRpdiBjbGFzcz0iYmx1cmIgd3JhcCI+CiAgICAgICAgICAgIDxoMz5QcmVtaXVtIFBvcm4gVHViZXM8L2gzPgogICAgICAgICAgICA8cD40SyBVbHRyYUhEIEFkIEZyZWUgVmlkZW9zPC9wPgogICAgICAgIDwvZGl2PgogICAgICAgIDxkaXYgY2xhc3M9ImZsZXggY29sIj4KICAgICAgICAgICAgPGFydGljbGU+CiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ0aHVtYi13cmFwIj4KICAgICAgICAgICAgICAgICAgICA8YSBjbGFzcz0iZmxleCBhbGlnbi1jZW50ZXIganVzdGlmeS1jZW50ZXIiIGhyZWY9Imh0dHBzOi8vYmFuZ2Jyb3MuY29tIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0icGxheS1idG4gZmxleCBhbGlnbi1jZW50ZXIganVzdGlmeS1jZW50ZXIiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0iZmxleCBhbGlnbi1jZW50ZXIganVzdGlmeS1jZW50ZXIiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuPkdPIFRPICZndDsmZ3Q7IEJBTkdCUk9TLkNPTTwvc3Bhbj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgPGltZyBjbGFzcz0idGh1bWIiIHNyYz0iaW1nL2Jhbmdicm9zLmpwZyIgYWx0PSIiPgogICAgICAgICAgICAgICAgICAgIDwvYT4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0id3JhcCI+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0ibWV0YSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHBzOi8vYmFuZ2Jyb3MuY29tIj48aDI+QmFuZ2Jyb3M8L2gyPjwvYT4KICAgICAgICAgICAgICAgICAgICAgICAgPHA+V2VsY29tZSB0byB0aGUgd29ybGQgZmFtb3VzIGJhbmdicm9zLCBob21lIG9mIG1vcmUgdGhhbiA4NTAwIGZ1bGwgbGVuZ3RoIGV4Y2x1c2l2ZSBzY2VuZXMgYW5kIDUzKyB3ZWJzaXRlcy4gSG90IHdvbWVuIHdpdGggYmlnIGJvb2JzIGFuZCBnaWFudCBhc3NlcyBnaXZpbmcgdGhlIGJlc3QgYmxvd2pvYnMgZXZlci4gQmFuZ2Jyb3MuY29tIGhhcyBhIHBlcmZlY3QgbWl4IG9mIGhvdCBwb3Juc3RhciBnaXJscyBhbmQgYW1hdGV1ciB3b21lbiBmb3IgeW91ciBlbmpveW1lbnQuPC9wPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InRhZ3MiPgogICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj4kMS9kYXk8L3NwYW4+CiAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuPjRLKyBNb3ZpZXM8L3NwYW4+CiAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuPlVsdHJhSEQ8L3NwYW4+CiAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9hcnRpY2xlPgogICAgICAgICAgICA8YXJ0aWNsZT4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InRodW1iLXdyYXAiPgogICAgICAgICAgICAgICAgICAgIDxhIGNsYXNzPSJmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciIgaHJlZj0iaHR0cHM6Ly93d3cuYW5hbHZpZHMuY29tLyI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBsYXktYnRuIGZsZXggYWxpZ24tY2VudGVyIGp1c3RpZnktY2VudGVyIj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZsZXggYWxpZ24tY2VudGVyIGp1c3RpZnktY2VudGVyIj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj5HTyBUTyAmZ3Q7Jmd0OyBBTkFMVklEUy5DT008L3NwYW4+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgIDxpbWcgY2xhc3M9InRodW1iIiBzcmM9ImltZy9sZWdhbHBvcm5vLmpwZyIgYWx0PSJhbmFsIHZpZHMiPgogICAgICAgICAgICAgICAgICAgIDwvYT4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0id3JhcCI+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0ibWV0YSI+CgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSJodHRwczovL3d3dy5hbmFsdmlkcy5jb20vIj48aDI+QW5hbCBWaWRzPC9oMj48L2E+CiAgICAgICAgICAgICAgICAgICAgICAgIDxwPjEwMCUgc2FmZSBhbmQgbGVnYWwgYW5hbCBzZXggdmlkZW9zIHR1YmUgd2l0aCBwcmVtaXVtIDRLIHBvcm4gbW92aWVzISBBZHVsdCBtb3ZpZXMgdHViZSB3aXRoIHRoZSBkb3VibGUgYW5kIHRyaXBsZSBhc3MgZnVja2luZyBmb3IgdHJ1ZSBoYXJkY29yZSBhbmFsIHNleCBsb3ZlcnMgZmlsbGVkIHdpdGggZXhjbHVzaXZlIDRLIFhYWCB2aWRlb3MuIEhvdCBNSUxGIG1vbXMgaGF2aW5nIHRoZWlyIGJ1dHRob2xlcyBmdWNrZWQgYnkgYmlnIGRpY2tzLiBEb3VibGUgYW5kIHRyaXBsZSBhbmFsIHBlbmV0cmF0aW9uITwvcD4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ0YWdzIj4KICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4+JDI5L21vbnRoPC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj40SytIRDwvc3Bhbj4KICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4+QW5hbDwvc3Bhbj4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICA8L2FydGljbGU+CiAgICAgICAgICA8YXJ0aWNsZT4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InRodW1iLXdyYXAiPgogICAgICAgICAgICAgICAgICAgIDxhIGNsYXNzPSJmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciIgaHJlZj0iaHR0cHM6Ly93d3cueHZpZGVvcy5yZWQiPgogICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwbGF5LWJ0biBmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJmbGV4IGFsaWduLWNlbnRlciBqdXN0aWZ5LWNlbnRlciI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4+R08gVE8gJmd0OyZndDsgWFYgUkVEPC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICA8aW1nIGNsYXNzPSJ0aHVtYiIgc3JjPSJpbWcvdGh1bWIuanBnIiBhbHQ9IiI+CiAgICAgICAgICAgICAgICAgICAgPC9hPgogICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ3cmFwIj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJtZXRhIj4KICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lnh2aWRlb3MucmVkIj4KICAgICAgICAgICAgICAgICAgICAgIDxoMj5YdmlkZW9zIFJlZDwvaDI+PC9hPgogICAgICAgICAgICAgICAgICAgICAgICA8cD5YdmlkZW9zIGlzIGEgbWVtYmVycyBvbmx5IFhYWCBtb3ZpZXMgdHViZSBpbiA0SyBIRCB3aXRoIE5PIGFkcyEgRW5qb3kgcHVzc3kgZnVja2luZyB2aWRlbyBjbGlwcyBvZiB0aGUgbW9zdCBmYW1vdXMgcG9ybnN0YXJzLiBCbGFjayBnaXJscyBmdWNrZWQgYnkgYmlnIGRpY2tzLCBNSUxGIG1vbXMgYW5kIGdyYW5uaWVzLCBjdWNrb2xkIGFuZCBvcmd5IHRocmVlc29tZXMuIFRoZSBiZXN0IGhhcmRjb3JlIGFuYWwgc2V4OyBkZWVwdGhyb2F0IGZ1Y2tpbmc7IGxlc2JpYW5zLCBnYXkgYW5kIHRyYW5zIG9yZ2llcy48L3A+CiAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0idGFncyI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuPjUqPC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj43TSsgTW92aWVzPC9zcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8c3Bhbj5BZCBGcmVlPC9zcGFuPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICA8L2FydGljbGU+CiAgICAgICAgICA8c3BhbiBjbGFzcz0ibWV0YSI+PGJyPgogIDwvc3Bhbj48L2Rpdj4KPC9tYWluPgo8ZGl2IGNsYXNzPSJ3cmFwIj48YnI+CiAgPHAgY2xhc3M9ImZsZXggYWxpZ24tY2VudGVyIGp1c3RpZnktY2VudGVyIiBzdHlsZT0iY29sb3I6ICNGRkZGRkYiPjIwMjUgfCBodHRwczovL3d3dy54eHguY29tPGJyPgoJWHh4IFNleCBWaWRlb3MgU2luY2UgMjAwNDwvcD4KPC9kaXY+CgoKPC9ib2R5PjwvaHRtbD4="}},"submit":{"url":{"schema":"http","addr":"www.xxx.com","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":0,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-08T18:20:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.xxx.com","ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"domain_registered":"1994-07-14","domain_rank":13169,"first_seen":"2013-07-27T01:32:20Z","last_seen":"2025-08-25T03:12:42.294339Z","alert_count":11,"request_count":11,"received_data":312274,"sent_data":4802,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T15:49:11.986924Z","times_seen":770786,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"b00284f190c26393663981b5bb5e1218","sha1":"7c08d23eebb9b6fe1947fcdd4c019be9e8aed7c1","sha256":"b55e00a64b47ee38ed67d44b204b5c3cba8dfe43aa90cb6ccbe57e52ef989f95","sha512":"38a26560a933665779ddd8e4f8e4fa9e86dcab0247cac5fe57f1123ef65a1a4f32907a435306d44c754c373a15cd2f7e34f177bdc9653d174b23ba44e7fe11b8","ssdeep":"","tlshash":"e2e0684e383858ea95b3a2f773f3461874622b0c6550eaa35aad815c685098640db1ec","size":394,"data":"","first_seen":"2025-05-13T18:40:47.323292Z","last_seen":"2026-03-05T17:35:14.37115Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/sandbox%20eval%20code","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T15:49:11.879704Z","times_seen":772334,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.xxx.com/xxx.com.png","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /xxx.com.png HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"607d6a57-6489\"\r\nlast-modified: Mon, 19 Apr 2021 11:32:39 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 25737\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25737,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 257 x 62, 8-bit/color RGBA, non-interlaced","md5":"785c1a461e638ee32c10f57bf6bc8940","sha1":"4d97e99de61d2b2eb266786a577fe2ace2b698ae","sha256":"24c658da9a9772c1e92dc1a5a038e27330436225aaa24be7b431ecbd82aa9b9c","sha512":"e930aa2840513a005e473955d6ded929d793bbffbda6f8cd8961a1ee7852cbd278beb57d512def38f2c760bcc405e35472cea6c24686064677490aef2f57ee75","ssdeep":"384:LYb8bm8c6tFZIoLccGk6h9us2ac7pfXLULJPTZbXDYRGkbmE9GjCu:YN8cYZIoYjXfuD97pTULbT1kbmFj7","tlshash":"9bc2f1f3a7b451bf062f33861895b4003b1654da461f3dda6beeef2229b1e44076c4ac","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.368147Z","times_seen":36,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/img/thumb.jpg","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /img/thumb.jpg HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/jpeg\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"607e6ac9-7b91\"\r\nlast-modified: Tue, 20 Apr 2021 05:46:49 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 31633\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31633,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 640x359, components 3","md5":"7f331156b38da443c5e84a68b830bc42","sha1":"2d18e0d410cdc96bc2811ace2660964d2a86edc5","sha256":"6fac748d9a190dbfd26784e5fa373da2a1ca65e22b89be9114fa5cb53132e93d","sha512":"07bf549471d53f79add247bf82f1277ab64d114a12618b7fe5658dc7f0b3856145fd1a1e839c42a38508ab31eda2b2ecc9c44c4d1a4e56b556346537c93c0579","ssdeep":"384:2MS1jrmIHYtdWxI+lx22W+A78vssuxIb3AfrLJFyI1kpHME59iOl6tjT/NxWXRt0:2P1jqIH6MIn8vxuy3AWPpsOUtjjSXA","tlshash":"74e2e1eb7b9c1b3be08748305951415e04b8470ae79e2b4139bc8914d7eebbd985c4ef","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.364153Z","times_seen":36,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/img/favicon-16x16.png","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /img/favicon-16x16.png HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"5cab32f2-26b\"\r\nlast-modified: Mon, 08 Apr 2019 11:39:30 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 619\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":619,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"7001fb734748feb102a1f5a687cfa992","sha1":"7a404479c780b8464000cd3936967cf09e73cdb2","sha256":"25872b7df66d8808429df574308f43ba4142693c7717668e947e0d790da22ec4","sha512":"e41e58d29fed4198be7c5f031cde154f34ed0dd616b17f285b1fbcf19b2ece9540ba8f467ad0118888c9122c8de5394d9c2e40b136651eb98f2bf9b84a397763","ssdeep":"","tlshash":"3ef008957795da34435158219f081838f41421865e772981798de38e164954748fe369","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.366126Z","times_seen":37,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-03T18:20:16.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Mon, 03 Nov 2025 18:20:16 GMT\r\nserver: Caddy, nginx\r\nvary: Accept-Encoding\r\ncontent-length: 2398\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9096,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (322)","md5":"3ed6f9f76617463b7e4256a7fc34a4b6","sha1":"0063a06ea3200b2536f7f19fe9a4a453a26c3719","sha256":"2b79fffe4b15ce276c3991cd70105fd472bac1cbe275682246cc43ab1351e826","sha512":"25e19d0c3596932d3c9d510dc49967be9d0975d8809b50788bc5166597d51bbbbd3521f97f6fcd1f4883aea27b706703f5343baeb7b6c4c95b199f8eb448eb83","ssdeep":"96:lr6QC/S/ScKLL6nZV5BU0U/5fZjSG5v5v+5vfV5iM51Ux5wjEwM:oQCaKcbrUrB5xMQ2M","tlshash":"d3120ea240f240b7019280c13a796a1befc2d657db6a454571ef07c99fcadc2dd932ac","first_seen":"2025-05-13T18:40:47.320235Z","last_seen":"2026-02-21T00:07:44.52248Z","times_seen":10,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":73,"dns":20,"connect":21,"send":0,"wait":23,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/img/xvideos.jpg","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /img/xvideos.jpg HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/jpeg\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"607e6cd3-d62c\"\r\nlast-modified: Tue, 20 Apr 2021 05:55:31 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 54828\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":54828,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 640x359, components 3","md5":"a50f8570df9cb512c4f5e158332985ac","sha1":"5d38b040846d9c7171f1ab8a336c22d45e27855d","sha256":"91df23a616dd852d57cce14ecc3bf55fc860fb26ed8288fa4bb596be8816406d","sha512":"a90f7c62be3d2243a8489a43e42663aac61fbff04f629db8aa5f1c201eab2bd9903aa3ecaaf2213a5c3dacf5e89d570ebc843560a689e34a656c908b8b2a9ba2","ssdeep":"768:r4xWbPk9y2ufBjQ1CGBXA00Zm9lPgrhN8B71g6tgzUOyh/BjCzpI5B+5V:rlkI5jmXsWPuhN8F1gcg4Px8","tlshash":"6333f1cca88965349e0250fd25f1ec912e4dda8558397357fc7e39e18b304a10fea7ad","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.36917Z","times_seen":36,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/img/xnxx.jpg","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /img/xnxx.jpg HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/jpeg\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"607e6970-d2d7\"\r\nlast-modified: Tue, 20 Apr 2021 05:41:04 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 53975\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53975,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 640x360, components 3","md5":"3acb733c905c3f53cce5256bfee9b743","sha1":"79706a241aeab6da9106de92419462d402533b9a","sha256":"3d9dae36d080e49959e771e5e203db63633d96b11670dc342d9fd50f3122685c","sha512":"8d047b545088ac4004ba4d759aedc5f909fda2a265fa030fed5c4dde8f46adc99e0414e9188226225ba057ec5eaf9da2aa729a13a4554d3bc3ad03a5873c4572","ssdeep":"1536:0ql+1v1VFKpmAMKYJLuNUPBML23Xpj2wTWndaVdhAJ6:0qk1JeDEl4U5Mi5zMd4","tlshash":"e13302b525b47e0ab6e05071bfb6bab237e9dcbc56314f0834995f44831d725c1cab06","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.370172Z","times_seen":36,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/img/bangbros.jpg","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /img/bangbros.jpg HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/jpeg\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"607e6e28-df0c\"\r\nlast-modified: Tue, 20 Apr 2021 06:01:12 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 57100\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57100,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 640x359, components 3","md5":"47de7c275787e2ceb0ccb47206b39d78","sha1":"d07326efab7b525be7cdf7940331a7315f42043a","sha256":"aa5c44dad159d19d41d21c26bf6ccc73f78268cef9e9cc30fd56bdf06f32cd68","sha512":"6c09b643ff363b044f3c6be63bb14a15ea7e590536606f50554f0760aa258f36947b75796fa33408364ce18e630d5442a73cb7029cf73a8cfdbf57c8fe591d86","ssdeep":"1536:2X5eBq/p6BYSdgUmW+g6qQF8OZPRyI4AZUie/O:m8Bq/pMYSdgUAg61F93yI9ZUDW","tlshash":"5943022f0525bda74a352975aa15fdf52281ecfe91eab520371c0c320e1bce85bace45","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.356005Z","times_seen":36,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/img/legalporno.jpg","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /img/legalporno.jpg HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/jpeg\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"607e79a6-f03b\"\r\nlast-modified: Tue, 20 Apr 2021 06:50:14 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 61499\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61499,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 640x359, components 3","md5":"9f323e4148f9287a5925ea5b1b4a4705","sha1":"0e75ad756fde98b8af608ec9327b4a8e63ca3645","sha256":"d9df74caab2bf99974c7907da4c04e0b9eba9533aa77d13f63c20d49230c67cd","sha512":"87d69615c445b7b5b22f4562a6cb022e864260efe14466b15c305aa383af9fa83006f1dc621ccd339db4ee4b5c6806163863300429d0becb206cdb79e08b5e79","ssdeep":"1536:rHXuJjOUhOQRTTVXPGcjOg+ApCgbCbxXZk5Z5BEkDqZNJfkDF:r3IjlmSOg+AbsxpknbDqjJfuF","tlshash":"6153f2032c11d51fd9490635a6ef1a80236569ffaefa658fb88fa70ca31cd1895e01ed","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.362964Z","times_seen":36,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/xxx.gif","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /xxx.gif HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/gif\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"5be3efe0-c5\"\r\nlast-modified: Thu, 08 Nov 2018 08:12:16 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 197\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":197,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 4000","md5":"a35d8f82170b47a25154a64b8afd7c9a","sha1":"8fd0d1e2e566549bc5732cce6e30d21b1212529e","sha256":"7ecc422af647f02afd4f004fdae51bc59bf2554f6d0c7b91501298b4fc9e7f75","sha512":"8ca575f29556cd87003cb52c79c0c599b7cc97abfeb5d0e3f987fc4f865ac1bb9e0ae181aa12691a1f29ff4c741887b2baedec4c136ef51e645a186dffeb5bf0","ssdeep":"","tlshash":"22d0224e825522b3ca13853d282320c2140d7f6886222aca5a88b37a412433b3041860","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.358886Z","times_seen":36,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/img/apple-touch-icon.png","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /img/apple-touch-icon.png HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: \"5cab32f2-267a\"\r\nlast-modified: Mon, 08 Apr 2019 11:39:30 GMT\r\nserver: Caddy, nginx\r\ncontent-length: 9850\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9850,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"60837e5cc691059073ca6c52af67135a","sha1":"3f2fcc416c518ab38e2a3df15aab2d16bdcd12c4","sha256":"d8a8c71b0f069d000d07e9e3113c1f3af24f33bfb88ebe54d57c93db23390d6a","sha512":"8f20b12a467242509b156684f76481f650dca91920b78964971d46170643760eb96f345b8be6db0ad498d546ba1ee1bcb38a0aa614d16a5541c822d1e47e5b66","ssdeep":"192:6NDl1N0DkKHGPUrwwqZkkoizQTzH0OL22sriBEg6gkVOKkVDk0:6UlHlwPZkDLTjpMriBEokMNx/","tlshash":"a312c0578682cc2fe6849968bd0dc5624269d39bc743725c335fb374a8e516ac7044f1","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.36511Z","times_seen":36,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xxx.com/css/main.css","fqdn":"www.xxx.com","domain":"xxx.com","tld":"com"},"ip":{"addr":"141.0.173.173","port":443,"asn":46652,"as":"SERVERSTACK-ASN","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.xxx.com/","date":"2025-11-03T18:20:17.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xxx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 11:21:54 GMT","end":"Tue, 23 Dec 2025 11:21:53 GMT"},"fingerprint":{"sha1":"BA:D0:E6:D4:F5:66:2D:89:89:02:03:89:24:FD:2F:27:A5:64:13:F9","sha256":"49:7E:F8:67:A4:68:AF:FA:50:91:06:EC:F8:3B:49:44:55:F2:4A:B9:91:09:66:AE:5C:93:9C:10:A6:17:1E:B2"}}},"request":{"raw":"GET /css/main.css HTTP/1.1\r\nHost: www.xxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xxx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 03 Nov 2025 18:20:17 GMT\r\netag: W/\"607d6bab-142b\"\r\nlast-modified: Mon, 19 Apr 2021 11:38:19 GMT\r\nserver: Caddy, nginx\r\nvary: Accept-Encoding\r\ncontent-length: 1427\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5163,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (301)","md5":"1bf6674b6d3666b4b65e9404a29cfd1c","sha1":"c4c30b381cfed89e9ad0329fbe6500ee35c6003c","sha256":"6025551812331183c35707ed28764ad2fb175d5eb6c077104283e48ba2678530","sha512":"039b1657e929b39bfc4e95fea91c00ab5b273bb3e0a9ea7d5d6307d0ba8751445c6a496b1418d204a4719fd4d7b2032e09dc6e855cb184cb28cfb183b1aa8b70","ssdeep":"96:5kbrncrXeqjED8E5LWETkV3vki7860CiV469vS6rb1xxx7Ce40YBMnz/w9dnq:5crncrOs92WAi7T6k6rb1xxxU0mMnz4+","tlshash":"69b1330733800b148497889c7ee717ac52545171a38fbbffac43046adbee5b409f6a8e","first_seen":"2023-07-20T05:28:36Z","last_seen":"2026-03-05T17:35:14.361701Z","times_seen":36,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"www.xxx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}