{"report_id":"307bb3d9-0860-4327-828d-b713aace9be6","version":6,"status":"done","tags":[],"date":"2026-04-22T18:27:29Z","url":{"schema":"http","addr":"holding999.com","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"104.21.39.92","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"title":"GFH","dom":{"size":151870,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1044)","md5":"9c01df84457c51bd83d1b7fa68774f8e","sha1":"4f6911207a291ba9e249d3521636e247df963307","sha256":"9e8b1304cf1951d9e9ae24abc4c8a24643ee2c3d4ed4814b66ba3836cdf51252","sha512":"688848a7f0697c138687feddcaa78ee523592ae021fa49eedd28ad6e2b032b05e0e48bd33b62912462510349133e0f1f599f9098ee9907aae87be56c199db0f9","ssdeep":"1536:cSd5wCquhGiwl1d1vN12AdYTB4gO3VTV2QkbPzCpMOAhE/TblL7Olq9M8ujVvT8d:15wxuWROhmAhcmXGzGw","tlshash":"6ae3c664a3dc053b206b50c797b5778a75fa9433d65bc8043bbe4b907f86c48e8236ad","dom_hash":"domhash3f3f825bb990605cf3ddc396970a8978","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"holding999.com","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"104.21.39.92","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T18:27:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"cdn.staticfile.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"holding999.com","ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":104,"request_count":52,"received_data":2737812,"sent_data":26269,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap:4.5.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:1.10.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"ThinkPHP","description":"ThinkPHP is an open-source PHP framework with MVC structure developed and maintained by Shanghai Topthink Company.","website":"https://www.thinkphp.cn","common_platform_enumeration":"cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*","icon":"ThinkPHP.png","categories":["Web frameworks"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"cdn.staticfile.org","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2013-03-29","domain_rank":851278,"first_seen":"2013-08-23T08:51:19Z","last_seen":"2026-04-18T10:11:58.126269Z","alert_count":5,"request_count":5,"received_data":131442,"sent_data":2155,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-04-19T22:35:51.253585Z","alert_count":0,"request_count":3,"received_data":331409,"sent_data":1538,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-19T22:20:23.925162Z","alert_count":0,"request_count":1,"received_data":6149,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.huobi.pro","ip":{"addr":"52.84.50.36","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2017-03-19","domain_rank":3114416,"first_seen":"2017-09-16T11:43:47Z","last_seen":"2026-04-19T16:00:38.013034Z","alert_count":0,"request_count":1,"received_data":476,"sent_data":553,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.staticfile.org/jquery/2.1.1/jquery.min.js","fqdn":"cdn.staticfile.org","domain":"staticfile.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d021c983bd6e7291b43a5cc1fb2ebe99","sha1":"ffe47a16e4b1550ddfba3577cc9cc9fdc8643aff","sha256":"c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079","sha512":"0b01d408ae79a4e3630f1bcf6507aec0aa71a2cf263f212ff601ae582f15af4df9ec9dae5e0d4fc9c1833cd0fd1207689121531ba920480a680e3f4e336da4b3","ssdeep":"1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa9G:7NMnJiz6oAQKP5a98HrB","tlshash":"5983d6d9b6c27062977734b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","size":84280,"data":"","first_seen":"2023-03-07T12:01:55Z","last_seen":"2026-04-22T18:28:09.598179Z","times_seen":9905,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/js/jquery.SuperSlide.2.1.1.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b9bc63ab05e21e3830da5bbb4ccee67","sha1":"d162156bdaf14217d76d920e0e57b86d8feb1d97","sha256":"349e46b2c65028736d0bbff7b829c7fc6fbdebc1fb1e8b12365a0ca2e6e9e848","sha512":"bdfa220da1f08e29f05a9984c4999d7e742bea10ad86b7e497a0d112c7992cc52b7f1e9f5430b4286f14bb2336110f85cbdc3164a92121caaf5c91961f7e69c9","ssdeep":"192:j+K3bxH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:jNcnqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"9532c65fb66635ca4597b3f1107f940d222b5965fc8a8ca0b17082c0adb9a1c243bfed","size":11264,"data":"","first_seen":"2023-04-05T11:06:31Z","last_seen":"2026-04-22T20:40:29.730152Z","times_seen":13308,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"684dd1b369e491185cffa844d1336095","sha1":"4f26e7c97373819874529abe2f45f8007bbada4c","sha256":"8111927267c6a66c354cd377ecbd866dc8a5f64ebf7d1e3cfea7152350abe0ec","sha512":"9b6d2dd6f905eea402a331d8b7c8cad1ccfd3d2672e355b109ff2808e495f2121912912823164993a5cc857384a1d35dbc86552b189937c2aedbfa873542c0d1","ssdeep":"768:uH+uMZSyWwZsVZvhKFmpmBvKcj4XFoIeHfms:uH+ZSyW+oZvhcmpgZiyHfV","tlshash":"2ae26296e72c57360796029f66ee41e6fb39c069223b890e3d5cc11827d1d788b763f8","size":32907,"data":"","first_seen":"2026-03-01T16:56:53.318286Z","last_seen":"2026-04-22T18:27:36.858241Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"20523e78bae2cebbef388c9ef84ec2f9","sha1":"29093cf5f97a20d8297b3554d07f2926d8df98d2","sha256":"8a6cfe4c6857b79cfcf6f200c8d00b064aa443b7e529332cbf064cb183c938cc","sha512":"182e396a3aafaf2b5f18070a8ed0e76efc7e8f1cb8eb37865ac4b294f0a8c933c3e9a72531506bfc732fa9f5f3a4acaa7a1a21adbb0849c63870b3f2e934a2f6","ssdeep":"192:Z+9wKCCBm9wKCC1u9wKCCXO9wKCC9u9wKCCssxI9wKCC7O9wKCCeQi9wKCCTo9ww:Z+vm7uVOrur+JOAQihoTuhK5Mh8N","tlshash":"1822b46cf993286c789334258f6f005438e87547cb49d4193eada8c26f8850da5bbfde","size":10286,"data":"","first_seen":"2023-04-30T10:40:57Z","last_seen":"2026-04-22T18:27:36.858839Z","times_seen":2898,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5a16e0ddec52e252f0e93607cf8122cb","sha1":"aaa35c4fc1d48a1d9234e0c4e396dbf3859b22c1","sha256":"5d62bc394c41e5181a4cd7c8eab8a9b7f7c64250391a4c7df390601a87389f2f","sha512":"623e0d2411041b963d3e16f274166bb7e58576d5654f2c38f0a2624517f03ba77264f47a9bc3fde1e2f5c695b914320e7a17e276f0cfb2205124d85dff358e8b","ssdeep":"","tlshash":"f1618912676f28421db724be072b30013478712bb44bc915bb9fa7c0afa59ad6454edf","size":3214,"data":"","first_seen":"2025-09-22T10:56:32.904922Z","last_seen":"2026-04-22T18:27:36.859467Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fbbb012e519b910a02da83ac6d3112da","sha1":"a03af70ac8200203516bb605834e1e3a1a061948","sha256":"b3f004b5887b020f0abc7d1046d655e1b275a9eb354f05212175561521105a47","sha512":"5c76b4a0f8abfa543ae0c28835d8685715b0899a787e39f251d28a06484c9f51a0de7dc1fc258b4891080768550ee830e5b0594bbac8a8e61594d117ce751b80","ssdeep":"","tlshash":"6cf0c96e0a1ed7ff70a80235532aa2ef70cd4baa90076807fe87021716ac118bc01ea1","size":527,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:28:09.644739Z","times_seen":6968,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"03166dd51afc8a96f0b470a69fd92122","sha1":"dede404d174794767cc30a60faa2834d75c55bba","sha256":"476f3c1edc2451e035b33097c938aa70c55dd437259e82b6c647e397373776a4","sha512":"ea02575efb97272b27ebf00b2c5cbc4232f5058d7cd3bd493ee29051ba8fa1c4dc158553404bd37eecd6b39117562d4448931537eae48d44a9c4a2cf5ded27f1","ssdeep":"","tlshash":"f55198c8c71c017ca89212bd2a2e918c163c29b538124c6c7d6d4c28bb94f6d865d979","size":2786,"data":"","first_seen":"2026-04-22T18:22:43.477033Z","last_seen":"2026-04-22T18:27:36.861502Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/js/layer/layer.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","size":19831,"data":"","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-04-22T18:28:09.608149Z","times_seen":13302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/js/layer/layer.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","size":19831,"data":"","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-04-22T18:28:09.608149Z","times_seen":13302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3141c18a9605b1422295c9e48d668c9d","sha1":"0e035fdbc893334e85d674527229f5d2fd9c8036","sha256":"1c439327512b5147799af88283ca39d0f13d331bea70d2ec3e479177c6c595c9","sha512":"9de6cc7247eb894a1a5a05a3cad42883bb7478bd38bb37e22c7ac97ae476b6a843adb97e0ed0c1ba44db35687a637a8ada2d6197fdf51b66ac1e46fb0d0863d0","ssdeep":"","tlshash":"05d05ec3ab4d2058587f319784eb15cc005c467288920d89bc3d91908ca01ec5371f2d","size":255,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.138877Z","times_seen":5207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Static/bootstrap5Slide/bootstrap.bundle.min.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8831aa095cdec88f66c2e46c339cf352","sha1":"5db4c40dbc6bd3d9623ee98a2061dd265885cf2e","sha256":"79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9","sha512":"b07f093e128951e03d3d693778e70e97c53e95f65382d0570f8d6ae9c3bfb25c311870b129c5b8e4ae283c25211c6ecd301e266ca11d75598fb935eda5b09b14","ssdeep":"1536:GaPTJR2t4PqiiyuL5FehgTr1voCBZx6wVlLBkS:4OANBZVV5","tlshash":"0f73c5493254b87309ee15a68037460bf7256d94b14b802cb5bdacde2b3dc8672b7f78","size":78748,"data":"","first_seen":"2023-03-07T01:34:42Z","last_seen":"2026-04-22T18:27:50.069436Z","times_seen":7517,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5c7aa69aa5071366e926e1b6c57336d1","sha1":"b9a31effcf9e93fb7458c2a089afcaef4e4f674b","sha256":"5aeb2d4495d52399af07422f506d87f418ee72156c88cea241709ff3c896fdbb","sha512":"daade06ffb912699f69b18ccc2404e95fe2d849252c3a19370e7c1bd2490e94f56f46afae1aaded68dc3b47a063e681a882f846ea043a83247a7792a66150f08","ssdeep":"192:Nb3vvAbwMuAEQYLQY/1M8rdQYRg7QY8QY6QYgkLL8:lvAf01M8rXgv38","tlshash":"d042c1487eab913b1c7b24e14bfb274a75c96007c3ced80d769d0f842f0561ab4967a7","size":12604,"data":"","first_seen":"2025-12-05T07:29:49.132488Z","last_seen":"2026-04-22T18:27:36.862895Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.staticfile.org/pako/1.0.10/pako.min.js","fqdn":"cdn.staticfile.org","domain":"staticfile.org","tld":"org"},"ip":{"addr":"134.122.173.178","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"64413eda72405dd1d28bbb64d900c778","sha1":"6086b751c4f4c90bbd0521b6bfe5279fd4eb55da","sha256":"29cfa0542b9864b6640cfdcc8f15b184db6431b532db2702a3ce97e5f2a7fc1c","sha512":"7ae59cfd0bfc2a9d026d35f533e43706f532a0e6aaf40bb9d134fbbf3dcc15fe6f7abdfdc9babacd5f919e00d8f1e37c0084058a0c63c18bfa8e1a0fe78eaf7d","ssdeep":"768:7feBUDB3FA8/nVPg0kKWslV7hF/PGjMhuAEIzg49n3cG:zeG/9hF/+jZAEI0O3cG","tlshash":"1a23f6a630f651a82be118d8909b2b96217051326c0519f9e378dde43cb4dcfe17fa7e","size":45988,"data":"","first_seen":"2023-03-07T12:10:43Z","last_seen":"2026-04-22T18:27:36.84854Z","times_seen":3755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Static/bootstrap5Slide/scripts.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48477ea73f8709a6c29d7cde0cc83e55","sha1":"5dc30fab107725dd71ab343d70b9e6267ea68cf1","sha256":"fd67e1f083236a6c171d2275401174ea62a6f24fc81193d55653080a236a209a","sha512":"0932287b99d7c96929e7464b6684fe399dfcaaea787dcab28fa0879094b5eb4d92139260fecde4ffe430eca3986430f98a72fc523332c4e476bee9ea2226b1b3","ssdeep":"","tlshash":"1ee0cd91761d4f9d1ccc3257996092c576841524e401f06790374c6c0a9584225fb7fc","size":298,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.052952Z","times_seen":6103,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a416404b4af.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a416404b4af.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:53:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41640-a53\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t8xCiJ3QcmvxIZ1kj74DqbKrRSZwz7ca3Yjw9gQLghHQMlzw2dYkbCBNnY%2FH2OHvVxXdF5xPjLvpjZ8dKRNyQYpHghKKQjfavXV91JrDmTPOVQaRgHzxI6wHpiarkMz4Eg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b171a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2643,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"6abdb2f4c17e4272b825d31e9faa9721","sha1":"624ac7e5709a66da924d64585b9b35b3bf77c3bf","sha256":"6ace37f8943542da5159c4ce06f07a65afcf76540c0d285dbcb03b023b6d5437","sha512":"54db017871fd4487e29a75515b52bc7bf56f0cd18119f748679b4e5faa53f26b62fc2dd69bb7bec2acd3d294bdb8f86cc8cdef8952abec58af48c23984112d72","ssdeep":"","tlshash":"e5514c6b003284c0b4673505742b0a444e74fa09bf971b0834faebaffb685c749793a0","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.834377Z","times_seen":307,"resource_available":false,"data":null}},"time_used":900,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":900,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/css/base.css","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/css/base.css HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-64a5\"\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jTpjT9klx%2FG8QdtQzWILIzXOIuvV5mch5raebkSZs5xXxpYMpUZm84BM%2BxOcoeAIOb6fRjeI2aEJqdhnkKBABVe8Lu4b6xl1bMwBCCfDrz9vvanBQKpkVc7jwIqZDZKJQw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49eb011a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25765,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (846)","md5":"8739b7f6cc1db5ea89afe0a14afacd7a","sha1":"f7dc32e9b67f5a0190cdb0d641f141294522fe46","sha256":"446377cfd8abce9140615cc2df1cfd3c2e8f908f179cbe1c7bc6209ef1bd2f3e","sha512":"8daa0f9ebd76dc9e94f4c5cf0acd3380b91abe7186648e41574d747c9cd0bfc2a6c28ba80c0e34ce2aba079782d9061d73bb37010cd77f7f59bc5879a19612a6","ssdeep":"384:BpFiOVTjRmNi2RoLy6IbRiWc2FDwFxYorvRnEkEZ58s8BXR8G8LrB888t7jL5ZBe:Y4cN39FDwFx9EZS9YzqtRB8TF3MDdu","tlshash":"12c295a7dfa30901b81bc5a41ff9ab55236c8017910bdebd7fc53648cf462d898a27c6","first_seen":"2023-06-09T02:38:16Z","last_seen":"2026-04-22T18:27:50.108332Z","times_seen":2231,"resource_available":false,"data":null}},"time_used":895,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":894,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.staticfile.org/jquery/1.10.2/jquery.min.js","fqdn":"cdn.staticfile.org","domain":"staticfile.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.645Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /jquery/1.10.2/jquery.min.js HTTP/1.1\r\nHost: cdn.staticfile.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T23:09:24.873355Z","times_seen":14078528,"resource_available":true,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":1,"connect":206,"send":0,"wait":0,"receive":0,"ssl":228},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"cdn.staticfile.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a4180d8eba4.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a4180d8eba4.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 13:01:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a4180d-ae2\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1Mz4R3D66kHfH%2BeA8ZMK0kEUIfHx3dac%2FrYfzRETeUzgE7z3uazyelEFpJso3MnlqJ4LVGIN3uIpYC5NsiT7wknQzZx3VZnX%2BBsnUWpfIjcNMaxat6H9iSxMjExemzxYLQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b121a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2786,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"8a9e218dfee4e4278234de1ce0425c18","sha1":"654ff7ec7a33ee296e1bca1d4bbd477c131cb9d1","sha256":"76c92f93dcb47a7c538d72468b9b0c4566fdd4602b73a49b4ebfc25a85b1f25a","sha512":"329b3afde4bee2f8d82523dc8ef89d256e01c64e6ceb355d0ae7a516840e5efa3ad9187ee024c9e4690078a597aec4b8f3753cae524da9de1ca1ad8866efa2c8","ssdeep":"","tlshash":"a1513a04b30b6c00754d3b4b2519d3ae9aed940e95302b2b049d586e9dcc29184fbd5a","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.824699Z","times_seen":308,"resource_available":false,"data":null}},"time_used":900,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":900,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.3.0/font/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.3.0/font/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://holding999.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.jsdelivr.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: font/woff\r\ncontent-length: 106812\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.3.0\r\nx-jsd-version-type: version\r\netag: W/\"1a13c-GxDOCA4lYqi36DlQRNPKg9wRKZk\"\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230120-FRA, cache-bma-essb1270030-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 2988339\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8NFtbHk1aKvzRjerjyHTxMDA8L9Towi00MrsDhkjT0MoHrfnHGbkt40RGh9dTU2p4ri8b9UJxVlDc1V1KYtfUt9wob1cHB34lmi0m7ZbYufzQwgCveN3C9%2BVS%2BElz08aXh8%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f06ae52de1949c5-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":106812,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 106812, version 1.0","md5":"df7de9fe96a30f78c7f652f5b00ae016","sha1":"1b10ce080e2562a8b7e8395044d3ca83dc112999","sha256":"011ae1fe8e56c310d82ec3795cb8f86b9dea521dd0bc560a0ae0c2e87baedd4b","sha512":"d8cd580ed4119b0d31c9f3b7ea1b2002ccef31ba26cc6791114e5017e9ccffbfbf57b8611aafa52a8b3e76fc8f77b0d51d333dfcd5b293ddde61da3bbbbda47e","ssdeep":"1536:IEGBxy7wyLnYmvpdgacZtaiLBug50yslpdHfaKoGS3MUt7jCP/KgpL+HoEf7HhDt:0zy7pnYm/zcZta+UNoGS3gpL+Zwul","tlshash":"8fa302c0688d7e9ade37df31a226826373d3094a637c2d6f26997852c946e0f7637341","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:28:09.60369Z","times_seen":10291,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":6,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T18:27:07.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 18:27:08 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: private\r\nx-powered-by: ThinkPHP\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SObWBaCGNIVNrsHHPmOSQHK4TPGFdR59EKJe5rZUwKk%2BDDxwNlk3pJjnQtX12XLBK1UEJlA8nfXJaIgyvq8DqCsv4c4PW3tePwwM9n%2FC1MHsbUw6j4XTnKWx4MOF4Jfgtw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9f06ae415ffa56c7-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:4.5.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:1.10.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"ThinkPHP","description":"ThinkPHP is an open-source PHP framework with MVC structure developed and maintained by Shanghai Topthink Company.","website":"https://www.thinkphp.cn","common_platform_enumeration":"cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*","icon":"ThinkPHP.png","categories":["Web frameworks"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":146345,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1002)","md5":"b65aa5c02a20f514544118f6ac9074b9","sha1":"e6ec0bc7cd05cde497a8518d7f5bcb2cf25c03e2","sha256":"7df27183e02a13099bbb794e28156c618d7f89de4a2070ae0d5a49c34a83f42e","sha512":"2a8696a54b2c17f04a61b132d87c7279d3c9f7a45f7ebbc5d45790d38afa7d3afd89fb0e13d125672f35dd2e26d2ec628cc4b1ee1d2f0a5bf4983736e6e65e04","ssdeep":"1536:rSdRLCuP149TZwhVH+ZSyW+oZvhcmpgZiyHfyfGy901M8rXgv8:2Ruu9aOhmAhcmXGaGb","tlshash":"ace3d954a3dc093a205750c79bb5668a79f69033d65bc8043bbe4ba07fc7c58e8236ed","first_seen":"2026-04-22T18:22:43.448121Z","last_seen":"2026-04-22T18:27:36.829449Z","times_seen":10,"resource_available":true,"data":null}},"time_used":1308,"timings":{"blocked":52,"dns":32,"connect":1,"send":0,"wait":1203,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a416a65fbac.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a416a65fbac.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:55:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a416a6-13da\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2F2eMfIMa2ju1YYZUWif3EWu7PgPuQ0Re9WUNGWgFjvUULMv%2FIkEfWru%2FDTYlqonbLVI7IdosFNNg8v06sreV5IiL5DRRh6WUzoH0%2BMwHe31fYzS8xIuDsv6g8Qx18jWW1g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb0c1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5082,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"b3f8a33afa34b82039a188ea2e7bebe2","sha1":"040c6525d908b4280fd8b475fa4300a4b0c401c9","sha256":"dd7a53cdd646057c7bb104b8d30ad1a580f16644fa3f3a97996827738bd3c302","sha512":"5dc117f9015b3cc8483fb99bd60731cc9c549b4d69e37fb2176d5faeb03a3140722fbfaf9143c2182f421b2df40f2f5c717d76d068e6eaf1bd70106cf62c40c5","ssdeep":"96:6S66knmWIrF6/c0QNGcHGDhHCUWqHSHVV9LxvF16BotrbF+A2b2V2C/KssQk:6S66knYJWiUWqyj5xdFrbYEV2fNn","tlshash":"9da13b85fd62dc516a0edf10e1e9a222263b47d49791b057fce88c0799750bece8c4d9","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.852493Z","times_seen":340,"resource_available":false,"data":null}},"time_used":899,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":898,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/xm/1613786496962262.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /xm/1613786496962262.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Jul 2022 17:20:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3216c-a83\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I9vzQYrQ4TUE9Q7W1yKO7uwk2x0V8ITcU159xJXkiG%2BHN6GM2OItBVVuQIjZOlg4chJtyAAOmpB5VxsS9%2FTJsX79z1bgOCaGvUwD6%2BJA5xLWbmbzwfj83PrauppsfPbAFA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b161a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"2edf1ef8b333c40979976d1a49bc234c","sha1":"d75ac12795b4a9575c874e1b190712cd62a87afc","sha256":"50a1901684f223bf26594dd3415b1e50f184820a16daa810cc5452911e9117a9","sha512":"f697a1fa0786316fc01003f72621920932e2657e4acf5a471e35d02717c42c9db5a12df311895a776a563dcae9b8fc0b6721833529a054b9dbfff4c52fc564d3","ssdeep":"","tlshash":"2b515ee60252267980d32438616db1e178beabb2c3021ded6c1444954acc4b62555cfa","first_seen":"2023-05-01T18:49:36Z","last_seen":"2026-04-22T21:20:06.772271Z","times_seen":21103,"resource_available":false,"data":null}},"time_used":982,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":982,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.staticfile.org/jquery/2.1.1/jquery.min.js","fqdn":"cdn.staticfile.org","domain":"staticfile.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.655Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /jquery/2.1.1/jquery.min.js HTTP/1.1\r\nHost: cdn.staticfile.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T23:09:24.873355Z","times_seen":14078528,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":301,"dns":0,"connect":210,"send":0,"wait":0,"receive":0,"ssl":237},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"cdn.staticfile.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/69b162d0591e6.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/69b162d0591e6.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 11 Mar 2026 12:40:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b162d0-a892\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EzfkQ6pICOnjV6s9mNQJio%2B6IfKcOllz1g5Sli1oFBCPnxahHmLmBr%2F%2B%2F9%2FNew3XrRrPlZ9%2BpQf9eaVZ72wh2aRzw3GX7%2Bgr0d61%2BkNtIaTMWC6RfSX8U%2BTwM1wp7mxEmg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49eb021a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43154,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1563 x 1563, 8-bit/color RGBA, non-interlaced","md5":"6921fe357f4b9f38a2beba8c221a0e9d","sha1":"defa4a67168ae3c5106363d41bfd355f412a8a79","sha256":"dda2d34ac9c33d040a42231c0fb4f53315aa7c2c686575700c41f6d25dddd002","sha512":"19eea5ebd97281203a602b1fc746086dc1d59f250ef7678fde551d28c688d1b690320941b6aa8b34163dbff87767f8a2ab6f34efc8bd7a10da4f239a66760d76","ssdeep":"768:bA6642FLEMg27QvObsCTCmJ+uo2iU9jQIabbbb2bbbbrojH/RpY8TmkieigPAD:b042RhggQWbZI2ignsfNFNig4D","tlshash":"9e138da022179de6ce9514b98c3a1ffc776e1bea375d935343e762590a33bc098b0718","first_seen":"2026-03-25T18:42:34.317226Z","last_seen":"2026-04-22T18:27:36.847905Z","times_seen":14,"resource_available":false,"data":null}},"time_used":1214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1210,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/6907a783cbd83.jpeg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/6907a783cbd83.jpeg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 02 Nov 2025 18:48:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6907a783-16932\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bq4R5o8eG%2Fg8J7ZwJApBlJzNudLChs9ucUkpGLEy8iAELTUBqb2Gf2MhxOQ5NFHyQ9vdyrl8FJhgCTxBbkddmBRkJvKXCnN7unelKShJ0xiQfqBT7zXUPwHeXoag94buGg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb051a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92466,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x300, components 3","md5":"d2ec614dd56337288a48c3504872d752","sha1":"1fa9772c7f2eb6e93fe1edeacef816b6850507fa","sha256":"d4ca7b176180c645d813c294b8174fe3c58a9cf83db951b5b8fb6f1ba9cb2cfd","sha512":"ffbee79889cffadad6106cf0535965fb5a5ce7e39b16a1998084d38aad60f4ecdb1ff0d2281fd34e999ccdd04c3d2cc25bd7aec119a58c18e5cd91b8174118a3","ssdeep":"1536:M9qKZoxlS00K5Xr6B7rdSKgWoCL8DyWKl7mfmxnyKqhvYPZmXxilegMMCdDIDG7:QZygKUFlgWnLV7ImxnV/P9C1r7","tlshash":"72931296b38a4919e7697732485ec1e073f29ea0be451fae51f3c478c8dd032b117a39","first_seen":"2023-05-21T16:18:43Z","last_seen":"2026-04-22T18:27:36.850909Z","times_seen":4423,"resource_available":false,"data":null}},"time_used":1512,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1176,"receive":336,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a41885341c1.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a41885341c1.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 13:03:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41885-c8a\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZAf4PbJeW%2BW9IiTPXh2PaAS4BNsmDD9MQFzZgDwtu5F2YJXhGGwH5eO9MoaSDHwQinp5EKAd5sjFfB8PA8Ry9BfFvFK3r%2B2IB6jWbl0pJtHH%2B2xnsEp4g5UdB93MMJIx2Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b141a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3210,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"2510deb3f0010c55a1410dc919ae56bb","sha1":"8e2714ef6e529bb87fc81268560196315793c680","sha256":"f19e454b08d54966240bcb34b4add697da344da7ca31cb497b0179c407f36989","sha512":"09c8e5366000ef638e12c324eb0dca7eba70b4b23015e332b46598ebfff7582e31858bf38b4534d863d5c9d512d6d4f5a164357581848f7b55d4195fd7139afc","ssdeep":"","tlshash":"28617daaeb478f67b86af117d6014e0d4f5847893182c0003eb75b5e6fb651c08300c9","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.840989Z","times_seen":304,"resource_available":false,"data":null}},"time_used":886,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":886,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a417858510f.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a417858510f.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:58:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41785-1014\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tRHICvMtpjdQdM%2BtcB52UCOnLrBHr697f0vu2bL8SUL1qSaVwKmwvtuBdFvDylVcJC2Gr1FDbEyht84qcmAdkqlgWwRsKsNlf2o4Ux5IIbf4%2BmznmAedUZQWSGKDbCa4mQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b151a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4116,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"cd466c14518d1fc68563a20d24ddaa1a","sha1":"4407cd19cfa5894a556214f92d8d5b636bc0d4c5","sha256":"e51e4985301993a3a09308f92c1d606cb6634ad7eb928e82f648d4c8f40660f8","sha512":"f297e9b11a9246da7d76d745f272ee09361f1f5193bc29993c73723935b22382c2f359b484b161affe7a8505d35b70f450cf5ca7e4049e0896da2ae48e72acf2","ssdeep":"96:6S66knmWIrF+/6OxNGcHGDhHCUWqHmoHVVJxWfapACR0HFtZfdDeYj:6S66kn2qJWiUWqGoLJxxLRwTHP","tlshash":"fb81094cfe01bc018b8ad740a5f81363ea7747c46a56b142fcdc9d0a2a562bccd4edc6","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.841509Z","times_seen":308,"resource_available":false,"data":null}},"time_used":913,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":912,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/xm/trx.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /xm/trx.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Jul 2022 17:20:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3216c-d30\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KWnwIZYBglM4N5zC8FZLtUxOO6HPyBSVNzcXF0LBFY%2FHitpkNQ%2BG1OrByxX7wx2hzP6Xqq6sX5VTVnqjc1IyfZawwt%2Fw8m%2FQ%2BU9dlnKYWStaxnHad1r90Cu7q2wTvNuHtg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b221a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3376,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"94689045fe789ea5a804e04d180d5b88","sha1":"4141c8cf319b2a9beabd2f67d9da1591ae1d805d","sha256":"85acc22574a8a833c94e8c767d461f7181a18dab1c3329d955c1eb6b801b6b4e","sha512":"ec2f109ae0ff20f4518ea4d1f48c771c2a9e34acd8895d2dc7c52c3302af590bb25e29484eaea887ac4869fbfa5ad1696c409493a56ff82e6ffe3ce177f3543a","ssdeep":"","tlshash":"ae614b9fcfe19cec8700d0ed7435d46bd5e43e5b46569c6ceb0d10a757c28215986339","first_seen":"2023-05-22T11:04:23Z","last_seen":"2026-04-22T18:27:36.832414Z","times_seen":2188,"resource_available":false,"data":null}},"time_used":900,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":900,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.staticfile.org/pako/1.0.10/pako.min.js","fqdn":"cdn.staticfile.org","domain":"staticfile.org","tld":"org"},"ip":{"addr":"134.122.173.178","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:11.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"staticfile.org","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Thu, 02 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"58:76:03:0C:93:D1:CD:E1:B0:EC:46:C0:4E:0B:04:86:E4:80:3B:93","sha256":"20:3D:7B:D4:00:D1:45:86:5F:27:E9:99:0E:00:64:64:58:38:47:BE:A5:CE:E8:D4:04:AF:81:88:25:F2:0A:01"}}},"request":{"raw":"GET /pako/1.0.10/pako.min.js HTTP/1.1\r\nHost: cdn.staticfile.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With,token\r\naccess-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\ndate: Wed, 22 Apr 2026 18:27:11 GMT\r\nexpires: 0\r\npragma: no-cache\r\nserver: nginx\r\nx-cache: BYPASS\r\nx-cdntype: readnode-012\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45988,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (45987)","md5":"64413eda72405dd1d28bbb64d900c778","sha1":"6086b751c4f4c90bbd0521b6bfe5279fd4eb55da","sha256":"29cfa0542b9864b6640cfdcc8f15b184db6431b532db2702a3ce97e5f2a7fc1c","sha512":"7ae59cfd0bfc2a9d026d35f533e43706f532a0e6aaf40bb9d134fbbf3dcc15fe6f7abdfdc9babacd5f919e00d8f1e37c0084058a0c63c18bfa8e1a0fe78eaf7d","ssdeep":"768:7feBUDB3FA8/nVPg0kKWslV7hF/PGjMhuAEIzg49n3cG:zeG/9hF/+jZAEI0O3cG","tlshash":"1a23f6a630f651a82be118d8909b2b96217051326c0519f9e378dde43cb4dcfe17fa7e","first_seen":"2023-03-07T12:10:43Z","last_seen":"2026-04-22T18:27:36.84854Z","times_seen":3755,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"cdn.staticfile.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a416863fa21.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a416863fa21.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:54:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41686-1484\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sAsFkP%2FJ2qe9px2nHVEwcxxDDhrrnaQT%2BjbHmMnOwQJXuLgKH6R4aroETsdue500B3Ry14SlZSilwsCrMWCBx8owYkQF3Gdfv1Hn2TUTL8Gspo8uBeMAkKmyRbk%2BLktjdg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb0a1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5252,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"b3d8125a938e19e1e7cfe6051c60101b","sha1":"bb132f49e929e7110dcf30ae3a417b93541b78cd","sha256":"a524b28ad45d08ee8754877bd4f7a78e91dd46271a7786e24592f832bf097f81","sha512":"ed176d642b515e521c5b7a91064c34d28957eff2b13eb6563181ad72f257e26e51471a85836df891481056a20b36f0570aa86f8939081719c29b13fea56d7b83","ssdeep":"96:6S66knmWIrFc/jnQrNGcHGDhHCUWqHXSHVuMNHmxZmeDGL88ombV7W/pDYHkUdV:6S66knSrJWiUWqiFFTeDOxbVE2kUL","tlshash":"71b17d4be95a6c856a49d908a5fdc1722a3b27d427549823fcd48d076db00fccb0cae2","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.823364Z","times_seen":339,"resource_available":false,"data":null}},"time_used":928,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":928,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a415160a4bc.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a415160a4bc.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:48:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41516-1644\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c7FRAXR70gmxY20QD1%2FcymR8b7r%2For7Ix4g6dRNZinfOSqkfpsND8DXJSTdl%2FdlKWYKUcUZ12Nd2g7fK%2Fjl%2FOGUAC0DYiORXczh7i%2BaZ4AvgAg0waVe3o7gyTMWBFw62Dw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b1e1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5700,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"5efcb2cd4e4e62fdde6d7a88e773ee4f","sha1":"b2ca433693dc31d7ae1110a77f141b026c4cbd30","sha256":"9355393961dd3c31b7081aaf565708c0baad1f4380b78d7d7d65bd99af137a25","sha512":"6bc10951e0822613239e3992a797616ff84054da56e0ae2c85c8b220848b9bece32611822a3502e5b5fbd68c131e07cf8b5b9fe280c7d7b20ed567ceffcda29c","ssdeep":"96:6S66knmWIrFY/OfuNGcHGDhHCUWqHrHVuaUCcVihhxx67AxGRU0rstc1wxXdQId1:6S66knQuJWiUWqLwaiilkR/AyyxXdQIT","tlshash":"2cc12858be27af106a4deb4446fc6256173686c86ac1a88abcce4d261cf516dcc8c4da","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.842106Z","times_seen":335,"resource_available":false,"data":null}},"time_used":898,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":898,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/advantage_bg.a5d6d444.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/advantage_bg.a5d6d444.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:10 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-77e9\"\r\nexpires: Fri, 22 May 2026 18:26:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JdiGnpPsJplIADJ4dqZWpcN7VypP7eAxdatQvAKa2nXg%2BH5hi6k78R9OfsHArzfYCWG56EeoxqlTd52xEKRx7GBVe4kZf6QZ%2BH2wl1ZNt3SPKzbjxFiA%2BOOJq9niorQQxQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52ccfa1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30697,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1392 x 1048, 8-bit colormap, non-interlaced","md5":"a5d6d444c8524a6d8e39fa1618582284","sha1":"4fda97683b94717d7597718b1e01c4a091f78ff2","sha256":"b2503b762cb8bf80f11571c1a10ac888258b78cc2a3a847780dfecef23dbb39b","sha512":"cfaf1fb56063ecbfc8d8a07ca56e6be8663b32188308ea349debd55b57e847c8005dbcbb1d72dfb8a7ca7873da81e44ed4b993345d673cf78bb3d3045f5cca11","ssdeep":"768:J1+dBPa7fkey90Yf5vWOjCuMg4+26RwDN1OvagerN6gA30Mh:3+dVa7fke7YlV14+d/vageR6gI","tlshash":"dad2e1dcf0f1d689567b11af43f47e48f5a5377e223344a05bade009a28095b3a7b41e","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.836752Z","times_seen":5405,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/js/layer/layer.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:11.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/js/layer/layer.js HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-4d83\"\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nage: 1\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BeETksCzjKE8zaVv57SAsEIfC1kqb%2FC7yLTz6Vj7lay1c4LaOHnjypbzFpxtNP8sJg0clhKHKOnk6iYdeyRMeylF%2Fq84S%2B9xOmTEFrgffxaKlgdY6%2FCIGluWwYHDcfl3wA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae5aae5e1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19843,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19752)","md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-04-22T18:28:09.608149Z","times_seen":13302,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Static/bootstrap5Slide/style.css","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/style.css HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: text/css\r\npriority: u=2,i=?0\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"6385e7cc-24d\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y5TcKoEJzI7zg%2BUqz3M7EhYNOAi4QKif3NCUnGwdi6ZJuc%2FZu70%2FZlzNut7GGXQ8MiYW2swa9ifKoswVFI0di9wkyHfgoQwP6WZCqz6GpiPcKT9f39obOK1A1a9rD8Ncfg%3D%3D\"}]}\r\ncf-ray: 9f06ae49eaff1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":589,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (589), with no line terminators","md5":"df62cb99d119a66bcd5f06547d96ecb7","sha1":"a6d0e097db0919f47977c33510359bc08ec88a9c","sha256":"afca52e1c0203f27bf8165e8fcf92b2674f084f6372f12cc1e7bb3edaee35f03","sha512":"59d599c3a25a64cfae94e1b2f1328abffb199a503c0e8904a3e4a574c101cb6b72d09e94a7b2afaa3f8cbd1a55b92cb2b2bdc33b528ee6c953d30fa3b622cf0f","ssdeep":"","tlshash":"a2f07f42b71a596e5d872300a9d213abf10c7f319709097992f3211d8f29a85237df4e","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.026033Z","times_seen":6089,"resource_available":false,"data":null}},"time_used":912,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":912,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/6907a78794d1b.jpeg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/6907a78794d1b.jpeg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 02 Nov 2025 18:48:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6907a787-2044a\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dl%2FyRVSmnyxETeJWnbKC5RfNayAV3g%2Bq0QN%2FDGXqhw0TAduZuDuvDW1%2BnYlfkzzwYXseMjZNt62NEdCbKfjApWHYgodNWUdUzIJLZqPLPsgYOsvm%2BXuERuELO8TNfSRGyw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb071a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":132170,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 750x300, components 3","md5":"dfde2097912178e1ade955a1479e4158","sha1":"2a46f5160255b5b99a32ffc7c0dbec89a2ff98dc","sha256":"09dce8313f5e10579c1f58032cc3397cb4b253cf9d4c8a0b858402cef5d397a0","sha512":"34b2608914c24f8754a8097b7cb752fa1960934c3be9270110cdc6d492ba99ddbf086d4c61c29789527849041d824979186f6e0af199f8efd181a22a11d2cb07","ssdeep":"3072:aJmM1CFqby70UZh28jBlZQZLoSMi60EL5+DuWXqT1mBkOZw0C1oPSnWnWnWnWGH:9MGw+FjBl6LoSMi/Ed+DuWXqTox5CSPb","tlshash":"8fd3f130ebcbdb061b9f446888fdac23076a19f811de90166f250df5f5cabb554424bd","first_seen":"2023-05-21T16:18:43Z","last_seen":"2026-04-22T18:27:36.844887Z","times_seen":4450,"resource_available":false,"data":null}},"time_used":1804,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1211,"receive":593,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/icon_etf.svg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/icon_etf.svg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-55f\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8wAMkvI%2FgDzisRDr6cxCli5y%2FLHkX9Z4KZ4VPGV2nzmS1cndx6yPEjWm9YVKsV%2Fb%2FbpD%2B7iGoweVlySkPuY0%2B8Xc94mA69Eupk65cPZ1JsSA1AwddaXAWA77Uv0shLxUgQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b271a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1375,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6e432564e65f8779c665055d5bf9f563","sha1":"dc529670e33c8baace696f7ed4c3ef3bbe9cad90","sha256":"2df7417ef0acff023bffea1bf0c6366884770c1dab4d191f24ec29c84d2b7031","sha512":"cec79f984f55609c45347e0a6b9e885fec23baadfb00fca179eeed2b2902e5a8659649b6e4d7c0711a40bff90b8acfb7b8823a89beb53f9e836211ef89f17c3e","ssdeep":"","tlshash":"cf21e9fd204aaa29b35dc352ab2961f4184610fe1f35e4c1dbf855143c1cbfe495a1db","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.838794Z","times_seen":2545,"resource_available":false,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":879,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/community_bg.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/community_bg.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-3c99c\"\r\nexpires: Fri, 22 May 2026 18:26:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tNM3%2F7KPQGKtZNKKeYIZGAl95SUHX6wIKMkxC%2F%2FpPQnPZtV6psFXVNmQbK3c31PP16kUo2eG8ZImBpy5Hp9wNp%2BtQ2l7MDapOTM%2FKHNAvMJoL54EgWQqdJv2Fac6InRguQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52dd021a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":248220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2892 x 936, 8-bit/color RGBA, non-interlaced","md5":"3107a5d7de66ac526ba295a6ccb85e2f","sha1":"7ca2f1ffe3ed6dfd6260e8a47643d30d6223aeb9","sha256":"1021f5b23b901a121fcf0f78866fb66c978411d309aef421c54af4cb09ff1b6f","sha512":"262a6554428da7f2bffcc71915ee13f5e9a504a2e76af61499ba7ec68713fdbba8b2f52d9b6ff8a9b13ae649103c6aaeb2e89f0dcf5411ec636a7c6ca5c26f7d","ssdeep":"3072:2cI5zu8n4youkJkjKrt88rRhc0ZmoZ/UYO5+90yCOo9XHhNkHLfuZVrD0BMdJ2oo:2V5b4G0ks8ybkwT9vBo9R2iP30BPdb9","tlshash":"73341284fd1e6df6cdf40db008629f4c7935a6ad8835d713a3b6e15d9eb754008be680","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.857593Z","times_seen":5125,"resource_available":false,"data":null}},"time_used":2060,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1186,"receive":874,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/6907a78be0e21.jpeg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/6907a78be0e21.jpeg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 02 Nov 2025 18:48:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6907a78b-219f6\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n4syi1CMrbmoFh2xidoJMb%2FvRJf7hRg4fW5yUvgySI8OLKX%2B1RriV0iswNDlqlapyIioZ1T%2F50XLI02cfV%2Bv%2BExjHpS77rrLJpEsW7VvuTFaPjyssuf0rF4HF0Il1ovfGw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb061a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":137718,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 750x300, components 3","md5":"96abd4588e557e6a37f5d3c213f0dd52","sha1":"6647c6a4e45c0963d31ed26ffd3fbf47d8891dc1","sha256":"62fca4cd746244e0a048bec7fe7d714efd224221851c3a91ffe8d1daee2bb8b3","sha512":"a7a2e192d4e25de386ba726c28b53c5321687450227e70fd77ee4a25fa26e8d52e5e8bbc81c18e33e85095fb3cdef51c8a0fcd3ca3b553e18d8bea383546f267","ssdeep":"3072:lFn4afMToBiTo/Nk/AU9MfbHpEbxsUNuJdL0:l2wBikAAUzVuJh0","tlshash":"5cd3f1a2ebfbeb2b4b5b56bc826dfd3b535019c828d69663185b0d12f908f31564703c","first_seen":"2023-05-21T16:18:43Z","last_seen":"2026-04-22T18:27:36.822535Z","times_seen":4435,"resource_available":false,"data":null}},"time_used":1839,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1231,"receive":608,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a417be9c03b.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a417be9c03b.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:59:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a417be-119e\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7SZ9055rHzHCBx43iwYHORUX8tQE8gwamSjOV%2FH49VD7y0CgolVNWA1AkPqQTAufslaXAay1rpzOdy3ImMOthoiiBi0ByOrdEmSqMjRC4gFfsaiFV9TrNXfWn2DXuuq2mQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b111a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4510,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"54f8cb8f0454fde5c8d06b963fa9646f","sha1":"db1ba9ff4b514b9590c49f534811ec32843862a5","sha256":"db6990ac67c4b55e7affe222149f44f24e125401656126d8eba609b8cc74728b","sha512":"d6a364b68322fa676085a692ce490d3f0ebd9776a4a57d80029566ac68447a0240d7533310ecb4c18d0ef35f78e95194ceadccba2a383ba9d6a6078026ec9118","ssdeep":"96:6S66knmWIrFq/onNGcHGDhHCUWqHwHVR8/2Hf0LsQo1Us8cTy3BUWtrK1p1GxCY/:6S66knKJWiUWqQrdYsQ2T4aWtOsQrK","tlshash":"6d911c8efe529981ee8eee4f5df4111383778bd4aa49b183ecd449166d654b8cd0c0c7","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.838112Z","times_seen":308,"resource_available":false,"data":null}},"time_used":901,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":901,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/xm/1613786513998262.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /xm/1613786513998262.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Jul 2022 17:20:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3216c-adc\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c5fEp0aa1vekNHeirPKbOqammvJF2h1xfyJGsfZZYP6hpN7KxPIgqW02M0hKBceBzkJ1taG1MKg8y7eMvbE2NlJh44nEsjwiR2yKHJvqlU5UBst5T4Wh%2BAOcsJIHpvAk2w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b191a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2780,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"856bfdb63dc0d6fad6b92fc6a29719e1","sha1":"2fed2e3409ce1bbbfb37f6da4abeecc30cefc021","sha256":"eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6","sha512":"a61c0a108d63c89ae62a2b03108480b5c08bda0e80049089a2a84cd7973bd9e94dcd2902e166b92e1d7ad5b7356357c9b181cb1b6051dd25913e82d2420154f0","ssdeep":"","tlshash":"51518cc7a707f33a9c866161bed44509f244d80a8160b31c0f33a7572c8a83ea4f324f","first_seen":"2023-05-01T18:49:36Z","last_seen":"2026-04-22T21:20:06.776061Z","times_seen":21040,"resource_available":false,"data":null}},"time_used":899,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":899,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/js/layer/layer.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/js/layer/layer.js HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-4d83\"\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sNE9X2TuNizdE5GRdKizedr1WGy4EUVzNfnnkfyPDe%2FskNrpel5Mx8aKjLwAQgsIjpi1%2BkwWSRQmPVIgYYeKtX%2FY%2FWeDUY1wwkMvr8jsE%2B9rEO9BfIJ4cVO7JWTYiInYhg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a3b2d1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19843,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19752)","md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-04-22T18:28:09.608149Z","times_seen":13302,"resource_available":true,"data":null}},"time_used":885,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":885,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Static/bootstrap5Slide/bootstrap.bundle.min.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/bootstrap.bundle.min.js HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-1339c\"\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xtKEmy1JRV95zQAlDjqmaDGjp5sHgEqKJ34dpiR8L1Vh419jwRsORXnGDEXNoMPL6mkYbPAOYqXARmWS0EM%2Fj1TWy%2FLU00ykNxryA52VFmtvYL%2F7aQ%2F6LKfpTWFpHrzhSg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a4b311a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78748,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"8831aa095cdec88f66c2e46c339cf352","sha1":"5db4c40dbc6bd3d9623ee98a2061dd265885cf2e","sha256":"79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9","sha512":"b07f093e128951e03d3d693778e70e97c53e95f65382d0570f8d6ae9c3bfb25c311870b129c5b8e4ae283c25211c6ecd301e266ca11d75598fb935eda5b09b14","ssdeep":"1536:GaPTJR2t4PqiiyuL5FehgTr1voCBZx6wVlLBkS:4OANBZVV5","tlshash":"0f73c5493254b87309ee15a68037460bf7256d94b14b802cb5bdacde2b3dc8672b7f78","first_seen":"2023-03-07T01:34:42Z","last_seen":"2026-04-22T18:27:50.069436Z","times_seen":7517,"resource_available":true,"data":null}},"time_used":1189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1183,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/home_head_bg.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/home_head_bg.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:10 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-cf649\"\r\nexpires: Fri, 22 May 2026 18:26:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UwKzT3ZuPbvApnXlGMkbTLCON5fycc%2FepaHiZDycmruTiV%2F4oDzyHO8Ec%2FOxY3l9%2BlwVOunKMP%2FwELQiP50ALP0KHBZHcd4we%2Fii0DLkAqBwm76QX4LgJiO5qaQ8hQaY1Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52bcf51a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":849481,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 4336 x 1428, 8-bit/color RGBA, non-interlaced","md5":"1cbfba6198f4e4ff700eb43de61092ac","sha1":"ff03b54f67e1a0ae20c274c3d06ee52c3dd6ee50","sha256":"618a8249a51b933013f55571d8cdcb16e26863c921c82170e79fcbcb582eea95","sha512":"cb12167584983054c4911ee8604171dc08c8f89fef64c97ef3eb8dca7f424ce7d34b87924419f0e76e7a4b23f231371bef37231639bbb36c71950fdebbae40cd","ssdeep":"24576:2nw3WzrNqGPQiPxmnC+YarisIgK+Xy/6Nn/WMISk:2n+iQGhPxmrY651qGn2","tlshash":"7405224ca0eef889cc125b351ddbcf8d52a430b498ef6719bb63bd20895d9cd6877620","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.851878Z","times_seen":3637,"resource_available":false,"data":null}},"time_used":1751,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":580,"receive":1171,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/xm/5fc.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.538Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /xm/5fc.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Jul 2022 17:20:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3216c-a86\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TvI9Sboe%2B0WcGnGkfLny6KNOqSx2sTM5Z33%2BgNlEBOE8A4PFRG5DgtdzyYk4fcfAiNaHZGNM5fyNlIOWdBYsinhNAFkNg0%2BLv%2BI88Qn2R5K00HVYskPc5zg8x%2F9j7BUA1A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b1b1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2694,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"6ad5509616a5fca9f389801052bea3fe","sha1":"5b53d204b7e6066409067fba9fce5202ff20e9d6","sha256":"6becc3abea448b67731610708852a70c3ceb99059b2dee98da3711dc0620218a","sha512":"18729e5d7521224c032a2a7f18c154b1d02905dda6a06dc3a1af5d876bc5f651b78699589772cd6158bc1bfa75aead83b084bca2b06539a3e4cc9b4a6d476ded","ssdeep":"","tlshash":"ed512be6a252222ac78335be8a25f1dbdf560afb123220858088c13aa40f750c98a573","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.854493Z","times_seen":18549,"resource_available":false,"data":null}},"time_used":885,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":885,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a41572be98e.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a41572be98e.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:49:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41572-af2\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HoOqmQe6tDyLHrW7cWj0kDd6O5XG8ArEbUEieskszMF6Z9GQrvh%2BhY0u3vexE7pP1PXUd6zp%2F2kTNXP85LS7S6%2FhfF5EdAfB8uQoHzRWLmFh77uTfpF6DQ8Ji1EJJCnuOw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b201a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2802,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"3b5ff59d96169e3c124e7eb601919625","sha1":"25bfe079d87dfca3ef8d0c5e950010f1460857ca","sha256":"bd319d604181ea8155810cd0363933e4a4e2d54ef5b3b20351ce591762a3f9f3","sha512":"ac3598e1c772a849fa452f5b7917d607d98ba29501493dd81b254fd0c8a33c0eaa33dbc01bff0fbd3f7ea38c3fa01de525f70a9cf651891bdfb30207a90a4a8e","ssdeep":"","tlshash":"9a514a807cc0fce4df2784e27592bbd92eb079005897aab6d794c60ee580ba00362fd1","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.855131Z","times_seen":306,"resource_available":false,"data":null}},"time_used":882,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":882,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/advantage_phone.511b5ee0.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/advantage_phone.511b5ee0.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-4ddc\"\r\nexpires: Fri, 22 May 2026 18:26:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BoXLJ7zD3b%2BhRqwlCf3pv7gMIsi6eU6%2Bx8lQOC85NhK13M6W8ccSBh9uXJEhVft1z6I8r3AsamJmbUJDyUJU3ecLpGyRV6scOwf21Kt3xhlbEc%2FwEGDhd7Dubyfr6xqlSw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52ccfc1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19932,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 1038, 8-bit colormap, non-interlaced","md5":"511b5ee00b739dea06dc9e55011afa57","sha1":"eb4ebfdfc46829471c2b86dc94b2e6bc83037fb3","sha256":"31b768d13aee263d4de7af1b5527bded34ad208284df0544dfe5fca9d00a41e0","sha512":"54e06fd802883d46f47e6f59f3d795d893ea797d8295c1cbb506b91a46d0d1efa79751a454049c3e6b2ac06dd5a312950658d96fa9f8c3cefd1d46f73e5ebda4","ssdeep":"384:/M6qoHUBFHYEFyqYA3ar7vWF6cCf9X+VFMsTB:vXHULHpFyRxc0X+Q0B","tlshash":"fc92d0c78eb6894efba7c47c81508bf2617a282190e61dd5fa61e3a3b432645db36071","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.833033Z","times_seen":5429,"resource_available":false,"data":null}},"time_used":1219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1218,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.3.0/font/bootstrap-icons.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.3.0/font/bootstrap-icons.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 18:27:08 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 8018\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.3.0\r\nx-jsd-version-type: version\r\netag: W/\"edbb-Du3MPQ7GnRobCfGvnAP4Uqb5QVI\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220103-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 3081138\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SbFq72m%2BW0Ld2bAEGpQhHJGQO55hfNexrqu49%2FfRTG8%2FZFYK31d2m0FZCmiWXyDhdMQOEkK5h8bObcivkZ1hU0wWXI3Ynvb5LVo0Tf8w4eVWRFjZ%2BNqSeNn5Q5ONBOX7YmE%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f06ae4a1a4e5699-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60859,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"dbf1248779dc682a91ba529b5efe0ffc","sha1":"0eedcc3d0ec69d1a1b09f1af9c03f852a6f94152","sha256":"32cc4a47b370e278072a6440249872e681efa1d992600420c03a9631da885d70","sha512":"2e96320bb785273c91c136a4aba02268e2c9ebcc92998c24160331ec14f0f902132d21f4ac4cb130771dd20758bef407d589b1f8e3175796622edb162a517098","ssdeep":"384:vaqJVm8OAL1M+hQokEYm47U7yH2CYEjOnm4zH7fZ6aXoso1v/:Sqnm8OAL1Mzocm4KyH2CYEjOnm874soh","tlshash":"2c53cebad18f05f59341e4d92743674293a9ba7ce1817c7ad342399ee3c06188ad73ec","first_seen":"2023-04-05T06:29:21Z","last_seen":"2026-04-22T18:28:09.601426Z","times_seen":14838,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":3,"connect":4,"send":0,"wait":7,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Static/bootstrap5Slide/bootstrap.min.css","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/bootstrap.min.css HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-2f0fa\"\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a7I2rH5wQJJAMQaUKc9urA4qhe8iZZTbTKBKv%2BdSm5sTJ98KFEl49NuHu2%2Fq6ZGJzpfSnQQJj6m3a41HoZ9MrVEdZp38reb3IqriqOHd7hSs1GtM2H5ICjRvlLZVAn9wjQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49eb001a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":192762,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65184)","md5":"cb46b85888b78de64c1f51bc7797aacb","sha1":"e57147e69810b9ee63af657969ddfd6c456957e3","sha256":"652650f2c09a63e822932e07d79583c64a996e44ff680e2a9183c2a7c5b2531e","sha512":"cdf48d3e0b60cd162995316ce921e3285248d481378251f13403c39302baba3efe6332a537cccf255e2261b8c39d719ab1a9efd83e97111ed321e11dd0eefdb1","ssdeep":"1536:rQGFA+QbGwz48MIEtQ12c2Jsj+aeHYAVmJz600I40Yw:rQGqAVmJz600I40Yw","tlshash":"311492a7f581201ee493c10995d2bffe057f9586d3021baaf42737b44b452eb8a63e4c","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.066152Z","times_seen":3243,"resource_available":false,"data":null}},"time_used":1237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1228,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/favicon.ico","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:12.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:12 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\nlast-modified: Wed, 11 Mar 2026 12:39:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"69b16285-a892\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DkO9WiBWnVrWzEspDzFZll6ICz7fJDCtN6s1dW7uYLMfRWtsj0hap6xi%2F27ii%2BZrLpAZ8VuRuQTjWPYEKaEDxDQmHdnV4NFu2vyTs4WGI1ZA495wtfqfYuZwsx57jfXPew%3D%3D\"}]}\r\ncf-ray: 9f06ae605f871a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43154,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1563 x 1563, 8-bit/color RGBA, non-interlaced","md5":"6921fe357f4b9f38a2beba8c221a0e9d","sha1":"defa4a67168ae3c5106363d41bfd355f412a8a79","sha256":"dda2d34ac9c33d040a42231c0fb4f53315aa7c2c686575700c41f6d25dddd002","sha512":"19eea5ebd97281203a602b1fc746086dc1d59f250ef7678fde551d28c688d1b690320941b6aa8b34163dbff87767f8a2ab6f34efc8bd7a10da4f239a66760d76","ssdeep":"768:bA6642FLEMg27QvObsCTCmJ+uo2iU9jQIabbbb2bbbbrojH/RpY8TmkieigPAD:b042RhggQWbZI2ignsfNFNig4D","tlshash":"9e138da022179de6ce9514b98c3a1ffc776e1bea375d935343e762590a33bc098b0718","first_seen":"2026-03-25T18:42:34.317226Z","last_seen":"2026-04-22T18:27:36.847905Z","times_seen":14,"resource_available":false,"data":null}},"time_used":1489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":906,"receive":583,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/6907a790442c3.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/6907a790442c3.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 02 Nov 2025 18:48:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6907a790-68eea\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U4yQ5RbPNBJ5W5e%2FINj%2BnnysgDPMblRiB0WNBwB3%2FDp%2F7c%2BwIX%2F3eN9v8c44xnh%2Fl6BTwsvlKEyLra9ODhLW5%2FFpma7u6yixPWxl2p0KHqm6TYwALu8cLPyPy8YQe5xjAw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb0b1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":429802,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1140 x 465, 8-bit/color RGBA, non-interlaced","md5":"225ca6bb404d12e23b7b386fad845b9d","sha1":"5867c40e357d614354b83402482c4587ec910544","sha256":"670d66f9a6d3a2428280c04d570de82d99bd3c254888abafb92882cfae08ed44","sha512":"91cc1f7d6e940496ccd1d6285188e9b0c8150c39a24e724152ad53401be977259b6a8f66fc0d3e5cf17b19c31dad8370fb4d81d20f8b7b591da332aeff0790b8","ssdeep":"12288:JuQM20o9QXiA45lDD1mpVl09MrFrJVh+y5:t9lDJmnr5vhV","tlshash":"4d942395c5c6bc3391c6d10c9ab712b1b2239a7998af5bd506997e8c144cccac3fe24f","first_seen":"2023-05-21T16:18:43Z","last_seen":"2026-04-22T18:27:36.831076Z","times_seen":4428,"resource_available":false,"data":null}},"time_used":3297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1323,"receive":1974,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@4.5.0/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@4.5.0/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://holding999.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 18:27:08 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 24869\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 4.5.0\r\nx-jsd-version-type: version\r\netag: W/\"27293-TxSgmmBsmaEfj9oVVk72b3BAKCY\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220176-FRA, cache-bma-essb1270026-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 5941842\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9DS4x4d2hHPL3PjlStLHJSzh4Hdmt%2B0enRvXdIjIGywxFRhlSQp5OoZYN87qoybv3L0rkkldhsDE2siVpaM0b8HWMMzKSGT7uSH2awRRUzwqCZfY2tQwJaqjTt0QCShuL1Q%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f06ae4a0bb449c5-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":160403,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65324)","md5":"3afe15e976734d9daac26310110c4594","sha1":"4f14a09a606c99a11f8fda15564ef66f70402826","sha256":"680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c","sha512":"aced925c428148809afc07f28442b966a58508ea24d6b7203d87c63aab57df93b28ab68183a5dae0d9c12705e0a484685de5a370099c42788c869db686d0dcea","ssdeep":"1536:2THqIJOT7SyEIA1pDEBi8yNcuSEeA1/uypq3SYiLENM6HN26H:YH9vGGq3SYiLENM6HN26H","tlshash":"03f353a6f5a0312de4a7c61964d0bafd152f8245d7224bfbf8273b6447892c70a73e4c","first_seen":"2023-04-05T04:00:44Z","last_seen":"2026-04-22T20:22:41.751523Z","times_seen":22669,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":6,"receive":1,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a416f08ee65.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a416f08ee65.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:56:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a416f0-145e\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lM022FHR4XafexRIDnjpInDQ9nDHZmSQsX7Va0Lcv6%2Bmq8Fh5daCWCQSPx8Y5XhN4OwuSvEuMIvYC3v6%2FVnv%2FGIx2KHlZeUfLxQHhN9jIUt4LldVI6uhKpQi%2F4s4ZdywZA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb081a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5214,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"62350b70d463992f8d78fc349858f82b","sha1":"3caeb94293b8ac10fd3b8c1cf1f496b932c63c71","sha256":"0fc31b0a7f4f2b56248babe9ba5b5318ac03ab410c43c4db30ad55b574c53d16","sha512":"4bbb838cc3db8ddaa2b5e7bb83fe91c951569b5e76aa110743e8d7075d9471af419115efc477a387a8fed131fd909e515ae3d8f8f757abce4864802a5d166b02","ssdeep":"96:CSDWKrVUNhkWUuLaWj9nwI01zS2d6Jq9k8rphC3Akh0zAK33tsmS6Tr:CSDWKrG/UW9wIMQOkehCgzfH46Tr","tlshash":"4bb18e57b17edcf6b488b9809b801171da6cdb6b66c2016f8174c1ef0965dfa341ec88","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.828429Z","times_seen":308,"resource_available":false,"data":null}},"time_used":916,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":916,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/hot-2.svg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/hot-2.svg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-1ade\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CXbfv5qGfx0%2BkNmnW7kGm7e50Nf3PqQQ%2BOUQzFmrz0enW7T9NKyimSkMCEqfP3Fe2VIWhqS%2Fl2TOruFbM2si2wkifJW6SvNvD%2BFz%2BvW7rbA1R84GMzEqw7Z%2BY2bM%2FM575g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49eb031a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6878,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dd9279cfb541640afabd1d33527f1df4","sha1":"6d828472cfaa863044b92e5c884ea8d658df4d36","sha256":"6466ed8936ba729058d7e2ae3bc93a7d8f3fb8ec385d7e3c29f21968cbd5aaef","sha512":"53a3ddf98f9ea97b18e73e5ca308a452a16142e672dcf3d1c86e61cc83e94729651eb41301bc902cc2510178e0c708fb5b66f3bf1e4ccde0fcf5f61aff77fcf5","ssdeep":"96:QRslJ3A7/H2wd9Qci3A7/H2wd9Qccra97a9tx+duKNBBbNwKDNlUs7vkSqD:QWS/Zd9z/Zd9ia97a9tKblLs","tlshash":"96e197f7e1b8b993d246c771ed52485528aa84fbeb810391c2e8ff9a6135cc04c4edd4","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:50.076028Z","times_seen":5036,"resource_available":false,"data":null}},"time_used":884,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":884,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/xm/5f87397132a8b02.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /xm/5f87397132a8b02.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Jul 2022 17:20:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3216c-998\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hZNUWf%2Bg%2FKKetDqKaK3VPsoALdz4kbZN%2Bzt6PFVWtxXFK8%2F8hE7eH8RXDxxb3tlOp4rlL4%2FGvTtFuxVR%2FPp1kGCICY0yU5dL%2FyvNQnfCcwuGRIHE70GyvIY%2FHgDwVvoRBw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b1f1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2456,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"bdaeb947a2eb31bae0a170559df9013c","sha1":"7fc8496c9bf51eea98dc9060262f87a792a24a43","sha256":"3225172adc122cc7f8f09fbcc94757061330651a485f17091f41726767f7ea3f","sha512":"710a1ac11f6fdb3915479bf6b9eccf34f4dedd8f30e6bed5275f52d1ec634a754b252e385eb9cd388a5a69c64aaf5818c13cb783090ae68a8696af067cb67341","ssdeep":"","tlshash":"9e512b90d3f3d98a7d930935f8b27a34cfda87da97098523ea834854e279442cd24943","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.849739Z","times_seen":18061,"resource_available":false,"data":null}},"time_used":920,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":920,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/android_down.d99dd6cc.svg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/android_down.d99dd6cc.svg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:10 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-2d6a\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4QO9xQFeOU2q7K5NIqAcLrTWxxP3x8cuPVlSJYNhUgurQ%2BWoDThUVea1kKIhKEucIwC5bGuu1fHQHJhJcCnXGz0S8GS15FF3Exu4R5VrQ%2Fa4O8o0MfK5ye%2BcRVwyp8Ljjw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52ccf91a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11626,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d99dd6cc9eeb67a17b5f64eee801202c","sha1":"6e11cb75b0529af92236763785b69749f62fee4d","sha256":"dc8a78d121b34f655fc063f43d4ef8cec3581d8539369f35f2ae0258a5735954","sha512":"fea5046497f492375a2bde60559ebfb91f67e52685d5b8055c2fd585809cfc98c3bf1a2bb0b20aa00e390c75533ba327d1b66194709fffe3c236fea363c0aed1","ssdeep":"192:Wt1zfau5v7dYMyr8R0tjFnR0tmWi2C/FNNW6xX8jVCZVzLQTsMH6IL:MzfhzS8+pn+mW4FNNFXZZJvw6IL","tlshash":"693255e793a4c0d0690fd5b5cd3b5ae43e1b70fbafc19058326dd944eb429d68b06e48","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.839895Z","times_seen":4105,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/advantage_phone_ui1.7a062617.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/advantage_phone_ui1.7a062617.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:10 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-1fde\"\r\nexpires: Fri, 22 May 2026 18:26:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5T2aSvcxH%2BLOAr%2BJlJd6m2313nPC9uggdEP1%2BQdq%2BvNHPPrp%2BcONGYnjz9h9Y%2BB2eJo9ioIoB2%2BsJphAt52wuqb%2BwEwzQhd3%2FE7FgGzY6FRnFK%2Fj2wtolg8sa2cfV%2FnfiQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52ccfd1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8158,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 620 x 384, 8-bit colormap, non-interlaced","md5":"7a06261784d3908ab66f836816376de0","sha1":"3ea8a00b11b016e46703e0b873f005eb5e70adf3","sha256":"c6aa1f5b958419cbaa53682faf70d19d2737d2fc3ec58aeda3f83de3802ac4d0","sha512":"fd838b02e21d15d948d357fcea888bc7fe11bbe2d268d82f6b5f14341b2f253f5ffc6f8f34bac7beb7cead9c4780f6d4ee0b1e73db99ad3c681839965c886572","ssdeep":"192:RCD7357jDYAgAY0UKt/wetdU7BxeTKgPG2ZgwPhlTAAAAAI+GpYSTOFgWsh:RC3357ZXt67reegPG2ZvPDgGhCCWU","tlshash":"4df1ae00e21cefc3fdfce446b5a9916f24b44271323294ce50a39b65d8f459fa7966b0","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.847366Z","times_seen":5414,"resource_available":false,"data":null}},"time_used":1038,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1038,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a417f3215fb.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a417f3215fb.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 13:00:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a417f3-17f6\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YIrgtiYohHrbHLTaBQbODk9AhZP8MeXdtx2V38rbVvkcrlxI0oh%2BKXx2oBspnLyVqzVu2CpiBSWuh9RC7ENdsSFmmGeQjtXEBuKxslwmQJ%2FWYg4Sy2NRIoJoAzkKcc5xTQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b101a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6134,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"f8e149a251e0d36a3921eccd12637903","sha1":"79f328135da998dc03948e1bacebfc18dfbe8584","sha256":"59e561603a5aaf4173c80a99fd7e0f3031f2c19898b78e43f67301d4ad8d52ef","sha512":"7c786e298586d04c4d4030a0bd000a1399c39986cdd9c1abcc2f92cf13f5a742ea39be029872e6ccacdd61dc44778d07ff1d8d6da233cdfabd09e5e0855cd01c","ssdeep":"96:6S66knmWIrFi/yweNGcHGDhHCUWqHqHVQVJZL6eAvV/DDGBZX+d36ggfEGqAao8D:6S66knFeJWiUWqKcJ16DDsZX+dLgVqAc","tlshash":"cac17c1cfd26ec552d99f70db9ec5243a56f43d49a0660a3fccee8030c501f88a0e1ad","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.846725Z","times_seen":307,"resource_available":false,"data":null}},"time_used":915,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":915,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/xm/doge.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /xm/doge.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Jul 2022 17:20:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3216c-838\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HfqpfJBdii68AN%2F65KoScsqhLtZMgZiMWdCEzUu3wxfBftgxD8Ma53BdkV1Rld9%2BTiptCw2f%2B9BeCzg1Khc6xJqSDG%2BmFw0D5%2FFuQYqRTTylPCiKKQAZA8HqwfkCUptf9g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b1a1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2104,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 61 x 60, 8-bit/color RGBA, non-interlaced","md5":"ff0c62c872d877837881793431cf064c","sha1":"8ee9cdfe43cfba24078529fa23984ab9e9d99a76","sha256":"c146f8822178b5581dd5eb80071e9824e1634252a4cd0d25b9675b0cb3da570e","sha512":"2416ae2389993012befe574c4ee91c47b6101f3e89b7582d25ce214e248e5305f327183c2a7222259b9aeae09ff7315edeae1ff11c8be3304ca11d5cefeb09ff","ssdeep":"","tlshash":"b0416e07f3ddbe79ccd66bb71348e024d01ff7e1b8010b98a42a4c565258c6f215c44b","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:50.076588Z","times_seen":5331,"resource_available":false,"data":null}},"time_used":872,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":872,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/icon_margin.svg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/icon_margin.svg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-654\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FBb0DnXwkWU%2BfFj9U5OEErW2BzdX5D4eh7Zc962lhLi1D2u1iLsLJGo4LYFVQcc0lSa7oJ%2BqmYjs9QBzKdiiObYkdZmfOitZU%2FcD2Vn2c4GU6l95skBkWcdjguv0HqCeGA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b241a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1620,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"283d6ddfb29042011328571a509df448","sha1":"3e486c50cfe119efc43c68ffafa349670c9f919c","sha256":"e88581cf4375fb6f9e7d94b4f9df4a667677d0d96384227c9a9228b1329f3308","sha512":"78e85634891dbc1423281f54e43c362b9cf8c75c83a070c34b36676b72b7b71e7793b2224c6d820eb870a0f7d854b336334b8ba0bca9125854139aaf2a97bc91","ssdeep":"","tlshash":"4e3120883a7ac39ce500e7ad981bb5ac3e1e04e96684c5d9c3e22c1078d2a59dc98dd7","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.826422Z","times_seen":2529,"resource_available":false,"data":null}},"time_used":897,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":897,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Static/bootstrap5Slide/scripts.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/scripts.js HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: application/javascript\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"6385e7cc-12a\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ny8N5GoYv%2F%2BvlpyMKywDoOF%2BbAqmfKaCps6RfuXbdAOMNo3GBj1kuL%2FW3QUEpBh4yMF0cOdmWB%2B%2F1g0l3egSODkjKlW6446zhiEQnUh7rGK%2FcUQbt5vv0%2FaitI0ewYkw%2FQ%3D%3D\"}]}\r\ncf-ray: 9f06ae4a4b321a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":298,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"48477ea73f8709a6c29d7cde0cc83e55","sha1":"5dc30fab107725dd71ab343d70b9e6267ea68cf1","sha256":"fd67e1f083236a6c171d2275401174ea62a6f24fc81193d55653080a236a209a","sha512":"0932287b99d7c96929e7464b6684fe399dfcaaea787dcab28fa0879094b5eb4d92139260fecde4ffe430eca3986430f98a72fc523332c4e476bee9ea2226b1b3","ssdeep":"","tlshash":"1ee0cd91761d4f9d1ccc3257996092c576841524e401f06790374c6c0a9584225fb7fc","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.052952Z","times_seen":6103,"resource_available":true,"data":null}},"time_used":893,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":893,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Nunito:wght@400;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Nunito:wght@400;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 22 Apr 2026 18:27:09 GMT\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5463,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"721a040ea564a6f1097d3c9fc78e4478","sha1":"969b3a763c65bbea8dd653387efe6482fd53f614","sha256":"1eab5e802b5f0457aaad88e630b825da8ed3ba340a35a34b5f6901d9d84bdad1","sha512":"44cce6feb92211ced4be081e6a2c9c0c63b0fc22a7243396544d0d88b4736d6e6d62ee3cad5136dda1b21e3f4eac55d6b465a0b28922df3565bc5bef366db625","ssdeep":"96:BOEabTxOEa7FZOOOEaKOEaQJc+uaOEaENqOxMabTxOxMa7FZOOOxMaKOxMaQJc+m:OH+yptkUkH0yXLkeLHbywkkdH","tlshash":"5eb17891045bd400aa432cc667cf7f37ed4e62113464c57aebfd9898ecabd272264b1e","first_seen":"2025-09-17T11:57:27.939025Z","last_seen":"2026-04-22T18:27:50.084802Z","times_seen":1108,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":91,"dns":1,"connect":9,"send":0,"wait":17,"receive":0,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/advantage_phone_ui2.03eb46c4.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/advantage_phone_ui2.03eb46c4.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:10 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-1fc3\"\r\nexpires: Fri, 22 May 2026 18:26:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PieyHwqRlfz8hbce3pSz541ylC%2BhdSZjU0YUI42SJ%2BYVh5br1FaboJoe6DbLxRcO1ntTk4sVwjvbxP%2FSvkHBJlA1%2FGFUm%2BSNllPDb%2FGUUyaKCLDWCa4VrzHuVdSVdrjAjA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52ccfe1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8131,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 620 x 414, 8-bit colormap, non-interlaced","md5":"03eb46c414ca4054d6aa8bcc6146e203","sha1":"1ad3fe2ee83e35506f404b3dc6110540539e32c6","sha256":"98f20bbbd1c55089292d663c5a641e6cb4d02e91149bd3b1dbfa3dc87168d1fd","sha512":"e59d6713424efe87e45984399aab1739b3b1ff7cde9fff91c83582110c669f9bf299ccb30a7286bec64c48243f887f701f27051f9e6e8b4445c9e927505db019","ssdeep":"192:vri1p22NLEFORfDwDmxiEVHkmrogfcftKLatznubkt:vriOMR8DmxiEVkafc4czuu","tlshash":"2ef1afc2d9d35ddf9d9c0b2b34cbf454844249d0eac68d05d74245a8f8be082abe3d9d","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.826903Z","times_seen":5472,"resource_available":false,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":873,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a4171873d07.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a4171873d07.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:56:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41718-f85\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4faC5SKxNK86I4O%2BnLiZUkI3S4zK%2Bv%2FTSuRrZux5pQfF5beUebcCMxNCDz4oxf9EhV6Pyyo44r1mFiX%2B57j9CGNFaOBL0XXt8FPJU%2FBwyZH57Q5AqNU6anTECTDL03Knzg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b0e1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3973,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"ebfc7ed1a22e7419f44320a3e7c1c7e6","sha1":"3015db0b3762639125869d54daaad1d2da1f901f","sha256":"0ccc993ae24f5e77ae9a53110f587e927a6d4fd60d4e4fe8b08509dad0264c1e","sha512":"9449c7272cfed577e25460f23fa4946cabb573c2862edf753f6840975d4442c67bcab2bbfa1f8cdae155cf1a45a0a368dce15434dda6bc9659ddb9555c0c1423","ssdeep":"","tlshash":"b2812a89bd21ed5068c9be08b4e9815a63bb47d85a81d086fcdeda430e611bfcd08986","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.85299Z","times_seen":310,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":875,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/js/layer/skin/layer.css","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:11.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/js/layer/skin/layer.css HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:12 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-36e0\"\r\nexpires: Thu, 23 Apr 2026 06:26:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hQNofjJDfyHBjUDnlV%2FSfgfdIrqUTJyJZjuV7feuPcONbSHQz9wWltI3ADtQsLtDnhn%2B4Wz88tDSnsQMAoC6OlTroT4NH%2Bd1bx8FX3mdpm4LhWqVS2r6%2FnwpgWhqEEgshg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae5ace661a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14048,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (13967), with CRLF line terminators","md5":"1673a003559ea1607dd77e6467a4baed","sha1":"954f4afa17e3d1c057101e62950f6c9506245550","sha256":"9748f440829e0b76d70f344e9c989f6d2302eba81aeea03211d40ef5f29fe62a","sha512":"5f9b8254fe18cdc329ca87a4852b7cb5520dcf3c406c5b3d755e99d0e7ddd618cd5ca2b455868ae14d896431cea2252b60d79d5fdd9e404a1fb8685a05ceb955","ssdeep":"192:9OcW0PmLeWVNrzztBm0T9zBKgwBnsY5Cb+RX:9PW0ijV1JbTyGY5CGX","tlshash":"1c5202e144811299b0278611d6dcbeba32f88d53e5630dbef2573c1f874c6dba2b6247","first_seen":"2025-04-07T11:37:37.344268Z","last_seen":"2026-04-22T18:28:09.609875Z","times_seen":3191,"resource_available":false,"data":null}},"time_used":888,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":888,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a415b40951f.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a415b40951f.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:50:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a415b3-177a\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t8ro%2FpBUaD2%2FYl8Nf0g2ljaFOThTAtuucZGMAWac1wpauLWzbIjK8n7J9JLlSMNThy%2FxGdVfFiJqFLtHLJJSDQ%2Fv03dG6Ql8xbiUkfXU4zSDTirT0aTweTn%2B0Y21q8KdpA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b231a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6010,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit gray+alpha, non-interlaced","md5":"4936e9ce7cdbe856a7ec5f22c5ed3848","sha1":"b2da690c8a89767c0bcde9e0d357e17d6587c9a7","sha256":"9c0923720036ad299778208a3e0ff459668d917f9262bfe6b94547b785960947","sha512":"69f8571d17c7d57e9e9ec2a537be718e741c71ce7d2f6433cd515465b514409f0e10ac83f7c1928655d07b3f27f5ec4d1d7ed2701934e28c9c296c00d1e5d010","ssdeep":"96:lc6tK6EXUHGbzVBl38cM+onKUGKLPSqIrNg9BWXG12nUlyJgYZzy8bmO+:rtDmHtRoHPatmBsvUlac8Z+","tlshash":"9cc19e8be58c6058d742cb11babfcf01acc40db757fe48257621dda1a12848ba541b6b","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.835075Z","times_seen":306,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":886,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.staticfile.org/pako/1.0.10/pako.min.js","fqdn":"cdn.staticfile.org","domain":"staticfile.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.669Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /pako/1.0.10/pako.min.js HTTP/1.1\r\nHost: cdn.staticfile.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T23:09:24.873355Z","times_seen":14078528,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":297,"dns":0,"connect":206,"send":0,"wait":0,"receive":0,"ssl":234},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"cdn.staticfile.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/ios_down.e011cb37.svg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/ios_down.e011cb37.svg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/Public/Home/static/css/base.css\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:10 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-2edd\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BCcmeF7z8MAnoMh9CF%2BVpkWAKzhFUFJxf0akV5eEaiWfeTRG2PkWV8FmXQaOoNC%2FnpB5Q%2FbWFJEKg6IBAdF%2FiEaXM%2Fiua0fNSPAYug2Wi239Drha1aB2BfL9K4ho4Ok%2B7Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae52bcf71a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11997,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e011cb37e1cdc749fa40e455f952c628","sha1":"c102a94a6beb0a26de83c2e21ab6ab409f265e88","sha256":"5b8c67057adbf739c8bbe363ef30d3e57638991690cd9930aa237e5b408849ac","sha512":"a92a160de1026815ca8078f6cc059fb8fba29284a5c792295a9755e8f6e3c10ae138c90b0cac9774f35cdf430106e4a7ccb5c88729e9750e867cf826479001fa","ssdeep":"192:sb39cIK/24cUfDfcFDOlozy6RWSmwQn0F3TRe3nclNXAJdlIPprWl:2mIK+OrcFKozy6RrIni+nKNXAXlI0l","tlshash":"9b3255f79354c0c4791e99e5cc3f1ae93a0ef0fb9a81a08832ade841e753ddd865ad44","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.843253Z","times_seen":4087,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.staticfile.org/jquery/2.1.1/jquery.min.js","fqdn":"cdn.staticfile.org","domain":"staticfile.org","tld":"org"},"ip":{"addr":"134.122.173.178","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:09.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"staticfile.org","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Thu, 02 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"58:76:03:0C:93:D1:CD:E1:B0:EC:46:C0:4E:0B:04:86:E4:80:3B:93","sha256":"20:3D:7B:D4:00:D1:45:86:5F:27:E9:99:0E:00:64:64:58:38:47:BE:A5:CE:E8:D4:04:AF:81:88:25:F2:0A:01"}}},"request":{"raw":"GET /jquery/2.1.1/jquery.min.js HTTP/1.1\r\nHost: cdn.staticfile.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With,token\r\naccess-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\ndate: Wed, 22 Apr 2026 18:27:10 GMT\r\nexpires: 0\r\npragma: no-cache\r\nserver: nginx\r\nx-cache: BYPASS\r\nx-cdntype: readnode-007\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84280,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32061)","md5":"d021c983bd6e7291b43a5cc1fb2ebe99","sha1":"ffe47a16e4b1550ddfba3577cc9cc9fdc8643aff","sha256":"c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079","sha512":"0b01d408ae79a4e3630f1bcf6507aec0aa71a2cf263f212ff601ae582f15af4df9ec9dae5e0d4fc9c1833cd0fd1207689121531ba920480a680e3f4e336da4b3","ssdeep":"1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa9G:7NMnJiz6oAQKP5a98HrB","tlshash":"5983d6d9b6c27062977734b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","first_seen":"2023-03-07T12:01:55Z","last_seen":"2026-04-22T18:28:09.598179Z","times_seen":9905,"resource_available":true,"data":null}},"time_used":1492,"timings":{"blocked":599,"dns":2,"connect":280,"send":0,"wait":293,"receive":0,"ssl":315},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"cdn.staticfile.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"api.huobi.pro/ws","fqdn":"api.huobi.pro","domain":"huobi.pro","tld":"pro"},"ip":{"addr":"52.84.50.36","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:11.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.huobi.pro","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 31 Dec 2025 00:00:00 GMT","end":"Fri, 29 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"69:35:B9:AB:4F:A6:C7:06:A5:72:1D:79:81:3C:B9:B0:06:A5:0F:4C","sha256":"D7:AC:0A:77:F0:31:1F:86:F8:2B:30:5F:1C:6A:36:0A:55:A5:C7:95:07:48:70:4A:F3:1C:4C:F1:B1:90:53:1F"}}},"request":{"raw":"GET /ws HTTP/1.1\r\nHost: api.huobi.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://holding999.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: FM6SdYSLepakBUAW9B6oTg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nConnection: upgrade\r\nServer: openresty\r\nDate: Wed, 22 Apr 2026 18:27:11 GMT\r\nupgrade: websocket\r\nsec-websocket-accept: qt2EL3K6DT5250m5WVf/3UZ26BE=\r\nRequest-ID: 3680485e7c13dbde4a86904a0f125cac\r\nX-Request-ID: 86463dc1e614aea59392b24aafd7b222\r\nX-Cache: Miss from cloudfront\r\nVia: 1.1 1ad6d29ff66cbe7838d3a30dae2f9382.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: YavBvyNm9oscueCtT4xE1wXBU3l_HGDkT02BunK80GvDQo95c6HvnQ==\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T23:09:24.873355Z","times_seen":14078528,"resource_available":true,"data":null}},"time_used":746,"timings":{"blocked":-1,"dns":12,"connect":12,"send":0,"wait":716,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/xm/mbn.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /xm/mbn.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 06 Nov 2022 12:37:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6367aa76-4287\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YwkFuOfESS9rJPG1YNIoJtemajOVNifk4h0LWbtDlJ6eATsSLMOB7BEPH7JHQPOR7ElUVPdnr96fwf2C1PjkXrLX8LtbFTNNKMSvOAev9VHrYJUkKSDYSlYBFy4B%2BVYdfA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb0d1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17031,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1181, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1181], progressive, precision 8, 200x200, components 3","md5":"0b20cefbeefbedd80e49d8a58d77cf46","sha1":"290ca4efba0fce95a331d716e4a56c93fe576949","sha256":"cfed7f3aa25627c440f85b40b142c87eee4e25eb898d1d3549e6c25b34d19e9b","sha512":"88133ce89aa9c0c334c4148e0f265a9b8a485e30e3c5d9aa677225954d2e4b76d292342101486053533bdaea79f84b61c9ac28ddca7bec2e257155b6bd015b49","ssdeep":"192:IH5o6A9mn+82b28y4lFqJH5o6A9mn+82U9kn91hc+1GMSCjr1LUilTgcQJ9eZ:O5OMjPic5OMxenBc+Idi9U8gcQJe","tlshash":"74722a353b0adea3e4e5453c1e54c645f332ae85956f636178cd28aabf32f920ce5306","first_seen":"2023-07-05T14:45:42Z","last_seen":"2026-04-22T18:27:36.846037Z","times_seen":1483,"resource_available":false,"data":null}},"time_used":889,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":888,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/68281491632cb.jpg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/68281491632cb.jpg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 17 May 2025 04:46:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68281491-2bde\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MduXdXzqZOmCZ9%2BHcbkLFo9pK%2Buim%2B95lOn9sL7ONAKGcHthwvKUgX73E8sfF2kEXgIYz3sFkiJ4ISAb8UKO2hDYYJm9t3O1vsnmVizFKaWCMJclnzRy6yt07IssfM1aGQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb091a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11230,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 265x212, components 3","md5":"00e2b5830c7ad3a1bec9d33e58d66000","sha1":"4a136b77725ba7ac875a75dc3ba86d61f0a340f9","sha256":"27d7cef62c8fbff69d2fdade2784f6e2724e2c3b218022832d02683a182366b6","sha512":"5e47aa0576db513261ca6ffb208044293e3f13b765e7b941f95a36b2c0113061bc796dacd6ef71af18cf5ae025e6954c2aa10b4e75e89bd7ef31583af0bebc09","ssdeep":"192:W2IVKGKSHU8bSlu5fcoc1svenlkkKgVBOg6PYrS7tQVnLZb0zERu9cW1SvCKC:WDAGFHU88yfcoc+Qki0Yr8MnLZJuxYvO","tlshash":"c732bfc01289025acf715fbf404e5536809d7b9e38ab94f25285e1efa5b016c38ac68b","first_seen":"2025-05-27T11:22:28.181634Z","last_seen":"2026-04-22T18:27:36.827491Z","times_seen":30,"resource_available":false,"data":null}},"time_used":1183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1182,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/app/static/code.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /app/static/code.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-824\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8oDkf%2FfN7PmxCqPxkU8a3iZ%2BOgwNsF217fbGTc9DPKvlXeSafQWIz2CxVfHBG8nx4P3wF6vSu%2BQYnZvkAkJKc6%2FwMea061vzZfFgDWs2cuv0Dtr0an0Fl5486AA2iKtXSA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae49fb041a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2084,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced","md5":"e771e33040933912f595c33752841f1a","sha1":"21f3508cf8de50fd51a039bb4739359c3e3c449e","sha256":"e5e16fdded488d9d391073c321eb1e994fd8d15e4ad06026023d3b236e683a63","sha512":"277ba147c18260ce2ff637ddd47e04e0a3f293b5d5ebe940fdbb26e329571487507c946d9e8b39b68b15b434c671ca2ae0c36991190c655fb6e1bf68d65405a8","ssdeep":"","tlshash":"db414e64a1c129686331a9df9acb87bff96a40e2fc6c14f59101011c9ad087dfd8637e","first_seen":"2023-07-05T14:45:42Z","last_seen":"2026-04-22T18:27:36.849126Z","times_seen":984,"resource_available":false,"data":null}},"time_used":893,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":893,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a41737dff08.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a41737dff08.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 12:57:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41737-caf\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uYFiReTFv2CFUdekfBJH8w1SLf6HdDuJzrBqBCoofsNNvUgF3qlulLVLRqRoK7ujf461Ielytz96nq%2FB%2BjF66kbIMyP6Xvm%2B3VxzzCPvcWMi8kgdEPnAf3u6CGXWB5%2FBqQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b0f1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3247,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"5f95cc3d78f8210ea33a41f1762ce349","sha1":"6b7605354e209704ac2e7983191949203778f43f","sha256":"e4b49493e3653b5054c36f3408eb391984e240b5d45c8de13c9ceb618d2f061c","sha512":"c0b534d2905d8b9a38bbc9148e59a2daa1adaab06c598a04240fb656ec2663201e67816be71a96b4064273caed093df76306f75adc827cb74c7c91f6a85efe55","ssdeep":"","tlshash":"a5614c82b6d02ecf891c12abc1a49d65be15a48477f4bfd9a33cebbd374466085c5807","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.823958Z","times_seen":308,"resource_available":false,"data":null}},"time_used":866,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":866,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Upload/public/64a41839f3bcc.png","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Upload/public/64a41839f3bcc.png HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 04 Jul 2023 13:01:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64a41839-9d7\"\r\nexpires: Fri, 22 May 2026 18:26:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bRLu4NY5jkflK0vG%2FJujirqDlPCEB%2FVowC9dxyUPt9myhUKYyz4klsB1LVthM5E%2BAFEat35hzoz%2F4AYYRR3AkKqWmKW9Huu036NTWMXVGYmlxXggYivStOyb6z1EBFPF5w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a0b131a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2519,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"a03619972ff888a05a5a19942843794e","sha1":"2fe6d08c86652dc2b34cb5e464f09e810f85d1ca","sha256":"e747db69edf1d71fcd572d00989881ba7991e48e6e3986e42484a6e68d098bc5","sha512":"0a8749766444a08bd90140c23bb36255ec2a1f22ac3fd82138faa33a3055cd463fd3c9032d74984989398725e8b86e1ae4871989351b14730741a068c0e5172e","ssdeep":"","tlshash":"ad5107f591f0ad6a25f256a5c1a48738f933b4667b470d92f424f87981d82c8417c981","first_seen":"2023-10-30T22:30:25Z","last_seen":"2026-04-22T18:27:36.853541Z","times_seen":307,"resource_available":false,"data":null}},"time_used":892,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":892,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/imgs/icon_contract.svg","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/imgs/icon_contract.svg HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-487\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PifKY73yEkiA26u%2Fb8tAz601MinbeavoO376zLaPAYcpydhrc5tVxBeNcpix2H2dVdn3kwzwTak8JCzhiMJfnqopg5wTH%2Bnz0rVGa70hDOUfkAhqFWlcGsNjfxdEpW%2BWvg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a1b261a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1159,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8be2edf2728aa394553b4fd9a44471f0","sha1":"1afec38a2c761fbd902e1de55d280424335aeeca","sha256":"306f962a6980e05ac92e3e8d3b1818e864f5557237541ab81cf2a15c44a190aa","sha512":"cd25567c0782132f9dcf858b252b11d1343a57a747b1bdbb7094b31baa1074528bc86fafeb66ac71997b4f4ae50e20c56373774f0f79fbf4b2ed339be8000ed4","ssdeep":"","tlshash":"b421ce69623543b9f04a82b212c9f47f353e06d8f1cb44c9e5671e20206e82ebca96c3","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:36.855818Z","times_seen":2549,"resource_available":false,"data":null}},"time_used":918,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"holding999.com/Public/Home/static/js/jquery.SuperSlide.2.1.1.js","fqdn":"holding999.com","domain":"holding999.com","tld":"com"},"ip":{"addr":"172.67.144.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://holding999.com/","date":"2026-04-22T18:27:08.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"holding999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 06:35:10 GMT","end":"Tue, 23 Jun 2026 06:35:09 GMT"},"fingerprint":{"sha1":"88:AF:D5:6A:E8:25:EB:BF:90:B3:11:AB:57:AA:9E:DF:CF:3C:30:04","sha256":"4C:4B:33:C2:C1:74:22:BA:7B:26:26:03:3B:E4:5D:EE:C4:57:DB:7E:0E:01:5B:B2:80:BB:B6:C5:C2:4C:EB:D9"}}},"request":{"raw":"GET /Public/Home/static/js/jquery.SuperSlide.2.1.1.js HTTP/1.1\r\nHost: holding999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://holding999.com/\r\nCookie: PHPSESSID=l90e30m1k3tcgf9moksko7g992\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 22 Apr 2026 18:27:09 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 29 Nov 2022 11:06:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6385e7cc-2c9e\"\r\nexpires: Thu, 23 Apr 2026 06:26:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NFkXVM0FOBJjyrhBf5qf5TXFlL7NIis%2FF%2FhAyaf6j5hTqIr%2Bsmk4eyZnds%2FSi5Y6aUY6EGB5BvLqp3%2BdBcm6gqasG9Fga3T%2BEm2c%2BXood72ztmetZnGbupqjKmS2Sbtj3g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f06ae4a4b2f1a30-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11422,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10855), with CRLF line terminators","md5":"0b9bc63ab05e21e3830da5bbb4ccee67","sha1":"d162156bdaf14217d76d920e0e57b86d8feb1d97","sha256":"349e46b2c65028736d0bbff7b829c7fc6fbdebc1fb1e8b12365a0ca2e6e9e848","sha512":"bdfa220da1f08e29f05a9984c4999d7e742bea10ad86b7e497a0d112c7992cc52b7f1e9f5430b4286f14bb2336110f85cbdc3164a92121caaf5c91961f7e69c9","ssdeep":"192:j+K3bxH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:jNcnqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"9532c65fb66635ca4597b3f1107f940d222b5965fc8a8ca0b17082c0adb9a1c243bfed","first_seen":"2023-04-05T11:06:31Z","last_seen":"2026-04-22T20:40:29.730152Z","times_seen":13308,"resource_available":true,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"holding999.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}